Limit application permissions to a tenant subset of rooms

Riccardo Suardi 21 Reputation points
2023-11-28T10:13:31.16+00:00

Our platform offers an integration to synchronize outlook rooms meetings from a 365 tenant. We allow our customers to map rooms from their tenant with our platform's rooms through an entra application, which requires admin consent permissions such as Place.Read.All, User.Read.All, Calendars.ReadWrite.

A new customer security policy requires to not expose all rooms in their tenant to external applications, the aforementioned permissions cannot be granted, is there a way read/write only on a subset of rooms (maybe manageable by a service account), without the tenant admin permissions?

Thank you

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,409 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,068 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,383 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 100.1K Reputation points MVP
    2023-11-28T16:03:57.0933333+00:00

    You can limit access via Application access policies, or the newly introduced RBAC for apps feature: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-role-based-access-control-for/ba-p/3688228

    It allows you to scope access based on management scopes in Exchange, or Entra ID administrative units. Both can be scoped to include only a subset of the rooms, as needed. If you need a more detailed writeup on the method, I have one here: https://www.michev.info/blog/post/4282/exo-rbac-improvements-1-limiting-application-access

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Saurabh-MSFT 0 Reputation points Microsoft Vendor
    2023-12-01T17:02:32.18+00:00

    Hi Riccardo,

    Thanks for posting this in Q&A.

    Please let me know if you still have any questions.

    Thanks

    0 comments No comments