This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 46%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
We have an integration setup with Graph API that leverages OnlineMeetings.ReadWrite.All Application-level scope so that practitioners can schedule Teams meetings through our platform. we have concluded the the Application-level scope instead of delegated.
We have a requirement to allow that permission ( CsApplicationAccessPolicy) only to a security group rather setting up for individual users.
From research, I've found that the CsApplicationAccessPolicy can either be granted globally or to specific users for Teams. Is there a way to assign the policy to a group instead of specific users? Alternatively, is there a way to restrict the integration/Graph API to work for specified groups only?
The cmdlet supports group assignments via the -Group parameter, have you tried that? Alternatively, you can expand the membership of the Group and run it against each individual member:
Get-MgGroupMember -GroupId xxxxxxx | select Id | % { Grant-CsApplicationAccessPolicy -Identity $_.Id -PolicyName "policy name" }
Not this command. let me try
I checked the -Group command. It worked. Thanks
Grant-CsApplicationAccessPolicy
[-PassThru]
[-PolicyName <String>]
[-MsftInternalProcessingMode <String>]
-Group <String>
[-Rank <Int32>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]