Restrict Azure Application to have access only to one specific SharePoint List

Viktor Meglenovski 5 Reputation points


I am trying to restrict the access of an Azure Application to one specific SharePoint list from one specific SharePoint site.

I have an Azure Application which has Application permissions for Sites.Selected and the new Lists.SelectedOperations.Selected permission.

Then I followed the instructions provided here:

I sent the following request with an authentication token retrieved with the CLIENT_ID, TENANT_ID and CLIENT_SECRET from the Azure App.

Content-Type: application/json

  "roles": ["read"],
  "grantedTo": {
    "application": {
      "id": "{appId}"

This request returns status code 201 and says that the permission is created, but when I check using


the new permission is not saved there. Moreover, even though I have the Lists.SelectedOperations.Selected permission, I have access to all the lists in specific Site.

I am not sure whether there is something that I am doing wrong, or I am missing some steps in the process.

Any help is appreciated.

Thank you!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,367 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Vasil Michev 100K Reputation points MVP

    Afaik Microsoft is still in the process of rolling out this functionality, so not everything works currently. Wait for the official announcement/blog post.

    2 people found this answer helpful.