Limit the scope of Azure portal app permission

Suhani Bhargava 0 Reputation points
2024-09-25T18:45:42.9433333+00:00

Hi, I am a Salesforce developer. I am working on a use case trying to access get a user's outlook availability through microsoft graph api. I created an application on azure portal and am using client credentials to generate access token and then trying to access the getSchedule api for a user. While giving api permission on the azure portal app, we are not able to give specific user's / calendar access to the app, instead there are only readAll permission for both users and calendar both objects. Can we limit the scope of ReadAll and limit it to a specific set/group of users.? Also . if its possible we can also connect on a call to discuss the use case . Thanks

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,002 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 105.7K Reputation points MVP
    2024-09-26T07:10:51.43+00:00

    By default, application permissions are tenant-wide, you get unrestricted access to all resources you've been granted permissions for. It's usually best to run in the delegate permissions context instead, where the effective permissions of your app will be limited to what a given user can access.

    That said, for the Exchange scenario application permissions can be further restricted as detailed in this document: https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.