Restricting Application Permissions in Azure AD

Chaitanya Kale 40 Reputation points
2024-12-17T14:08:33.77+00:00

Is there a way to ensure that an application has access only to its specific permissions in Azure Active Directory, rather than the broad Application.Read.All permission that grants read access to all applications in the tenant? If this is not possible, can it be confirmed that this remains the limitation as of now?

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,696 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,810 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,910 questions
{count} votes

Accepted answer
  1. Vasil Michev 111.9K Reputation points MVP
    2024-12-17T17:07:44.5+00:00

    If the idea is to restrict access to specific applications only, this can only be done via custom roles (see https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/quickstart-app-registration-limits). Graph API permissions cannot currently be restricted. It's something Microsoft is exploring for the future.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.