Restricting the group.read.all permisson

Aman Jha 21 Reputation points
2021-08-09T10:30:02.787+00:00

Hi,

A developer want to read data of certain groups from Azure ad for that he want's the group.read.all application permission but as an administrator I don't want to give this permission to him as this permission will not only expose the groups he want to read but also all the other groups in the ad.

Is their any way so customize the graph API permission so that he could only access the data of certain groups?
or any other suggestion is welcome.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,447 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Diana Wanjuhi 1,376 Reputation points
    2021-09-09T12:56:49.357+00:00

    Hello @Aman Jha Thank you for reaching out. To my knowledge, there isn't currently a way to restrict the permission to certain groups once the group.read.all permission is granted, would you consider filing a feature request on the M365 Developer platform so we can look into this?

    Let me know whether this helps and if you have further questions,

    Diana.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.