Apply Teams Cs-ApplicationAccessPolicy to Groups

Jacob Miller 31 Reputation points
2021-09-15T19:25:34.553+00:00

We have an integration setup with Graph API that leverages OnlineMeetings.ReadWrite.All Application-level scope so that clients can schedule Teams meetings through our platform. While developing a few months ago, due to certain complexities within our application, we chose the Application-level scope instead of delegated.

Today, we are working with a couple of our clients to start using this integration and both have expressed concerns about this scope (and subsequent CsApplicationAccessPolicy) granting permission to schedule Teams meetings on behalf of ANY of their AD users. They are requesting that this can be limited to certain users within their respective companies.

From research, I've found that the CsApplicationAccessPolicy can either be granted globally or to specific users for Teams. Is there a way to assign the policy to a group instead of specific users? Alternatively, is there a way to restrict the integration/Graph API to work for specified groups only?

We cannot request clients to assign the policy to specific users, and maintain that list for each new/future user that gets added to their AD.

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,371 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,051 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,963 questions
{count} vote

Accepted answer
  1. ChetanSharmamsft 1,026 Reputation points Microsoft Vendor
    2021-09-16T11:17:21.433+00:00

    @Jacob Miller - Graph API can work either on delegated permission or Application level permissions as mentioned in below documentation:
    https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http#permissions

    We can not control the API to call on group level permissions.

    0 comments No comments

0 additional answers

Sort by: Most helpful