SharePointOnline.CSOM AAD App Registration - Delegated Permissions

Evan.Bonnett 21 Reputation points

Hi all, I'm trying to use Microsoft.SharePointOnline.CSOM for .NET Standard. In reading the documentation here:
I see that I need an app registration in AAD with delegated permissions. In the documentation, uses allsites.Manage as the permission to assign. There is no way that the platform group is going to assign my little app permissions to manage all sites within the organization. Is there another way? Certainly there must be a least-rights approach. Anything you can tell me to help me get the bearer token would be appreciated.



A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
7,045 questions
0 comments No comments
{count} votes

Accepted answer
  1. Michael 17,921 Reputation points

    Hi @Evan.Bonnett ,

    For delegated permissions, the effective permissions of your app are the intersection of the delegated permissions the app has been granted and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user.

    Besides, AllSites.Manage permission doesn't require admin consent. So you could register an app as a normal user and give it allsite.manage permission. As the below:


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Michael 17,921 Reputation points

    @Evan.Bonnett ,

    Is there anything update? Have you solved this issue?