![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 45%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | SharePoint Server | For business
A family of Microsoft on-premises document management and storage systems.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 19%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the below link.
Thank you for posting your question in the Microsoft Q&A forum.
Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources.
Which means Microsoft Graph does not communicate to SharePoint Server (on‑prem) directly.To restrict a user from using the SharePoint On-Premises REST API, you cannot block the REST API directly (it uses the same permissions as normal SharePoint access). Instead, you must control access by adjusting permissions or limiting endpoints.
- Like you mentioned, you can break inheritance or remove Permissions on the Site / List / Library If a user has: No access to a site → REST cannot read it, Read-only access to a list → REST can only read. To do that, go to Site Settings > Site Permissions > Remove user/group or change them to read-only. If needed, break inheritance on specific lists/libraries and remove permissions there
- Create a custom permission level without “Use Remote Interfaces” permission. This permission allows REST/SOAP/Client Object Model calls. access - Permissions check box "Use Remote Interfaces" when unchecked prevents users from…
- If you want to block it fully, in IIS: Select the SharePoint web application > Go to Request Filtering Block URLs containing: _api/ _vti_bin/client.svc or use IP Restrictions to block users from certain IP ranges. Please note it will affect all users.
Please try and let me know if it works for you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
