Limit permission of enterprise application azuread

hiennv10 1 Reputation point
2022-07-08T02:59:47.66+00:00

Hello everyone

Our organization deploy Jira SaaS app for some users/group , the application requires User.Read.All & Group.Read.All application permission. With Application Permission, the application can access information of any user, group in our organization but the application only uses by some user/group.

To mitigate risk, can you advise us about solution to decrease permission grant to application?

Thanks,

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,049 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 113.8K Reputation points MVP
    2022-07-08T08:33:08.577+00:00

    There is no universal method to limit application permissions, they apply across the entire directory by design. Some workloads (Exchange Online and SharePoint Online) do offer in-product controls to limit access, however those only apply to the specific workloads.
    In your scenario, I'd suggest using delegate permissions instead and limit access via Administrative units.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.