There is no universal method to limit application permissions, they apply across the entire directory by design. Some workloads (Exchange Online and SharePoint Online) do offer in-product controls to limit access, however those only apply to the specific workloads.
In your scenario, I'd suggest using delegate permissions instead and limit access via Administrative units.
Limit permission of enterprise application azuread
hiennv10
1
Reputation point
Hello everyone
Our organization deploy Jira SaaS app for some users/group , the application requires User.Read.All & Group.Read.All application permission. With Application Permission, the application can access information of any user, group in our organization but the application only uses by some user/group.
To mitigate risk, can you advise us about solution to decrease permission grant to application?
Thanks,
1 answer
Sort by: Most helpful
-
Vasil Michev 113.8K Reputation points MVP
2022-07-08T08:33:08.577+00:00