Check if you're using excessive Microsoft Graph API permissions
Microsoft Graph exposes hundreds of endpoints that allow you to tap into data and insights in Microsoft 365. To use these API endpoints, you need to request a correct set of permissions.
A common approach to security is to apply the principle of least privilege (PoLP). This principle applies to users, processes and programs.
To check if your app is using more permissions than it needs:
- Enable the
MinimalPermissionsGuidancePluginplugin. - Start recording.
- Use your app to issue requests as normal.
- Stop recording.
Dev Proxy returns a list of permissions scopes that are unnecessary in the activity summary based on the intercepted requests.
For example:
Evaluating delegated permissions for:
- GET /me
Permissions on the token:
AllSites.FullControl, User.Read
WARNING: The following permissions are unnecessary:
WARNING: AllSites.FullControl
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for