'Limit service principal to only manage membership for a single security group?
I want to manage group membership for a single group in an automated way. My AD administrator has created an app & service principal, but is hesitant to give it GroupMember.ReadWrite.All permission. This permission seems to give ability to manage membership for all groups.
Is there a way to limit permissions or scope to manage membership to a single AD security group?
Solution 1:[1]
I think currently this is not possible because, Most of the Graph permissions are tenant-wide, without a way to restrict them in scope.
such as the app access policies we have in Exchange Online: Application access policies
Hope this is Helpful.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Mehtab Siddique |