Menu
What is the minimum set of permissions require in AAD App to access graph API -checkMemberGroups ?
Here are the list of permissions I tried with. Can this set be reduced any further? And am I missing any mandatory permissions?
Delegated Permissions -
Microsoft Graph API
Read all users' full profiles
Read all groups
Access directory as the signed in user
Sign in and read user profile
Windows Azure Active Directory
Read all groups
Access directory as the signed in user
Sign in and read user profile
333
If you're calling the Microsoft Graph Security API from a custom or your own application: The Azure AD tenant admin must explicitly grant consent to your application. This is required both for application-level authorization and user delegated authorization.
Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph.
Select Azure Active Directory > App registrations, and then select your client application. Select API permissions > Add a permission > Microsoft Graph > Application permissions.
If you were developing checkMemberGroups with Microsoft Graph, there is no need to config the corresponding permission for the Windows Azure Active Directory.
And to call the this API, if you have granted the User.Read.All, there is no need to grant other three permission. As the document mentioned that One of the scopes is required.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
