Microsoft Graph API : Restrict scope of calendar.readWrite

Question

Ref: Microsoft Graph API : Restrict scope of calendar.readWrite and Audit mailbox access by Application Permission

Same issue here...are there any other solutions besides limiting to a specific email or security group.

Our issue is having the app permissions Calendars.ReadWrite. The main concern is that sensitive attachments are accessible via the API. Is there maybe a way to block specific http requests? Or other way limiting access to such sensitive information

For app permission, there's no other way to limit the access to specific url or your attachments. Is it possible for you to use delegate api permission here? As delegate permission is restrict to specific user. — Tiny Wang, Sep 17 '21 at 09:28

score 0 · Answer 1 · answered Sep 17 '21 at 09:40

At this point we do not find any way to block specific http requests on your attachment.

By Default when using the Calendars.ReadWrite as a App Permission it allows the App CURD events of all calanders without sighin. Provide access to the data in the entire tenent.

Best Practice is to Stick with least privilage permissions.

Try to Use Calendars.ReadWrite.Shared delegated permissions to your AAD application.

Microsoft Graph API : Restrict scope of calendar.readWrite

1 Answers1