Feedback by UserVoice

I suggest you ...

Restrict app permissions to scopes (required by large organizations)

If my app gets permission to access "calendar write", I can modify ALL mailbox calendars.
Large organizations would love to restrict Apps just for specific objects, like my app only can write to calendars of users *@contoso.com or of users that are member of security group "Contoso" or similar...
Any plans on that topic?

28 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Toni Pohl shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Martin Kolb commented  ·   ·  Flag as inappropriate

        Especially for germany this has a huge impact, since I am not able to get a consent for an app permission that can read all private calendar events of everyone in the organization. The work councils of our customers will never allow such a piece of code.
        The administrator needs to have the granular option to restrict permissions on a calendar similar to delegated permissions on a shared calendar (free busy / title only / … ).
        Currently, we are running with a service account, but this has bad side effects: It consumes an exchange online license, and currently it's not possible to create Graph subscriptions for shared calendars within the user context.

        Thanks in advance!

      • Jim commented  ·   ·  Flag as inappropriate

        I am looking forward the restriction of app permissions. Usually, in real world, app read/write whole company/organization's data is not accept by admin and i really understand admin since nobody likes exposing his emails/calender/tasks to a "unkonw" app for him.

      Feedback and Knowledge Base