Restrict Microsoft Graph Api results The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Come Celebrate our 10 Year Anniversary!How to manage on-premise servers using Azure AD credentials?Azure AD; no global adminCustom permissions (RBAC) to access specific Azure AD bladeAzure AD Users logging into Remote Desktop ServerWindows 2016 Server on site domain join with Azure ADMicrosoft Graph App sign in with different tenant not possibleLocal username Windows 10 Azure AD Microsoft 365O365 Group Based Licensing not WorkingAzure AD migrating from cloud to on-premisesCan I manage an Azure Active Directory (AD) guest user's multi-factor authentication (MFA)?
Who or what is the being for whom Being is a question for Heidegger?
Does Parliament hold absolute power in the UK?
How long does the line of fire that you can create as an action using the Investiture of Flame spell last?
how can a perfect fourth interval be considered either consonant or dissonant?
Finding the path in a graph from A to B then back to A with a minimum of shared edges
Can smartphones with the same camera sensor have different image quality?
Match Roman Numerals
How to copy the contents of all files with a certain name into a new file?
How does ice melt when immersed in water?
Did God make two great lights or did He make the great light two?
Am I ethically obligated to go into work on an off day if the reason is sudden?
Make it rain characters
Did the new image of black hole confirm the general theory of relativity?
How do I add random spotting to the same face in cycles?
Single author papers against my advisor's will?
Was credit for the black hole image misattributed?
Why did all the guest students take carriages to the Yule Ball?
What aspect of planet Earth must be changed to prevent the industrial revolution?
Python - Fishing Simulator
How to stretch delimiters to envolve matrices inside of a kbordermatrix?
University's motivation for having tenure-track positions
Why is the object placed in the middle of the sentence here?
How do you keep chess fun when your opponent constantly beats you?
Take groceries in checked luggage
Restrict Microsoft Graph Api results
The 2019 Stack Overflow Developer Survey Results Are In
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Come Celebrate our 10 Year Anniversary!How to manage on-premise servers using Azure AD credentials?Azure AD; no global adminCustom permissions (RBAC) to access specific Azure AD bladeAzure AD Users logging into Remote Desktop ServerWindows 2016 Server on site domain join with Azure ADMicrosoft Graph App sign in with different tenant not possibleLocal username Windows 10 Azure AD Microsoft 365O365 Group Based Licensing not WorkingAzure AD migrating from cloud to on-premisesCan I manage an Azure Active Directory (AD) guest user's multi-factor authentication (MFA)?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
A service provider is currently implementing Azure Active Directory login for the client application we are using. They plan to create application user accounts for our AAD users and give them application permissions depending on their AAD group memberships.
For that they registered a multi-tenant Application in Azure AD which I will grant permissions in our Directory.
To be able to fetch groups and users from the customers directory the App needs the following permissions for Microsoft Graph Api:
- Group.Read.All
- User.Read.All
But, as only some of our users will use the application and only some of our security groups will be used to control access to the application I don't want the application to get information about all our groups and all our users.
Is there a way to restrict the Graph Api result to only a defined subset of the objects available in the directory?
Or is there another Api they should use instead of Microsoft Graph Api to request that information?
azure-active-directory microsoft-graph
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
A service provider is currently implementing Azure Active Directory login for the client application we are using. They plan to create application user accounts for our AAD users and give them application permissions depending on their AAD group memberships.
For that they registered a multi-tenant Application in Azure AD which I will grant permissions in our Directory.
To be able to fetch groups and users from the customers directory the App needs the following permissions for Microsoft Graph Api:
- Group.Read.All
- User.Read.All
But, as only some of our users will use the application and only some of our security groups will be used to control access to the application I don't want the application to get information about all our groups and all our users.
Is there a way to restrict the Graph Api result to only a defined subset of the objects available in the directory?
Or is there another Api they should use instead of Microsoft Graph Api to request that information?
azure-active-directory microsoft-graph
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
A service provider is currently implementing Azure Active Directory login for the client application we are using. They plan to create application user accounts for our AAD users and give them application permissions depending on their AAD group memberships.
For that they registered a multi-tenant Application in Azure AD which I will grant permissions in our Directory.
To be able to fetch groups and users from the customers directory the App needs the following permissions for Microsoft Graph Api:
- Group.Read.All
- User.Read.All
But, as only some of our users will use the application and only some of our security groups will be used to control access to the application I don't want the application to get information about all our groups and all our users.
Is there a way to restrict the Graph Api result to only a defined subset of the objects available in the directory?
Or is there another Api they should use instead of Microsoft Graph Api to request that information?
azure-active-directory microsoft-graph
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
A service provider is currently implementing Azure Active Directory login for the client application we are using. They plan to create application user accounts for our AAD users and give them application permissions depending on their AAD group memberships.
For that they registered a multi-tenant Application in Azure AD which I will grant permissions in our Directory.
To be able to fetch groups and users from the customers directory the App needs the following permissions for Microsoft Graph Api:
- Group.Read.All
- User.Read.All
But, as only some of our users will use the application and only some of our security groups will be used to control access to the application I don't want the application to get information about all our groups and all our users.
Is there a way to restrict the Graph Api result to only a defined subset of the objects available in the directory?
Or is there another Api they should use instead of Microsoft Graph Api to request that information?
azure-active-directory microsoft-graph
azure-active-directory microsoft-graph
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 9 at 9:34
Florian K.Florian K.
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Apr 9 at 9:34
Florian K.Florian K.
1
asked Apr 9 at 9:34
Florian K.Florian K.
1
1
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Florian K. is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Florian K. is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962180%2frestrict-microsoft-graph-api-results%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Florian K. is a new contributor. Be nice, and check out our Code of Conduct.
Florian K. is a new contributor. Be nice, and check out our Code of Conduct.
Florian K. is a new contributor. Be nice, and check out our Code of Conduct.
Florian K. is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962180%2frestrict-microsoft-graph-api-results%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
