AAD app-only access site permission control
As described in this doc: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
When granted All Site Full Control permission, the application would be able to access all sites in my organization. But can we grant permissions to specific sites? In other words, can we restrict the sites the application can access? If we can, how to do this?

4 comments
-
Fredrik Thorild commented
Found this on the M365 roadmap
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=76685
-
DanM commented
How does this only have 16 votes? What are people doing to limit the scope of what apponly connections (for integration scenarios for example)? Granting access across entire tenant is not an acceptable solution as this is a HUGE security problem.
-
Anonymous commented
In addition: When using Azure Information Protection for example, some sites have classified data and we don't want to expose those sites trough an app registration with app-only permissions. It seems impossible to achieve this now. Any thougts?
-
t-zhexu commented
I forgot to mention that I want to access SharePoint Online via Azure AD app-only not SharePoint app-only.