AAD app-only access site permission control
As described in this doc: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
When granted All Site Full Control permission, the application would be able to access all sites in my organization. But can we grant permissions to specific sites? In other words, can we restrict the sites the application can access? If we can, how to do this?
Fredrik Thorild commented
Found this on the M365 roadmap
How does this only have 16 votes? What are people doing to limit the scope of what apponly connections (for integration scenarios for example)? Granting access across entire tenant is not an acceptable solution as this is a HUGE security problem.
In addition: When using Azure Information Protection for example, some sites have classified data and we don't want to expose those sites trough an app registration with app-only permissions. It seems impossible to achieve this now. Any thougts?
I forgot to mention that I want to access SharePoint Online via Azure AD app-only not SharePoint app-only.