Restrict app-only applications from accessing certain sitecollections
When registering a SharePoint App on tenant level with Sitecollection permissions, all sitecollections can be accessed using an App-Only context in that tenant.
We have lots of customers who want to exclude some sitecollections to be accessed, for example those labeled in AD with a sensitivity label, or tag, or certain URLs.
Please make it possible to support this.
A good place to do this, is in the Azure Portal.
