Really keen to start using this, but it's very strange (and a blocker
for us long term) why Australia, New Zealand and Japan are missing from
the available tenant locations.I found a like minded article on learn
that this issue was bought up last year (Unable to establish Entra
tenant for Australia ...
@merillms used to suffice having group ownership to be able to connect
and act only on that group without any other privilege, or am i
mistaken? Edit: Nevermind me. This still is the case with Entra
powershell module, should have tested before opening the mouth
@Deleted Azure AD PowerShell had ALL directory related permission scopes
pre-consented including group member.readwrite.all. It's not least
privilege, which is why the new modules no longer pre-consent.
@JamesC95 at the scenario, yes. An automation, where with azuread was
possible to scope to the target only, and now its a super-powerful SP.
We should be able to do better scoping while using msgraph api.
@DeletedIn this scenario you would use delegated access, which would
limit the access to the permissions of the end user. So even though the
app would have larger permissions, they are still capped to what the
user is able to
access/do.https://learn.microsoft.com/en-us/entra/identity-platform/permis...
Latest Comments