Hi @Pascal Frencken ,
Currently most of the Graph permissions are tenant-wide, without a way to restrict them for a specific group. Group.ReadWrite.All
and GroupMember.ReadWrite.All
give access to all the groups at Application level.
Similar Post: https://learn.microsoft.com/en-us/answers/questions/466029/microsoft-graph-permissions-to-only-access-specifi.html
You can submit a feature request idea which will be monitored by Microsoft team and make the enhancements to Microsoft Graph APIs.
Hope this helps.
If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.