question

JacobMiller-4932 avatar image
0 Votes"
JacobMiller-4932 asked JacobMiller-4932 commented

Apply Teams Cs-ApplicationAccessPolicy to Groups

We have an integration setup with Graph API that leverages OnlineMeetings.ReadWrite.All Application-level scope so that clients can schedule Teams meetings through our platform. While developing a few months ago, due to certain complexities within our application, we chose the Application-level scope instead of delegated.

Today, we are working with a couple of our clients to start using this integration and both have expressed concerns about this scope (and subsequent CsApplicationAccessPolicy) granting permission to schedule Teams meetings on behalf of ANY of their AD users. They are requesting that this can be limited to certain users within their respective companies.

From research, I've found that the CsApplicationAccessPolicy can either be granted globally or to specific users for Teams. Is there a way to assign the policy to a group instead of specific users? Alternatively, is there a way to restrict the integration/Graph API to work for specified groups only?

We cannot request clients to assign the policy to specific users, and maintain that list for each new/future user that gets added to their AD.

office-teams-windows-itprooffice-teams-app-devmicrosoft-graph-calendar
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JacobMiller-4932

As you said above, there is no settings that can set the App policy to the group via Teams admin center or PowerShell command. It only applies to the one or more users. if you want to control the channel permission to access app, you could refer to this part of document steps

For Teams API part, I will also add office-teams-app-dev tag to your thread. Someone checking office-teams-app-dev tag will give you more insights. Thanks for your understanding.


0 Votes 0 ·

@JacobMiller-4932

It has been a while, how is everything going?
If you have any update about this issue, please feel free to post back.

0 Votes 0 ·

@JacobMiller-4932 - Please let us know if you still need any help?
If it is resolved, shall we close this this issue?

0 Votes 0 ·
Show more comments

1 Answer

ChetanSharmamsft-3456 avatar image
0 Votes"
ChetanSharmamsft-3456 answered

@JacobMiller-4932 - Graph API can work either on delegated permission or Application level permissions as mentioned in below documentation:
https://docs.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http#permissions

We can not control the API to call on group level permissions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.