App-Only User.ReadBasic.All Permission is now available

If you're a developer using Microsoft applications, you may be interested in App-Only User.ReadBasic.All permission, which allows apps to retrieve basic user properties such as ID, names, email addresses, and photos. Delegated User.ReadBasic.All permissions were previously available, but customer feedback prompted Microsoft to also provide app-only User.ReadBasic.All permissions. With this release, Microsoft has also fixed a bug which enabled apps to filter on unauthorized properties with delegated User.ReadBasic.All permissions. Apps with this permission that filter on unauthorized properties will now encounter a 403 error message. If you have an app that only needs access to basic user properties, you can consider granting it User.ReadBasic.All permission instead of User.Read.All. This update is expected to be rolled out between mid and late January 2024, and no action is needed unless an application requires access to unauthorized properties.
The post App-Only User.ReadBasic.All Permission is now available appeared first on M365 Admin.
Published on:
Learn moreRelated posts
Graph User.ReadBasic.All Application Permission Available
The Graph User.ReadBasic.All permission is now available for both delegated and application usage. Think before rushing to use the permission....
New Azure DevOps scopes now available for Microsoft Identity OAuth delegated flow apps
Microsoft has introduced additional Azure DevOps scopes for delegated OAuth apps. This latest update allows developers to specify the exact pe...
Restricted Access Control for SharePoint and OneDrive Sites
SharePoint Administrators can now employ a new advanced capability to restrict SharePoint and OneDrive sites to specified users. Access to a s...
SharePoint admin control for App registration / update
SharePoint is upping its security measures with an enhancement to its administrative governance procedures for application registration and pe...
ExO RBAC improvements #1: Limiting application access
This post sheds light on the first of many upcoming improvements related to role-based access control (RBAC) in ExO (Exchange Online). ExO (Ex...
SharePoint Site Permission Inheritance
If you're struggling with managing site permissions across your SharePoint site and subsites, this blog is for you. Specifically, it delves in...
Azure AD custom roles with support for granular User management permissions
Role-based Access Control (RBAC) has been a priority for Microsoft across Azure AD and Microsoft 365 in recent years. While some Microsoft wor...
The SQL Server Permission Model Explained
In this episode, Andreas Wolter sheds light on the mysterious SQL Server and Azure SQL Database permission model. As Michael poses security ch...
Checking Audit Logs for Azure AD Consent Permission Grants
Audit logs hold lots of information, including records for when Azure AD consent permission grants happen. Checking the audit data can detect ...