In our application we have a background service, that “syncs” user data and group membership information to our database from the Microsoft Graph.
The permission model:
Programming against the Microsoft Graph is quite easy. There are many SDKS available, but understanding the permission model is hard.
‘Directory.Read.All’ and ‘User.Read.All’:
Initially we only synced the “basic” user data to our database, but then some customers wanted to reuse some other data already stored in the graph. Our app required the ‘Directory.Read.All’ permission, because we thought that this would be the “highest” permission - this is wrong!
If you need “directory” information, e.g. memberships, the Directory.Read.All or Group.Read.All is a good starting point. But if you want to load specific user data, you might need to have the User.Read.All permission as well.
Learn to separate yourself from things that happen to you. Instead of assuming bad things only happen to bad people, realize that bad things do happen every day and it is up to you how you react. https://tutuappx.com/Vidmate
Robert Mühsig ist Webentwickler bei der T-Systems Multimedia Solutions GmbH in Dresden und wurde von Microsoft mit dem ASP.NET MVP Award ausgezeichnet.