User.ReadBasic.All allows the app to retrieve basic user properties like ID, display name, first and last name, email address, and photo. Today only delegated User.ReadBasic.All is available. We heard customer feedback to enable app-only User.ReadBasic.All permission as well, to limit their app access to only basic user properties.
With the release of app-only User.ReadBasic.All, we also fixed a bug, which enabled the app to filter on properties it shouldn’t access with User.ReadBasic.All. The issue is now resolved, ensuring that apps with delegated permission can no longer filter on unauthorized properties.
(more…)
Originally posted by Microsoft
Jan 5, 2024
Uncategorized
0 Comments