I am creating application in Azure AD and assigning following "Application" permissions to that applications.

1) Application.ReadWrite.All
2) AppRoleAssignment.ReadWrite.All
3) Files.ReadWrite.All
4) Group.Read.All
5) User.Read.All
6) full_access_as_app

I want to know if there is any security risk, if these assigned permissions gives rights to my application to modify any other application. Thanks in advance.

1

There are 1 answers

6
Joy Wang On BEST ANSWER

if these assigned permissions give rights to my application to modify any other application.

Yes, I suppose you add the application permissions of Microsoft Graph, with different application permissions, the app can call different Microsoft Graph APIs.

For example, you give the Application.ReadWrite.All application permission in MS Graph, then it will be able to call the MS Graph API - Update application, it can modify all the applications in your AAD tenant.