I'm curious if other companies grant their help desk or junior admin staff access to Microsoft Graph. Coming from a smaller company where I had global admin permissions, I've now transitioned to a larger organization that uses more granular permissions. I think having basic access to Microsoft Graph command line tools would help me create some automations and streamline workflows. How do I go about requesting this access to allow the help desk to query the Graph API as well?
4 Answers
It’s pretty straightforward! Just assign them the necessary RBAC roles they need to perform their tasks, and they'll get access to the Graph without any extra configs needed. There’s no separate permission just for Graph access.
Honestly, I've never met a help desk that even knows how to use Graph. What do you think they'd actually accomplish with that kind of access?
Haha, I get your point! But maybe they could help out with basic queries?
Just a heads-up, I've always subscribed to the philosophy that no one gets access to anything that isn't absolutely necessary for their job. So think about what they specifically need to do.
If there are specific scripts they need to run, consider building a service principal with read permissions in Graph. You could also give them global reader access if that suits your needs.
Thanks for the tip! RBAC looks like the way to go.