I'm trying to figure out if it's possible to apply conditional access policies specifically to the Graph API. For instance, I want to require that only compliant devices can access this API. I've attempted to target this app using custom security attributes, but it hasn't worked for me. The only method that seems to work is targeting all resources, which isn't feasible for my situation. Any advice would be greatly appreciated!
1 Answer
It seems like, since everything now operates through an API interface on the backend, you might not be able to manage access to the Graph API the way you'd prefer. There's often a challenge in separating access specifically for APIs compared to other platforms.
I really didn't want to hear that! What’s the point of PIM if we can only secure portals but not the APIs themselves?