I'm curious about granting help desk or junior admin staff access to Microsoft Graph. In my previous job, I had global admin rights at a smaller company, but now I'm in a larger organization with stricter permission levels. I want basic access to Graph command line tools to help automate some tasks and improve workflows. How can I approach this situation? I'd like the help desk to be able to query the Graph API as well.
4 Answers
In my opinion, nobody should get access to more than what they absolutely need. It’s a good practice to keep permissions tight.
You should assign them the necessary RBAC roles for their job, and that'll give them access to Graph for the tasks they'll perform. There's no separate permission just for Graph access, so it's pretty straightforward.
If they just need to run certain scripts, consider creating a service principal with read permissions in Graph. Alternatively, you might want to give them global reader access if appropriate.
Honestly, I’ve never met a help desk team that even knows what Graph is, let alone knows how to use it. I’m curious what they would actually do with those permissions.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures