You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AzureTRE currently grants Group.ReadWrite.All to its Application Admin just so it can create groups. Since November 2023, Microsoft Graph supports Group.Create, which is much more restrictive and matches the actual needs. Please update scripts and docs so only Group.Create is used unless broader group management is actually required.
AzureTRE currently grants Group.ReadWrite.All to its Application Admin just so it can create groups. Since November 2023, Microsoft Graph supports Group.Create, which is much more restrictive and matches the actual needs. Please update scripts and docs so only Group.Create is used unless broader group management is actually required.
Group.Create Graph permission docs