I was wondering if anyone else finds this issue weird / illogical. When building an application registered on the v2 Azure AD endpoint (apps.dev.microsoft.com), you can assign extremely high application permissions that essentially provide full access to the respective O365 tenant's data (including messages, sites, drive items, users, - everything) once admin consent has been provided.
We're finding a weird inconsistency: while Application Permissions are really awesome and support almost everything, they don't work with some group-related operations, namely:
- GET /groups/{id]/events
- GET /groups/{id}/conversations
- GET /groups/{id}/planner/plans
According to the API documentation, these methods aren't supported by application permissions and I'm wondering why: since these methods are supported by Delegated Permissions, while Application Permissions are otherwise so much more powerful - I'm finding this illogical.
I had some conversations with other app developers who are struggling with this, too (there is another question specifically about group conversations but I'm repeating this because the issue is about more than just conversations: Reading Group Conversations from Microsoft Graph using an application permission doesn't seem to be supported) so I'm wondering if there is a reason for this that I'm not seeing or are there any plans to address supporting these permissions?
Thanks a bunch in advance,
Ben
