check before: 2024-01-19
World tenant, Online
New feature, User impact, Admin impact
User.ReadBasic.All allows the app to retrieve basic user properties like ID, display name, first and last name, email address, and photo. Today only delegated User.ReadBasic.All is available. We heard customer feedback to enable app-only User.ReadBasic.All permission as well, to limit their app access to only basic user properties.
With the release of app-only User.ReadBasic.All, we also fixed a bug, which enabled the app to filter on properties it shouldn't access with User.ReadBasic.All. The issue is now resolved, ensuring that apps with delegated permission can no longer filter on unauthorized properties.
If your app uses delegated User.ReadBasic.All to filter properties beyond its access, it will now encounter a 403 error message, indicating "insufficient privileges to complete the operation." You can grant the app User.Read.All permission, to ensure the filter operation succeeds.
With app-only User.ReadBasic.All, you can evaluate the permission needs of apps in your tenant; for those requiring access to basic user properties only, consider granting User.ReadBasic.All permission instead of User.Read.All.
[When this will happen:]
Standard Release: We will begin rolling out by mid-January 2024 and expect to complete by late January 2024.
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.