topic Re: App Service Access Management for SharePoint CRUD - MS Graph API in Product Forum

App Service Access Management for SharePoint CRUD - MS Graph API

kantasit — Tue, 20 Feb 2024 09:29:00 GMT

I'm using the Microsoft Graph API to manage files (create, read, update, delete) within a SharePoint drive. What's the best way to control access for my App Service? Here's what I'm considering:

Delegated Permissions vs. Application Permissions: Which is more suitable for my scenario?

Delegated Permissions: If this is the way to go, how do I properly assign the required identity to the App Service? Can I use a system user?

Additional Notes: I'm relatively new to Azure administration, so any guidance is much appreciated!

------------------------------
Kantasit
------------------------------

Re: App Service Access Management for SharePoint CRUD - MS Graph API

naveed_raza — Mon, 08 Dec 2025 20:15:56 GMT

for Sharepoint go with Application permission , sharepoint infrastructure team can create the app id, tenant id and client secret . Which you can use to get the access token to call other endpoints

Re: App Service Access Management for SharePoint CRUD - MS Graph API

jordan.harvey.norfolkcc — Tue, 13 Jan 2026 12:48:47 GMT

We use delegated auth, the service accounts themselves are then limited to only allow login from certain networks which as far as I'm aware is not possible with application auth.

For our infrastructure teams and other internal departments access is then granted to the service accounts via the standard SharePoint IDAM controls (via invitations or groups from an existing site owner). This also means that if for some reason we need to disable access, we can do so very quickly without impacting any other automations. We generally use a different service account for each process / project (depending on scope).