On the documentation about Azure AD. There is a part about permissions. I would like to know when two “Permissions” are required?
After reading Microsoft Graph permissions reference this is still no clear why those 2 permissions are required :
Directory.AccessAsUser.Allbecause documentation say
Directory.Read.Allalready returns groups so why is it needed?
Directory.Read.Allas Application Permission. Is in case of calling Microsoft Graph API from Actions or Rules?
We implement Azure AD of other client and we have to justifiy about why we request this kind of permissions.
Thanks in advance