I have registered an app in Azure AD portal and given Microsoft Graph API permissions to the app to read all sites.
I generate a access token using v2.0 endpoint. With the token i can access the sharepoint site collections which is fine. But using same token i am to access the onedrive also.
Is there a way to just access the sharepoint and not onedrive? Are there any permissions in Graph api or Azure ad portal to restrict this access for the token.
The Microsoft Graph API provides access to data in Office 365 (like calendars and messages from Exchange, sites and lists from SharePoint, documents from OneDrive, notebooks from OneNote, tasks from Planner, workbooks from Excel, etc.), as well as users and groups from Azure AD and other data objects from more Microsoft cloud services.
Is there a way to just access the sharepoint and not onedrive?
Navigate to your App in AAD, go to the Microsoft Graph in Required permissions. Just do not choose the options of onedrive.
For more details about permissions of onedrive, refer to Display String in this link. Then if you get the token by the App, it will not be able to access onedrive.
