!!!Managing SharePoint Site Access for Applications Using Sites.Selected Permissions\\
\\
The __Sites.Selected__ permission allows an app to access only the specific SharePoint sites you explicitly authorize. This wiki page provides guidance on how to grant SharePoint write access (required for Sharepoint2 protocol see [SharePoint Integration]) to an App Registration configured in the Azure Portal. Using Sites.Selected offers a much more secure alternative to granting full access across your entire tenant.See this: [https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread]\\
\\
!!__1.__ Create an App Registration with permission Sites.FullControl.All\\
\\
__!!! Important:__ This App Registration is not the working app that will access the SharePoint site.
It is a helper/admin app, used only to configure and grant SharePoint write permissions to other apps (the real apps that will use Sites.Selected permission).\\
\\
Start at the Microsoft Azure portal: [https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on __New registration__:\\
\\
[SharePoint%20Integration/new_registration.png]\\
\\
The __Redirect URI (optional)__ is not required, because it will  has a __Application Permission__ only.\\
\\
Configure API Permissions:\\
\\
Navigate to API Permissions. Click on __Add a permission__ button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag __Sites.FullControll.All__.\\
\\
[CrushTaskExample19/app_permission_sites_full_control.png]\\
\\
__Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!\\
\\
[SharePoint%20Integration/new_secret.png]\\
\\
[SharePoint%20Integration/secret_value.png]\\