!!!Managing SharePoint Site Access for Applications Using Sites.Selected Permission\\
\\
The __Sites.Selected__ permission allows an app to access only the specific SharePoint sites you explicitly authorize. This wiki page provides guidance on how to grant SharePoint write access (required for __SharePoint2 protocol__ see [SharePoint Integration]) to an __App Registration__ configured in the Azure Portal. Using Sites.Selected offers a much more secure alternative to granting full access across your entire tenant. See this: [https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread]\\
\\
!!__1.__ Create an App Registration with permission Sites.FullControl.All\\
\\
__!!! Important:__ This App Registration is not the working app that will access the SharePoint site.
It is a helper/admin app, used only to configure and grant SharePoint write permissions to other apps (the real apps that will use Sites.Selected permission).\\
\\
Start at the Microsoft Azure portal: [https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on __New registration__:\\
\\
[SharePoint%20Integration/new_registration.png]\\
\\
The __Redirect URI (optional)__ is not required, because it will  has a __Application Permission__ only.\\
\\
Configure API Permissions:\\
\\
Navigate to API Permissions. Click on __Add a permission__ button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag __Sites.FullControll.All__.\\
\\
[CrushTaskExample19/app_permission_sites_full_control.png]\\
\\
__Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!\\
\\
[SharePoint%20Integration/new_secret.png]\\
\\
[SharePoint%20Integration/secret_value.png]\\
\\
!!__2.__ Create an App Registration to Access SharePoint Site Documents Using the Sites.Selected Permission\\
\\