控制应用程序对 SharePoint 网站的 API 访问

我有一个外部程序，我计划每天运行一次(即没有用户交互).此程序应使用 Microsoft Graph API 将文件上传到 SharePoint Online 站点.我可以通过注册一个应用程序在 Azure Active Directory 中启用此功能，并为此应用程序授予应用程序权限 File.ReadWrite.All，然后将 PUT 请求发送到https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{parent-id}:/{filename}:/content

I have an external program that I have scheduled to run once a day (i.e. no user interaction). This program should upload a file to a SharePoint Online site, using Microsoft Graph API. I'm able to enable this in Azure Active Directory by registering an app, and giving this app the application permission File.ReadWrite.All, then sending a PUT request to https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{parent-id}:/{filename}:/content

但是，通过授予 File.ReadWrite.All，程序将有权访问我组织的所有网站集中的所有文件.我想限制对特定站点的访问，或者可能只是该站点内的特定文件夹.如何做到这一点?(无需用户在程序运行时交互式登录)

However, by granting File.ReadWrite.All, the program will have access to all files in all site collections for my organization. I want to limit access to a specific site, or perhaps just a specific folder within that site. How can this be achieved? (without the need for a user to interactively sign in when the program is run)