One way to avoid this problem and considerably reduce the attack surface is to:
1- Create a dummy Onedrive account.
2- Share a folder on your main Onedrive to the dummy account.
3- In the dummy account, maps the shared link to a folder for easier access as if it was a normal folder. (May not be required for some apps).
4- Only lets third party apps access the dummy Onedrive account with its single folder.
This doesn’t give access to your main Onedrive account to any apps, just the files and folders under the shared folder you have shared with the dummy account.
ThePowerOfFuet•1d ago
To summarize: "Avoid OneDrive."
pawanjswal•1d ago
It's hard to believe that the OneDrive File Picker still doesn't have fine grained OAuth scopes in 2025. Allowing read access to the whole drive just to upload one file goes against the principle of least privilege.
type0•18h ago
> In response, Microsoft is considering future improvements
Who knows, maybe it works as intended, that's MS Windows in a nutshell
mchenier•1d ago
This doesn’t give access to your main Onedrive account to any apps, just the files and folders under the shared folder you have shared with the dummy account.
ThePowerOfFuet•1d ago