Https- Graph.microsoft.com V1.0 Applications Access

If your app uses identifierUris (e.g., api://my-app ), that URI becomes a potential token target. An attacker who can register a conflicting URI in another tenant cannot take over your app—but they can cause token validation confusion if your app incorrectly validates the aud claim.

GET /applications?$filter=signInAudience eq 'AzureADMultipleOrgs'&$expand=owners($top=1),requiredResourceAccess https- graph.microsoft.com v1.0 applications

"requests": [ "id": "1", "method": "GET", "url": "/applications/id/passwordCredentials" , "id": "2", "method": "GET", "url": "/applications/id/keyCredentials" ] If your app uses identifierUris (e