split Directory.Read.All permission request

Currently K2 Cloud requires Directory.Read.All permission in order to access AAD. All apps have to follow the least privilege setup as far as technically and support wise possible.

For such a global company us ours which is under various financial regulations Azure Active Directory is shared with many other services. So a proper least privilege setup is a must. Using one of the highest level directory read permissions just to be able to read Users and Groups as you write in your documentation is a clear violation of that principle.