NOTE: This article is related to setting Graph API Permissions

Add the Sites.Selected permissions under App registration / API permissions and ensure it is granted.

Open

Get site ID

For the upcoming step, we need the site id. The easiest is to append ‘_api/site/id’ to the site url. E.g.

https://<yoursite>.sharepoint.com/sites/<subsite>/_api/site/id

Make a note with a copy of the id.

Open

Another option is to is Graph Explorer with GET request:

https://graph.microsoft.com/v1.0/sites/<yoursite>.sharepoint.com:/sites/<subsite>

Allow Application to access the Site

We need to make another API call to allow our voyager app to access the site of the id we get in the previous step. In order to do so we can use Microsoft graph explorer and do POST request to the permission endpoint with the siteId:

https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

And post the JSON body with the application ID:

{

  "roles": ["read"],

  "grantedToIdentities": [{

    "application": {

      "id": "e92eac42-4eac-469f-b680-fa95bbe7f0ac",

      "displayName": "Voyager app"

    }

  }]

}

If you get a forbidden exception you might need to allow Graph Explorer to set up site permissions by granting Sites.Manage.All.

Another valuable source:

How to use Microsoft graph SharePoint Sites.Selected application permission in a Azure AD application for more granular control

Once done the Indexing should properly work and no other permissions should be needed.