@Peter Prowse Thank you for reaching out to us, As I understand you want to secure SharePoint access for one of your clients.
To make the permissions in Entra ID granular you can consider implementing a role-based access control (RBAC) model. This involves defining roles and permissions that are specific to organization's needs and assigning those roles to users and groups in Entra ID.
Sharing this for reference - https://video2.skills-academy.com/en-us/sharepoint/restricted-access-control you can review this to begin with how one can manage SharePoint access efficiently.
Adding more tags related to SharePoint for more visibility.
Let me know if you have any further questions, feel free to post back.