Home > Manage App Profiles > API Permissions Required by AvePoint Apps > Apps for Individual Services > Cloud Governance > Cloud Governance for Microsoft 365
Export to PDFCloud Governance for Microsoft 365
When you create a Cloud Governance for Microsoft 365 app profile in AvePoint Online Services, the AvePoint Cloud Governance forMicrosoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Cloud Governance for Microsoft365 app.
| API | Permission | Type | Purpose | Last update |
|---|---|---|---|---|
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Create and manage groups/teams. | |
| Microsoft Graph | Sites.Read.All (Read items in all site collections) | Application | Retrieve the latest site collection URLs. | |
| Microsoft Graph | Member.Read.Hidden (Read all hidden memberships) | Application | Read the members of a group/team with hidden membership to copy members. | |
| Microsoft Graph | Policy.Read.All(Read your organization's policies) | Application | Retrieve your organization’s policies. | |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | Manage sensitivity labels. | |
| Microsoft Graph | User.Invite.All(Invite guest users to the organization) | Application | Invite guest users to groups/teams. | |
| Microsoft Graph | Files.Read.All(Read files in all site collections) | Application | Retrieve the URLs of the group team sites. | |
| Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and update user properties. | |
| Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Retrieve the user who invited the guest user to the tenant. | |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Get user activities to filter active workspaces. | |
| Microsoft Graph | ChannelMessage.Read.All(Read all channel messages) | Application | Retrieve Microsoft Teams channel conversations for team inactivity threshold calculation. | |
| Microsoft Graph | Mail.Send(Send mail as any user) | Application | Use a Microsoft 365 account as the email sender to send notification emails. | |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve information from your organization’s Active Directory. | |
| Microsoft Graph | Sites.FullControl.All(Have full control of all site collections) | Application | Manage content types. | |
| Microsoft Graph | Channel.Create (Create channels) | Application | Create private channels. | |
| Microsoft Graph | Channel.Delete.All (Delete channels) | Application | Delete private channels. | |
| Microsoft Graph | ChannelSettings.ReadWrite.All (Read and write the names, descriptions, and settings of all channels) | Application | Update private channel properties. | |
| Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all teams' settings) | Application | Retrieve and update team settings. | |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from all teams) | Application | Add or remove members from teams. | |
| Microsoft Graph | ChannelMember.ReadWrite.All (Add and remove members from all channels) | Application | Add members to private channels. | |
| Microsoft Graph | Team.Create (Create teams) | Application | Create teams. | |
| Microsoft Graph | Community.ReadWrite.All(Read and write all Viva Engage communities) | Application | Create a new community in Viva Engage. | December 2024 |
| Office 365 Management APIs | ActivityFeed.Read(Read activity data for your organization) | Application | Retrieve activity data in your organization. | |
| SharePoint/Office 365 SharePoint Online | User.Read.All(Read user profiles) | Application | Retrieve user properties from user profiles. | |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All | Application | Retrieve and manage SharePoint objects. | |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All(Read and write managed metadata) | Application | Retrieve term store information. | |
| Microsoft Information Protection Sync Services | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Retrieve sensitivity labels in your organization.*Note: This API is used when sensitivity labels cannot be retrieved by the Microsoft Graph API. | June 2025 |
On this page