Home > Manage App Profiles > API Permissions Required by AvePoint Apps > Apps for Individual Services > EnPower > EnPower for Microsoft 365
Export to PDFEnPower for Microsoft 365
When you create the EnPower for Microsoft 365 app profile in AvePoint Online Services, the AvePoint EnPower for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower for Microsoft365 app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | AdministrativeUnit.ReadWrite.All(Read and write all administrative units.) | Application | Retrieve administrative units’ information and assign users or Groups to administrative units. |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Retrieve users’ audit logs for reports and management. |
| Microsoft Graph | CallRecords.Read.All(Read all call records) | Application | Retrieve call records for Teams activity reports and PSTN and SMS reports. |
| Microsoft Graph | Channel.Create(Create channels) | Application | Create channels in your Teams. |
| Microsoft Graph | Channel.Delete.All(Delete channels) | Application | Delete channels in your Teams. |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve the basic information of channels in your Teams. |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | Retrieve and update channel settings. |
| Microsoft Graph | Group.Create(Create Groups) | Application | Create Groups for your Microsoft users. |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Retrieve and update Groups’ information. |
| Microsoft Graph | GroupMember.ReadWrite.All(Read and write all group memberships) | Application | Retrieve and update memberships for your Groups. |
| Microsoft Graph | Mail.Send(Send mail as any user) | Application | Sending passwords via emails to users created in EnPower. |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve data for usage reports. |
| Microsoft Graph | RoleManagement.ReadWrite.Directory(Read and write all directory RBAC settings) | Application | Manage permissions for the permission groups created in EnPower. |
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Retrieve OneDrive users and OneDrive information. |
| Microsoft Graph | Team.Create(Create Teams) | Application | Create Teams in your organization. |
| Microsoft Graph | Team.ReadBasic.All(Get a list of all Teams) | Application | Retrieve Teams data for Teams report. |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from all Teams) | Application | Retrieve and manage members in your Teams. |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | Retrieve and manage settings for your Teams. |
| Microsoft Graph | Teamwork.Migrate.All(Create chat and channel messages with anyone's identity and with any timestamp) | Application | Create Teams and channels. |
| Microsoft Graph | User.Invite.All(Invite guest users to the organization) | Application | Invite or bulk invite guest users to your organization. |
| Microsoft Graph | User.ReadWrite.All(Read and write all users' full profiles) | Application | Retrieve and manage user properties. |
| Microsoft Graph | Organization.Read.All(Read organization information) | Application | Retrieve your organization's information. |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | Retrieve your organization’s sensitivity labels for site creation. |
| Microsoft Graph | ReportSettings.Read.All(Read all admin report settings) | Application | Retrieve your organization’s report settings on whether the user, group, and site names have been concealed in your reports. |
| Microsoft Graph | Directory.ReadWrite.All(Read and write directory data) | Application | Retrieve and manage your organization’s Microsoft Entra data. |
| Microsoft Graph | User.DeleteRestore.All(Delete and restore all users) | Application | Retrieve and restore deleted users. |
| Microsoft Graph | UserAuthenticationMethod.ReadWrite.All(Read and write all users' authentication methods) | Application | Retrieve and update users’ authentication methods for users’ MFA management. |
| Microsoft Graph | Policy.ReadWrite.AuthenticationMethod(Read and write all authentication method policies) | Application | Retrieve and update users’ authentication method policies for users’ MFA management. |
| Microsoft Graph | Directory.AccessAsUser.All(Access directory as the signed-in user) | Delegated | Retrieve and manage users’ Microsoft Entra data. |
| Microsoft Graph | User.Read.All(Read all users’ full profiles) | Delegated | Retrieve and manage Teams policies in your tenants. |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Delegated | Retrieve and manage Groups’ sensitivity and related Teams’ archiving status in your tenant. |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All(Read and write user profiles) | Application | Retrieve data for EnPower Auto Discovery. |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve data for EnPower Auto Discovery. |
| Exchange Online | Exchange.ManageAsApp(Manage Exchange as application) | Application | Retrieve mailboxes’ data for EnPower Auto Discovery. |
| Azure Rights Management Services | Content.DelegatedReader(Read protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. |
| Azure Rights Management Services | Content.DelegatedWriter(Create protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. |
| Azure Rights Management Services | Content.SuperUser(Read all protected content for this tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. |
| Azure Rights Management Services | Content.Writer(Create protected content) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. |
| Microsoft Information Protection Sync Services | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. |
| Skype and Teams Tenant Admin API | user_impersonation(Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Connect to Microsoft Teams. |
On this page