Home > Manage App Profiles > API Permissions Required by AvePoint Apps > Apps for Individual Services > Policies for Microsoft 365
Export to PDFPolicies for Microsoft 365
When you create the Policies for Microsoft 365 app profile in AvePoint Online Services, the AvePoint Policies for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Policies for Microsoft365.
| API | Permission | Type | Purpose | Last update |
|---|---|---|---|---|
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange As Application) | Application | Retrieve and manage Exchange Online mailboxes. | August 2023 |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Add and remove members from Teams channels. | October 2023 |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Read all audit logs. | |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Read all users’ settings. | |
| Microsoft Graph | User.ReadWrite.All(Read and write all users’ full profiles) | Application | Read and write users’ settings. | |
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Read groups’ members and settings. | |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Update groups’ members and settings. | |
| Microsoft Graph | Directory.ReadWrite.All(Read and write data in the organization’s directory) | Application | Read and write user and group data in the organization’s directory. | |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Update Teams' settings. | |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve owner numbers of private channels. | |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve and update the information of site collections and groups/teams’ sites. | |
| SharePoint/Office 365 SharePoint Online | User.Read.All(Read user profiles) | Application | Retrieve user profiles for OneDrive that are scanned by AvePoint Online Services. | |
| Skype and Teams Tenant Admin API | user_impersonation(Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Retrieve and update Teams admin settings. | February 2024 |
| Azure Rights Management Services*Note: Make sure your organization has a subscription (or service principal) for the Azure Rights Management Services API. | Content.SuperUser(Read all protected content for this tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files. | August 2025 |
| Azure Rights Management Services*Note: Make sure your organization has a subscription (or service principal) for the Azure Rights Management Services API. | Content.Writer(Create protected content) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files. | August 2025 |
*Note: If you want to use the Teams Tagging Settings rule, an app with delegated permissions will be required. For the delegated app profile, consent from a Microsoft 365 Global Administrator or a Privileged Role Administrator is required and must be retained. If you revoke the Microsoft 365 Global Administrator or the Privileged Role Administrator role from the user who provided consent for the delegated app, ensure that the user who provided consent retains the Teams Administrator role.