Home > Manage App Profiles > API Permissions Required by AvePoint Apps > Apps for Multiple Services > Microsoft Entra ID
Export to PDFMicrosoft Entra ID
The Microsoft Entra ID app profile can be used by the following services:
Once you create a Microsoft Entra ID app profile in AvePoint Online Services, the AvePoint Online Services Administration for Entra ID app will be automatically set up in your Microsoft Entra ID.
The table below lists the Microsoft Graph API permissions that should be accepted when you authorize the AvePoint Online Services Administration for Entra ID app.
| Permission | Type | Purpose | Last update |
|---|---|---|---|
| User.ReadWrite.All(Read and write all users' full profiles) | Application | AvePoint Cloud Governance uses it to delete Microsoft 365 users. | |
| User.ReadWrite.All(Read and write all users' full profiles) | Application | Identity Manager uses it to search for users and display them on the interface, as well as invite guest users to organizations. | |
| Files.Read.All(Read files in all site collections) | Application | Retrieve URLs of channels in Teams or read files in Teams channels to support products’ functionalities. | |
| User.Invite.All(Invite guest users to the organization) | Delegated | Identity Manager uses it to invite guest users to organizations. | |
| Directory.AccessAsUser.All(Access directory as the signed-in user) | Delegated | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | |
| Group.ReadWrite.All(Read and write all groups) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | November 2018 |
| Directory.ReadWrite.All(Read and write directory data) | Application | AvePoint Cloud Governance uses it to manage Microsoft 365 users, groups, and Microsoft Teams. | Insider version: December 2020Production version: January 2021 |
| Directory.ReadWrite.All(Read and write directory data) | Application | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | Insider version: December 2020Production version: January 2021 |
| Domain.ReadWrite.All(Read and write domains) | Application | Identity Manager uses it to manage users and groups. | Insider version: December 2020Production version: January 2021 |
| Member.Read.Hidden(Read all hidden memberships) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | Insider version: December 2020Production version: January 2021 |
| User.Read(Sign in and read user profile) | Delegated | Identity Manager uses it to retrieve tenant display name and display the name on the interface. | Insider version: December 2020Production version: January 2021 |
| Mail.Send(Send mail as any user) | Application | AvePoint Cloud Governance uses it if an IT administrator specifies a Microsoft 365 account as the email sender when configuring Email settings in the new Cloud Governance admin center. | Insider version: February 2021Production version: March 2021 |
| AuditLog.Read.All(Read all audit log data) | Application | AvePoint Cloud Governance uses it to retrieve the user who invited the guest user to the tenant. | Insider version: April 2021Production version: May 2021 |
| AuditLog.Read.All(Read all audit log data) | Application | Cense uses it to retrieve users’ last sign-in time to determine if they are inactive users. | May 2021 |
| AuditLog.Read.All(Read all audit log data) | Application | Policies for Microsoft 365 uses it to remove inactive guest users. | May 2021 |
| CallRecords.Read.All(Read all call records) | Application | Cense uses it to retrieve detailed PSTN calling activities and costs. | May 2021 |
| InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | AvePoint Cloud Governance uses it to retrieve published sensitivity labels and label policy settings. | Insider version: September 2021 |
| ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | AvePoint Cloud Governance uses it to retrieve and manage the private channel members. | Insider version: November 2021 |
| Channel.Create(Create channels) | Application | AvePoint Cloud Governance uses it to create private channels in any team. | Insider version: March 2022 |
| ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | AvePoint Cloud Governance uses it to update private channel properties. | Insider version: March 2022 |
| TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | AvePoint Cloud Governance uses it to update team settings. | Insider version: May 2022 |
| TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | Policies for Microsoft 365 uses it to update Teams' settings. | Insider version: May 2022 |
| Team.Create(Create Teams) | Application | AvePoint Cloud Governance uses it to create teams from existing teams or using team templates. | Insider version: May 2022 |
| ChannelMessage.Read.All(Read all channel messages) | Application | AvePoint Cloud Governance uses it to retrieve Microsoft Teams channel conversations for team inactivity threshold calculation. | Insider version: May 2022 |
| Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Policies for Microsoft 365 uses it to retrieve owner numbers of private channels. | Insider version: May 2022 |
| Channel.Delete.All(Delete channels) | Application | Cloud Governance uses it to delete private channels. | Insider Version: July 2022 |
On this page