Refer to the instructions below to re-authorize app profiles for Microsoft tenants.
- If your tenant has an app with delegated permissions, note the following:
- According to , the sign-in logs show the original IP used for the original token issuance, as the IP address of non-interactive sign-ins performed by confidential clients (AvePoint Online Services) doesn’t match the actual original IP of the event when a Microsoft user signed in and consented to an app. If you create an app with delegated permissions, you must add the original IP address to your Microsoft tenant’s conditional access policies (if any). Otherwise, the apps with delegated permissions will be **Invalid**. After you add the original IP address to your conditional access policies, you can manually re-authorize the app profile to update its status or wait for AvePoint Online Services to automatically update its status.
- For an app with delegated permissions, the related app profile needs to be re-authorized when its consent user’s Microsoft 365 account is in any of the following scenarios:
- If multi-factor authentication (MFA) is enabled on the consent user's Microsoft 365 account after the user has given consent to the custom app profile, the app profile needs to be re-authorized.
- If the consent user’s Microsoft 365 account is unavailable (e.g. the password was changed or the user left the company), the app profile will be **Invalid** and need to be re-authorized.
> ***Note**: To help you easily find the apps with delegated permissions, the related AvePoint default apps are marked with the icons as below:
- Apps that utilize both application and delegated API permissions are marked with the hybrid () icon.
- Apps that have delegated API permissions only are marked with the purebred () icon.
- For a **Custom** **Azure** **app** / **Custom Azure** **app with delegated permissions**, you also need to re-authorize the app profile if:
- You want to change the custom Azure app that connects AvePoint Online Services to your tenant.
- The certificate file of the custom Azure app has been changed.
- For a **Delegated app** used by the **Cloud Backup for Microsoft 365** service, you also need to re-authorize the app profile if you want to change the functions which will use the app. When you re-authorize the **Delegated app**, ensure that your organization’s subscription for the Cloud Backup for Microsoft 365 service has included the modules you want to protect. Then, you can select desired functions from the following that are supported by the **Delegated app**:
- **Restore Teams channel conversations as posts**
- **Protect Power BI**
- **Protect Power Automate / Power Apps**
- **Restore Planner task comments**
> ***Note**: If your tenant is using a scan profile configured in the AOS classic UI for protecting Planner data via Cloud Backup for Microsoft 365, you can follow the steps below to update the method of Planner data protection.
1. In AOS, refer to the instructions below to prepare an app profile based on your scenario:
- If you want to use a classic mode app, create/re-authorize an app profile of the **Microsoft 365 (All permissions)** app type, and ensure that the Microsoft Graph permission **Tasks.ReadWrite.All** has been added to the app.
- If you want to use a modern mode app, create an app profile of the **Cloud Backup for Microsoft 365 (All permissions)** app type.
- If you want to use a custom mode app, create an app profile of the **Custom Azure app** type and ensure that the Microsoft Graph permission **Tasks.ReadWrite.All** has been added to the custom app.
2. Edit the scan profile and save it.
> ***Note**: For a scan profile configured in the AOS classic UI for protecting Planner data, the authentication method in the scan profile is a service account profile or app profile with an additional delegated app profile. In the AOS new UI, once this kind of scan profile has been edited, the authentication method will be updated to the app profile. Thus, you can edit and save a scan profile even without any changes.
3. Go to Cloud Backup for Microsoft 365 to check the backup setting and ensure that the option for Planner data backup has been enabled.
- The following apps support user consent, and you can re-authorize these apps with a non-Administrator account in your Microsoft tenant. When you re-authorize one of the following apps, you can choose a consent method between [Administrator Consent](#missing-link) and [User Consent](#missing-link).
> ***Note**: When you re-authorize the other apps that are not in the table below, refer to [Administrator Consent](#missing-link).
Refer to the sections below to re-authorize an app with an appropriate consent method.
