Home > App Management > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Classic Apps for Multiple Services
Export to PDFClassic Apps for Multiple Services
The following table lists the apps which can be used by multiple services.
| New or updated? | App type in AOS | App name in Entra ID | Consent |
|---|---|---|---|
| Updated | Microsoft 365 (All Permissions) | AvePoint Online Services Administration for Microsoft365 | App management > Classic mode > Consented for all services. |
| No changes | Microsoft 365 (SharePoint Permissions) | AvePoint Online Services Administration for SharePoint | Unsupported to create new. |
| No changes | Microsoft 365 (Exchange Permissions) | AvePoint Online Services Administration for Exchange | Unsupported to create new. |
| No changes | Microsoft Entra ID | AvePoint Online Services Administration for Entra ID | App management > Classic mode > Consented for all services. |
| No changes | Delegated app | AvePoint Online Services – Delegated App | App management > Classic mode or Modern mode > Consented separately for each service. |
| No changes | Viva Engage | AvePoint Online Services Administration for Viva Engage | App management > Classic mode or Modern mode > Consented for all services. |
| No changes | Reporting for Microsoft 365 | AvePoint Reporting for Microsoft365 | App management > Modern mode > Consented for all services. |
Microsoft 365 (All Permissions)
The Microsoft 365 (All permissions) app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| Cense | Microsoft 365 license management |
| Classic DocAve Backup | Granular Backup and Restore Exchange Online Backup and Restore |
| Cloud Archiving | SharePoint sites archive and restore OneDrive archive and restore Microsoft 365 Group team sites archive and restore |
| Cloud Backup for Microsoft 365 | SharePoint Online OneDrive Project Online (for auto discovery only) Exchange Online Public Folders (for auto discovery only) Microsoft 365 Groups Teams Viva Engage (for auto discovery only) |
| Cloud Governance | SharePoint object management Microsoft 365 Group management Microsoft Team management Viva Engage community management |
| Cloud Index | Integrate Cloud Index with your SharePoint Online environment |
| AvePoint Online Services common service (Cloud Insights) | Collect Microsoft 365 data |
| Cloud Management | SharePoint Online OneDrive Microsoft Teams Microsoft 365 Group |
| AvePoint Opus | SharePoint Online OneDrive Microsoft Teams Microsoft 365 Group |
| Insights | SharePoint Online OneDrive Microsoft Teams Microsoft 365 Group |
| Policies for Microsoft 365 | SharePoint Online OneDrive Microsoft Teams Microsoft 365 Group |
Once you create a Microsoft 365 (All permissions) app profile in AvePoint Online Services, the AvePoint Online Services Administration for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint Online Services Administration for Microsoft365 app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Retrieve information of SharePoint Online site collections that are scanned by Auto Discovery. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All (Read and write user profiles) | Application | Retrieve information of Microsoft 365 user profiles related to OneDrive that are scanned by Auto Discovery. | No |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All (Read and write managed metadata) | Application | Back up and restore Managed Metadata Service of SharePoint Online site collections and Microsoft 365 Group team sites. | No |
| Office 365 Exchange Online | full_access_as_app (Use Exchange Web Services with full access to all mailboxes) | Application | Retrieve information of Exchange Online mailboxes and Microsoft 365 Group mailboxes that are scanned by Auto Discovery. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange As Application) | Application | Scan in-place archived mailboxes. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | Retrieve activity data in your organization to generate reports in AvePoint Cloud Insights. | No |
| Microsoft Graph | Channel.ReadBasic.All (Read the names and descriptions of all channels) | Application | Scan Microsoft Teams via Auto Discovery. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Scan Microsoft 365 Groups and Microsoft Teams via Auto Discovery. Back up and restore Microsoft Teams and Microsoft 365 Groups data. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve your Microsoft 365 tenant information. | No |
| Microsoft Graph | Sites.ReadWrite.All (Read and write items in all site collections) | Application | Back up and restore Microsoft Teams, Microsoft 365 Groups, and OneDrive data. | No |
| Microsoft Graph | Sites.Read.All (Read items in all site collections [preview]) | Application | Back up and restore Microsoft Teams and Microsoft 365 Groups data. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | AvePoint Cloud Backup for Microsoft 365 can retrieve data size directly, which improves the efficiency of the Subscription Consumption Report. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All (Add and remove members from all channels) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the members and messages of Teams private channels. | No |
| Microsoft Graph | ChannelMessage.Read.All (Read all channel messages) | Application | Back up and restore the members and messages of Teams private channels. | No |
| Microsoft Graph | Tasks.ReadWrite.All (Read and write all users’ tasks and task lists) | Application | Backup up and restore Planner data. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All (Read and write the names, descriptions, and settings of all channels) | Application | Required by the restore jobs of Teams service. | No |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Retrieves and displays user photos and user basic information, and retrieves file size of your Microsoft 365 tenant. | Yes |
| Microsoft Graph | MailboxItem.ImportExport.All (Allows the app to perform backup and restore for all mailbox items) | Application | Import and export mailbox items. | Yes |
| Microsoft Graph | MailboxFolder.Read.All (Read all the users’ mailbox folders.) | Application | Retrieve users’ mailbox folders. | Yes |
| Microsoft Graph | MailboxFolder.ReadWrite.All (Read and write all the users' mailbox folders) | Application | Back up and restore mailboxes. | Yes |
| Microsoft Graph | MailboxItem.Read.All (Read all the users’ mailbox items) | Application | Retrieve users’ mailbox items. | Yes |
| Microsoft Graph | MailboxSettings.Read (Read all user mailbox settings) | Application | Retrieve users’ mailbox settings. | Yes |
| Microsoft Graph | Mail.ReadWrite (Read and write access to user mail) | Application | Access and modify items within users’ mailboxes, manage emails lifecycle. | Yes |
| Microsoft Graph | RecordsManagement.Read.All (Read Records Management configuration, labels, and policies) | Delegated | Apply Microsoft retention label to emails | Yes |
| Microsoft Graph | User.ReadWrite.All (Read and write all users’ full profiles) | Application | It allows users to remove or block external users in Insights. | No |
| Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Insights uses it to retrieve the last sign-in time of external users. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all teams’ settings) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ settings. | No |
| Microsoft Graph | Files.Read.All (Read files in all site collections) | Application | Retrieve URLs of channels in Teams. | No |
| Microsoft Graph | TeamMember.ReadWrite.All (Add and remove members from teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ members. | No |
| Microsoft Graph | TeamsTab.ReadWrite.All (Read and write tabs in Microsoft Teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ tabs. | No |
| Microsoft Graph | Team.Create (Create teams) | Application | Cloud Backup for Microsoft 365 uses it to restore teams. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteForTeam.All (Manage Teams apps for all teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ apps. | No |
| Microsoft Graph | Channel.Create (Create channels) | Application | Cloud Backup for Microsoft 365 uses it to restore teams’ channels. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization.) | Application | Insights uses it to retrieve sensitivity labels from Microsoft 365. | No |
| Microsoft Graph | Chat.Read.All (Read all chat messages) | Application | Cloud Backup for Microsoft 365 uses it to back up Microsoft Teams Chat. | No |
| Microsoft Graph | Files.ReadWrite.All (Read and write files in all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the OneDrive files. | No |
| Microsoft Graph | Sites.Manage.All (Create, edit, and delete items and lists in all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the OneDrive files. | No |
| Microsoft Graph | Sites.FullControl.All (Have full control of all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up some files in specific conditions, such as DLP-sensitive files. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read (Read all unified policies of the tenant) | Application | Insights can retrieve information of published sensitivity labels from Microsoft 365. | No |
Microsoft 365 (SharePoint Online Permissions)
The Microsoft 365 (SharePoint Online permissions) app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| Classic DocAve Backup | Granular Backup and Restore |
| Cloud Backup for Microsoft 365 | SharePoint Online OneDrive Project Online (for auto discovery only) |
| Cloud Backup for Microsoft 365 | SharePoint Online OneDrive Project Online (for auto discovery only) |
| Cloud Backup for Microsoft 365 | SharePoint Online OneDrive Project Online (for auto discovery only) |
| Cloud Governance | SharePoint object management |
| Cloud Insights | Collect Microsoft 365 data |
| AvePoint Opus | SharePoint object management |
The Microsoft 365 (SharePoint Online permissions) app profile is for the AvePoint Online Services Administration for SharePoint app in your Microsoft Entra ID.
NOTE
The Microsoft 365 (SharePoint Online permissions) app profile is unsupported to create new, but you can re-authorize the existing app profile in your AvePoint Online Services tenant when necessary.
The table below lists the permissions that should be accepted when you authorize AvePoint Online Services Administration for SharePoint app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Retrieve information of SharePoint Online site collections that are scanned by Auto Discovery. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All (Read and write user profiles) | Application | Retrieve information of Microsoft 365 user profiles related to OneDrive that are scanned by Auto Discovery. | No |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All (Read and write managed metadata) | Application | Back up and restore Managed Metadata Service of SharePoint Online site collections and Microsoft 365 Group team sites. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | Retrieve activity data in your organization to generate reports in AvePoint Cloud Insights. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | AvePoint Cloud Backup for Microsoft 365 can retrieve data size directly, which improves the efficiency of the Subscription Consumption Report. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve your Microsoft 365 tenant information. | No |
| Microsoft Graph | Sites.ReadWrite.All (Read and write items in all site collections) | Application | Back up and restore the OneDrive content. | No |
| Microsoft Graph | Sites.Manage.All (Create, edit, and delete items and lists in all site collections) | Application | Back up and restore the lists in OneDrive, and it is required if the SharePoint list has content approval settings enabled. | No |
| Microsoft Graph | Files.ReadWrite.All (Read and write files in all site collections) | Application | Back up and restore the OneDrive files. | No |
| Microsoft Graph | Sites.FullControl.All (Have full control of all site collections) | Application | Back up some files in specific conditions, such as DLP-sensitive files. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read (Read all unified policies of the tenant.) | Application | Insights can retrieve information of published sensitivity labels from Microsoft 365. | No |
| Windows Azure Active Directory | User.Read | Delegated | Support signing in with Microsoft 365 accounts. | No |
Microsoft 365 (Exchange Permissions)
The Microsoft 365 (Exchange permissions) app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| Classic DocAve Backup | Exchange Online Backup and Restore |
| Cloud Backup for Microsoft 365 | Exchange Online |
| Cloud Backup for Microsoft 365 | Public Folders (for auto discovery only) |
| Cloud Governance | Microsoft 365 Group management Microsoft Team management |
| AvePoint Opus | Exchange Online Management |
The Microsoft 365 (Exchange permissions) app profile is for the AvePoint Online Services Administration for Exchange app in your Microsoft Entra ID.
NOTE
The Microsoft 365 (Exchange permissions) app profile is unsupported to create new, but you can re-authorize the existing app profile in your AvePoint Online Services tenant when necessary.
The table below lists the permissions that should be accepted when you authorize AvePoint Online Services Administration for Exchange app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Office 365 Exchange Online | full_access_as_app (Use Exchange Web Services with full access to all mailboxes) | Application | Retrieve information of Exchange Online mailboxes and Microsoft 365 Group mailboxes that are scanned by Auto Discovery. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange As Application) | Application | Scan in-place archived mailboxes. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | AvePoint Cloud Backup for Microsoft 365 can retrieve data size directly, which improves the efficiency of the Subscription Consumption Report. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve your Microsoft 365 tenant information. | No |
Microsoft Entra ID
The Microsoft Entra ID app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| Cense | User license management and sign-in data retrieval |
| Cloud Governance | Microsoft 365 group management Microsoft Team management Viva Engage community management Microsoft Entra group management |
| Cloud Index | Support the people picker function in Connections > Advanced Settings > Private |
| Cloud Management | Required by the Identity Manager module of the Cloud Management service. |
| Policies for Microsoft 365 | Microsoft 365 Group Management Microsoft 365 Team Management Microsoft 365 User Management |
Once you create a Microsoft Entra ID app profile in AvePoint Online Services, the AvePoint Online Services Administration for Entra ID app will be automatically set up in your Microsoft Entra ID.
The table below lists the Microsoft Graph API permissions that should be accepted when you authorize AvePoint Online Services Administration for Entra ID app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | User.ReadWrite.All (Read and write all users’ full profiles) | Application | AvePoint Cloud Governance uses it to delete Microsoft 365 users. | No |
| Microsoft Graph | User.ReadWrite.All (Read and write all users’ full profiles) | Application | Identity Manager uses it to search for users and display them on the interface, as well as invite guest users to organizations. | No |
| Microsoft Graph | Files.Read.All (Read files in all site collections) | Application | AvePoint Cloud Governance uses it to retrieve the URLs of Microsoft 365 Group team sites. | No |
| Microsoft Graph | User.Invite.All (Invite guest users to the organization) | Delegated | Identity Manager uses it to invite guest users to organizations. | No |
| Microsoft Graph | Directory.AccessAsUser.All (Access directory as the signed-in user) | Delegated | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | No |
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | No |
| Microsoft Graph | Directory.ReadWrite.All (Read and write directory data) | Application | AvePoint Cloud Governance uses it to manage Microsoft 365 users, groups, and Microsoft Teams. | No |
| Microsoft Graph | Directory.ReadWrite.All (Read and write directory data) | Application | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | No |
| Microsoft Graph | Domain.ReadWrite.All (Read and write domains) | Application | Identity Manager uses it to manage users and groups. | No |
| Microsoft Graph | Member.Read.Hidden (Read all hidden memberships) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Identity Manager uses it to retrieve tenant display name, and display the name on the interface. | No |
| Microsoft Graph | Mail.Send (Send mail as any user) | Application | AvePoint Cloud Governance uses it if an IT administrator specifies a Microsoft 365 account as the email sender when configuring Email settings in the new Cloud Governance admin center. | No |
| Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | AvePoint Cloud Governance uses it to retrieve the user who invited the guest user to the tenant. | No |
| Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Cense uses it to retrieve users’ last sign-in time to determine if they are inactive users. | No |
| Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Policies for Microsoft 365 uses it to remove inactive guest users. | No |
| Microsoft Graph | CallRecords.Read.All (Read all call records) | Application | Cense uses it to retrieve detailed PSTN calling activities and costs. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization) | Application | AvePoint Cloud Governance uses it to retrieve published sensitivity labels and label policy settings. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All (Add and remove members from all channels) | Application | AvePoint Cloud Governance uses it to retrieve and manage the private channel members. | No |
| Microsoft Graph | Channel.Create (Create channels) | Application | AvePoint Cloud Governance uses it to create private channels in any team. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All (Read and write the names, descriptions, and settings of all channels) | Application | AvePoint Cloud Governance uses it to update private channel properties. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all Teams’ settings) | Application | AvePoint Cloud Governance uses it to update team settings. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all Teams’ settings) | Application | Policies for Microsoft 365 uses it to update Teams’ settings. | No |
| Microsoft Graph | Team.Create (Create Teams) | Application | AvePoint Cloud Governance uses it to create teams from existing teams or using team templates. | No |
| Microsoft Graph | ChannelMessage.Read.All (Read all channel messages) | Application | AvePoint Cloud Governance uses it to retrieve Microsoft Teams channel conversations for team inactivity threshold calculation. | No |
| Microsoft Graph | Channel.ReadBasic.All (Read the names and descriptions of all channels) | Application | Policies for Microsoft 365 uses it to retrieve owner numbers of private channels. | No |
| Microsoft Graph | Channel.Delete.All (Delete channels) | Application | Cloud Governance uses it to delete private channels. | No |
| Microsoft Graph | TeamMember.ReadWrite.All (Add and remove members from all teams) | Application | Cloud Governance uses it to add or remove members from teams. | No |
Delegated App
The Delegated app can be used by the following services.
| Service | Feature/Module |
|---|---|
| Cloud Backup for IaaS + PaaS > Cloud Backup for Azure | Azure Virtual Machines Azure Storage Azure SQL |
| Cloud Backup for Microsoft 365 | Restore Teams channel conversations as posts Protect Power Automate/Power Apps Protect Power BI Restore Planner task comments |
When you create an app profile for the Delegated app, the AvePoint Online Services – Delegated App will be automatically set up in your Microsoft Entra ID. Refer to the following sections to see the delegated permissions that should be accepted when you authorize AvePoint Online Services – Delegated App.
Cloud Backup for IaaS + PaaS
| API | Permission | Purpose | Is newly required? |
|---|---|---|---|
| Azure Service Management | user_impersonation (Access Azure Service Management as organization users [preview]) | Allows the application to access Azure Service Management as you. | No |
Cloud Backup for Microsoft 365
When consenting to the Cloud Backup for Microsoft 365 delegated app profile, the consent user must have the Microsoft 365 Global Administrator role. For details, refer to the Required Permissions of Microsoft Delegated App section in the Cloud Backup for Microsoft 365 user guide.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | openid (Sign users in) | Delegated | Allows to authenticate users by retrieving their consent. | No |
| Microsoft Graph | profile (View users’ basic profile) | Delegated | Retrieves users’ profile information. | No |
| Microsoft Graph | offline_access (Maintain access to data you have given it access to) | Delegated | Maintains access over an extended period without requiring the user to re-authorize frequently | No |
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Delegated | Gets conversation thread. | No |
| Microsoft Graph | ChannelMessage.Send (Send channel messages) | Delegated | Sends messages to channels in Microsoft Teams. | No |
| Microsoft Graph | TeamMember.ReadWrite.All (Add and remove members from teams) | Delegated | Adds members to Microsoft Teams. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All (Add and remove members from channels) | Delegated | Adds members to channels in Microsoft Teams. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Delegated | Retrieves the profile and domain information of all users in your Microsoft 365 tenant. | No |
| Commercial environment: Power BI Services GCC or GCC High environment: Microsoft Power BI Government Community Cloud | Tenant.ReadWrite.All (Read and write all content in tenant) | Delegated | Retrieves the workspaces and backs up, or adds users to a workspace. | No |
| Commercial environment: Power BI Services GCC or GCC High environment: Microsoft Power BI Government Community Cloud | Workspace.ReadWrite.All (Read and write all workspaces) | Delegated | Gets and restores workspaces | No |
| Commercial environment: Power BI Services GCC or GCC High environment: Microsoft Power BI Government Community Cloud | Capacity.Read.All (View all capacities) | Delegated | Retrieves capacities (including multi-geo) | No |
| Commercial environment: Power BI Services GCC or GCC High environment: Microsoft Power BI Government Community Cloud | Report.ReadWrite.All (Read and write all reports) | Delegated | Performs backup for reports. | No |
| Commercial environment: Power BI Services GCC or GCC High environment: Microsoft Power BI Government Community Cloud | Dataset.ReadWrite.All (Read and write all datasets) | Delegated | Performs backup and restore for reports. | No |
| Commercial environment: PowerApps Service GCC environment: PowerApps Service – GCC GCC High environment: PowerApps Service – GCC L4 | User (Access the PowerApps Service API) | Delegated | Retrieves information on Cloud Flows in Power Automate. Retrieves Power Apps Canvas apps and component libraries for auto discovery and backup. | No |
| Commercial environment: Dynamics CRM GCC or GCC High environment: Dataverse | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieves information on Desktop Flows and Business Process Flows in Power Automate. Retrieves Power Apps Canvas apps and component libraries. | No |
Viva Engage
The Viva Engage app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| Cloud Backup for Microsoft 365 | Viva Engage (backup and restore) |
| Cloud Governance | Viva Engage community management |
When you create a Viva Engage app profile in AvePoint Online Services, the AvePoint Online Services Administration for Viva Engage app will be automatically set up in your Microsoft Entra ID. The account used to consent to the app must be Microsoft 365 Global Administrator, Privileged Role Administrator, or Engage Administrator (refers to the Yammer Administrator in Microsoft Entra ID) account that is in the same tenant.
NOTE
When creating a Viva Engage app profile used by Cloud Backup for Microsoft 365, the consent user must be a Microsoft 365 Global Administrator with the Viva Engage product license. To re-authorize the Viva Engage app, the consent user must have the Verified Admin role and the Yammer administrator role with the Viva Engage product license.
The table below lists the permissions that should be accepted when you authorize AvePoint Online Services Administration for Viva Engage app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Yammer | access_as_user (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
| Yammer | user_impersonation (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Yammer | access_as_user (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
| Yammer | user_impersonation (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
NOTE
If your tenant has configured a Viva Engage app profile in the classic UI, the legacy Viva Engage app profile (the app in your Viva Engage environment is AOS Administration) is still available in the new UI. After the legacy Viva Engage app profile has been re-authorized, it will be replaced by the new Viva Engage app profile.
Reporting for Microsoft 365
The Reporting for Microsoft 365 app profile can be used by the following services.
| Service | Feature/Module |
|---|---|
| AvePoint Online Services common service (Cloud Insights) | Collect Microsoft 365 data |
| Cloud Archiving | Collect Microsoft 365 data |
| Cloud Management | Collect Microsoft 365 data |
| AvePoint Opus | Collect Microsoft 365 data |
| EnPower | Dashboard and Workflows |
| Policies for Microsoft 365 | Collect Microsoft 365 data |
When you create a Reporting for Microsoft 365 app profile in AvePoint Online Services, the AvePoint Reporting forMicrosoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint Reporting for Microsoft365 app.
| API | Permission | Type | Purpose? | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Retrieve your Microsoft 365 tenant information. | No |
| Microsoft Graph | User.Read.All (Read all user’s full profiles) | Application | Retrieve and display user information. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | Retrieve activity data in your organization. | No |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Retrieve information of SharePoint sites that are scanned by auto discovery. | No |
On this page