Home > App Management > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Cloud Management Services for Microsoft 365
Export to PDFCloud Management Services for Microsoft 365
Refer to the table below for the apps that you can use for Cloud Management Services for Microsoft 365 and the requirements to consent to app permissions.
| Category | App type in AOS | App setup method | Feature/Module | App name in Entra ID | New or updated? | Consent |
|---|---|---|---|---|---|---|
| Service app | Cloud Management Services for Microsoft 365 | Modern mode | All objects management | AvePoint Cloud Management Service for Microsoft365 | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Classic app | Microsoft 365 (All Permissions) | Classic mode | SharePoint Online OneDrive Microsoft Teams Microsoft 365 Group | AvePoint Online Services Administration for Microsoft365 | No changes | App management > Classic mode > Consented for all services. |
| Classic app | Microsoft Entra ID | Classic mode | Required by the Identity Manager module of the Cloud Management service. | AvePoint Online Services Administration for Entra ID | No changes | App management > Classic mode > Consented for all services. |
| Classic app | Reporting for Microsoft 365 | Modern mode | Collect Microsoft 365 data | AvePoint Reporting for Microsoft365 | No changes | App management > Modern mode > Consented for all services. |
Permissions Required by Cloud Management Services for Microsoft 365
When you create a Cloud Management Services for Microsoft 365 app profile in AvePoint Online Services, the AvePoint Cloud Management Service for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint Cloud Management Service for Microsoft365 app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and update user properties. | No |
| Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Create and manage groups/teams. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | Member.Read.Hidden (Read all hidden memberships) | Application | Read the members of a group/team with hidden membership. | No |
| Office 365 Exchange Online | full_access_as_app (Use Exchange Web Services with full access to all mailboxes) | Application | Retrieve information of Exchange Online mailboxes and Microsoft 365 Group mailboxes. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange as application) | Application | Allow the backup and restore of mailbox data. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All (Read and write all users’ full profiles) | Application | Retrieve and update user properties from user profiles. | No |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All (Read and write managed metadata) | Application | Retrieve term store information. | No |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Retrieve and manage SharePoint objects. | No |
On this page