Home > App Management > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > EnPower
Export to PDFEnPower
Refer to the table below for the apps that you can use for EnPower and the requirements to consent to app permissions.
| Category | App type in AOS | App setup method | Feature/Module | App name in Entra ID | New or updated? | Consent |
|---|---|---|---|---|---|---|
| Service app | EnPower for Microsoft 365 | Modern mode | View details in EnPower for Microsoft 365 permission table | AvePoint EnPower for Microsoft365 | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | EnPower for Power Platform | Modern mode | View details in EnPower for Power Platform permission table | AvePoint EnPower PowerPlatform Management | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | EnPower for Teams Calling | Modern mode | View details in EnPower for Calling permission table | AvePoint EnPower Teams Calling | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | EnPower for Azure Resources | Modern mode | View details in EnPower for Azure Resources permission table | AvePoint EnPower for Azure Resources | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | EnPower for Azure Entra ID Enterprise Applications | Modern mode | View details in EnPower for Azure Entra ID Enterprise Applications permission table | AvePoint EnPower Entra Application | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Classic app | Reporting for Microsoft 365 | Modern mode | Collect Microsoft 365 data | AvePoint Reporting for Microsoft365 | No changes | App management > Modern mode > Consented for all services |
Permissions Required by EnPower for Microsoft 365
When you create the EnPower for Microsoft 365 app profile in AvePoint Online Services, the AvePoint EnPower for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint EnPower for Microsoft365 app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| Restore deleted user | Microsoft Graph | User.DeleteRestore.All (Delete and restore all users) | Application | Retrieve and restore deleted users. | No |
| View user licenses | Microsoft Graph | Organization.Read.All (Read organization information) | Application | Retrieve your organization's information. | No |
| Manage users’ and Groups’ administrative units | Microsoft Graph | AdministrativeUnit.ReadWrite.All (Read and write all administrative units.) | Application | Retrieve administrative units’ information and assign users or Groups to administrative units. | No |
| View the user sign-in report | Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Retrieve users’ audit logs for reports and management. | No |
| View Teams PSTN and SMS report | Microsoft Graph | CallRecords.Read.All (Read all call records) | Application | Retrieve call records for Teams activity reports and PSTN and SMS reports. | No |
| Create Teams channels | Microsoft Graph | Channel.Create (Create channels) | Application | Create channels in your Teams. | No |
| Delete Teams channels | Microsoft Graph | Channel.Delete.All (Delete channels) | Application | Delete channels in your Teams. | No |
| View Teams channels | Microsoft Graph | Channel.ReadBasic.All (Read the names and descriptions of all channels) | Application | Retrieve the basic information of channels in your Teams. | No |
| Manage Teams channels’ settings | Microsoft Graph | ChannelSettings.ReadWrite.All (Read and write the names, descriptions, and settings of all channels) | Application | Retrieve and update channel settings. | No |
| Create Groups | Microsoft Graph | Group.Create (Create Groups) | Application | Create Groups for your Microsoft users. | No |
| View and manage Groups’ information and settings | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Retrieve and update Groups’ information. | No |
| Delete, permanently delete, and restore Groups | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Retrieve and update Groups’ information. | No |
| Create Group team sites | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Retrieve and update Groups’ information. | No |
| Manage Group members | Microsoft Graph | GroupMember.ReadWrite.All (Read and write all group memberships) | Application | Retrieve and update memberships for your Groups. | No |
| Send emails to the created users | Microsoft Graph | Mail.Send (Send mail as any user) | Application | Sending passwords via emails to users created in EnPower. | No |
| View usage-related report charts on Dashboards | Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Retrieve data for usage reports. | No |
| Manage users’ or Groups’ roles | Microsoft Graph | RoleManagement.ReadWrite.Directory (Read and write all directory RBAC settings) | Application | Manage permissions for the permission groups created in EnPower. | No |
| Scan OneDrive in your organization by the Auto Discovery scan profile to EnPower for management. | Microsoft Graph | Sites.ReadWrite.All (Read and write items in all site collections) | Application | Retrieve OneDrive users and OneDrive information. | No |
| Create Teams | Microsoft Graph | Team.Create (Create Teams) | Application | Create Teams in your organization. | No |
| View and manage Teams’ information | Microsoft Graph | Team.ReadBasic.All (Get a list of all Teams) | Application | Retrieve Teams data for Teams report. | No |
| View and manage Team members | Microsoft Graph | TeamMember.ReadWrite.All (Add and remove members from all Teams) | Application | Retrieve and manage members in your Teams. | No |
| View and manage Teams’ settings | Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all Teams' settings) | Application | Retrieve and manage settings for your Teams. | No |
| Archive Teams and update the associated SharePoint Online site to read-only status for Team members | Microsoft Graph | TeamSettings.ReadWrite.All (Read and change all Teams' settings) | Application | Retrieve and manage settings for your Teams. | No |
| Create Teams | Microsoft Graph | Teamwork.Migrate.All (Create chat and channel messages with anyone's identity and with any timestamp) | Application | Create Teams and channels. | No |
| Invite guest users | Microsoft Graph | User.Invite.All (Invite guest users to the organization) | Application | Invite or bulk invite guest users to your organization. | No |
| View user details | Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Block user sign-in | Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Update user profile and phone numbers | Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Reset user password | Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Delete, permanently delete, and restore deleted users | Microsoft Graph | User.ReadWrite.All (Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Apply sensitivity labels to SharePoint Online sites | Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization) | Application | Retrieve your organization’s sensitivity labels for site creation. | No |
| Display names of users, Groups, and sites in reports | Microsoft Graph | ReportSettings.Read.All (Read all admin report settings) | Application | Retrieve your organization’s report settings on whether the user, group, and site names have been concealed in your reports. | No |
| Update users’ MFA settings | Microsoft Graph | UserAuthenticationMethod.ReadWrite.All (Read and write all users' authentication methods) | Application | Retrieve and update users’ authentication methods for users’ MFA management. | No |
| Update users’ MFA settings | Microsoft Graph | Policy.ReadWrite.AuthenticationMethod (Read and write all authentication method policies) | Application | Retrieve and update users’ authentication method policies for users’ MFA management. | No |
| Retrieve users’ sign-in logs | Microsoft Graph | Directory.ReadWrite.All (Read and write directory data) | Application | Retrieve and manage your organization’s Microsoft Entra data. | No |
| Assign sensitivity label to Groups and archive Teams | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Delegated | Retrieve and manage Groups’ sensitivity and related Teams’ archiving status in your tenant. | No |
| Manage Teams policies | Microsoft Graph | User.Read.All (Read all users’ full profiles) | Delegated | Retrieve and manage Teams policies in your tenants. | No |
| Manage Teams policies | Skype and Teams Tenant Admin API | user_impersonation (Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Connect to Microsoft Teams. | No |
| Scan your OneDrive by the Auto Discovery scan profile to EnPower for management. | SharePoint/Office 365 SharePoint Online | User.ReadWrite.All (Read and write user profiles) | Application | Retrieve data for EnPower Auto Discovery. | No |
| Scan your SharePoint Online and Loop sites by the Auto Discovery scan profile to EnPower for management. | SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Retrieve data for EnPower Auto Discovery. | No |
| Scan your mailboxes by the Auto Discovery scan profile to EnPower for management. | Exchange Online | Exchange.ManageAsApp (Manage Exchange as application) | Application | Retrieve mailboxes’ data for EnPower Auto Discovery. | No |
| Apply sensitivity labels | Azure Rights Management Services | Content.DelegatedReader (Read protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Apply sensitivity labels | Azure Rights Management Services | Content.DelegatedWriter (Create protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Apply sensitivity labels | Azure Rights Management Services | Content.SuperUser (Read all protected content for this tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Apply sensitivity labels | Azure Rights Management Services | Content.Writer (Create protected content) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Apply sensitivity labels | Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read (Read all unified policies of the tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
Permissions Required by EnPower for Power Platform
When you create the EnPower for Power Platform app profile in AvePoint Online Services, the AvePoint EnPower PowerPlatform Management app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint EnPower PowerPlatform Management app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| Load users in people pickers | Microsoft Graph | User.Read.All (Read all users’ full profiles) | Application | Retrieve users in your organization. | No |
| Load groups in people pickers | Microsoft Graph | Group.Read.All (Read all groups) | Application | Retrieve groups in your organization. | No |
| Manage security groups in environments | Microsoft Graph | GroupMember.ReadWrite.All (Read and write all group memberships) | Application | Retrieve and update security group members. | No |
| Apply sensitivity labels to Power Platform resources | Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization) | Application | Retrieve sensitivity labels in your organization. | No |
| Load environment users | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve environment users. | No |
| Manage mail-enabled security groups and distribution groups in environments | Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange as application). | Application | Retrieve and update distribution groups in your organization. | No |
| Display environments, connections, connectors, Power Apps, and flows | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve environments and connections in you organization. | No |
| Manage environment settings and membership of environment teams | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve and update environment settings and permissions. | No |
| Manage flow owners, | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve and update flow ownership. | No |
| Manage Power Apps’ permissions | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve and update app permissions. | No |
| Enable or disable flows | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve and update flow status. | No |
| Copy environments, apps, and flows | PowerApps Service | User (Access the Power Apps Service API) | Delegated | Retrieve apps and flows in your organization to create them in another environment. | No |
| Display environments, connections, connectors, Power Apps, flows, and Copilot Studio agents | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve environments, connections, connectors, Power Apps, and flows | No |
| Manage environment settings and membership of environment teams | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve and update environment settings. | No |
| Manage flow owners, | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve and update flow ownership. | No |
| Manage Power Apps’ permissions | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve and update app permissions. | No |
| Enable or disable flows | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve and update flow status. | No |
| Copy environments, apps, and flows | Dynamics CRM | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve apps and flows in your organization to create them in another environment. | No |
| Manage workspace basic information | Power BI Service | Tenant.ReadWrite.All (Read and write all content in tenant) | Delegated | Retrieve and update workspaces. | No |
| Add users to workspaces | Power BI Service | Tenant.ReadWrite.All (Read and write all content in tenant) | Delegated | Retrieve and update workspace permissions. | No |
| Manage artifacts’ sensitivity labels | Power BI Service | Tenant.ReadWrite.All (Read and write all content in tenant) | Delegated | Retrieve sensitivity labels in your organization. | No |
| View and manage workspace permissions | Power BI Service | Workspace.ReadWrite.All (View and write all workspaces) | Delegated | Retrieve and update workspace permissions. | No |
| Delete workspaces | Power BI Service | Workspace.ReadWrite.All (View and write all workspaces) | Delegated | Update workspaces. | No |
| Manage dashboard permissions | Power BI Service | Dashboard.ReadWrite.All (Read and write all dashboards) | Delegated | Retrieve and update dashboard permissions. | No |
| Delete dashboards | Power BI Service | Dashboard.ReadWrite.All (Read and write all dashboards) | Delegated | Retrieve and update dashboards. | No |
| Delete dataflows | Power BI Service | Dataflow.ReadWrite.All (Read and write all dataflows) | Delegated | Retrieve and update dataflows. | No |
| Manage report permissions. | Power BI Service | Report.ReadWrite.All (Read and write all reports) | Delegated | Retrieve and update report permissions. | No |
| Manage dataset permissions | Power BI Service | Dataset.ReadWrite.All | Delegated | Retrieve and manage dataset permissions. | No |
| Delete datasets | Power BI Service | Dataset.ReadWrite.All | Delegated | Retrieve and update datasets. | No |
| Retrieve Power Pages sites | Power Platform API | PowerPages.Websites.Read (Read Power Pages websites) | Delegated | Retrieve and manage Power Pages sites. | No |
| Manage Power Pages sites | Power Platform API | PowerPages.Website.Write (Write Power Pages websites) | Delegated | Retrieve and manage Power Pages sites. | No |
Permissions Required by EnPower for Teams Calling
When you create the EnPower for Teams Calling app profile in AvePoint Online Services, the AvePoint EnPower Teams Calling app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint EnPower Teams Calling app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| View user details | Microsoft Graph | User.Read.All (Read all users’ full profiles) | Delegated | Retrieve and update Teams user details. | No |
| View user details | Microsoft Graph | AppCatalog.ReadWrite.All (Read and write to all app catalogs) | Delegated | Retrieve and update Teams user details. | No |
| Add Groups to call queues and auto attendants | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Delegated | Retrieve and update groups’ voice application settings. | No |
| Update user licenses. | Microsoft Graph | User.ReadWrite.All (Read and write all users’ full profiles) | Application | Retrieve and update user licenses. | No |
| View user license | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve users’ license settings. | No |
| View user the calling information in user details | Microsoft Graph | CallRecords.Read.All (Read all call records) | Application | Retrieve users’ call records. | No |
| View users’ Team settings in user details | Microsoft Graph | TeamMember.Read.All (Read the members of all teams) | Application | Retrieve users’ Team-related settings. | No |
| View and manage channels in call queues | Microsoft Graph | Channel.ReadBasic.All (Read the names and descriptions of all channels) | Application | Retrieve and update channels’ call queue settings. | No |
| View and manage Teams in call queues | Microsoft Graph | Team.ReadBasic.All (Get a list of all teams) | Application | Retrieve and update Teams’ call queue settings. | No |
| View and manage user assignment in call queues and auto attendants | Skype and Teams Tenant Admin API | user_impersonation (Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Retrieve and update users’ voice application settings. | No |
| Assign phone number to users | Skype and Teams Tenant Admin API | user_impersonation (Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Retrieve and update users’ phone numbers. | No |
| Add security groups, mail-enabled security group, and distribution groups to call queues | Office 365 Exchange Online | Exchange.ManageAsApp (Manage Exchange as application) | Application | Retrieve and update groups’ call queue settings. | No |
Permissions Required by EnPower for Azure Resources
When you create the EnPower for Azure Resources app profile in AvePoint Online Services, the AvePoint EnPower for Azure Resources app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint EnPower for Azure Resources app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| View role assignment changes on Microsoft Azure resources | Microsoft Graph | Group.Read.All (Read all groups) | Application | Retrieve groups’ information from role assignment on Azure resources. | No |
| View role assignment changes on Microsoft Azure resources | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve users’ information from role assignment on Azure resources. | No |
Permissions Required by EnPower for Azure Entra ID Enterprise Applications
When you create the EnPower for Azure Entra ID Enterprise Applications app profile in AvePoint Online Services, the AvePoint EnPower Entra Application app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower Entra Application app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| View changes in roles. | Microsoft Graph | Group.Read.All (Read all groups) | Application | Load group information. | No |
| View changes in roles. | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Load user information. | No |
| View and monitor app registrations and enterprise applications in your Azure Entra ID enterprise applications. | Microsoft Graph | Application.Read.All (Read all applications) | Application | Retrieve and list app registrations and enterprise applications. | No |
| View and monitor app registrations and enterprise applications in your Azure Entra ID enterprise applications. | Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Load the audit and sign-in information | No |
| View and monitor changes in tenant settings. | Microsoft Graph | Policy.Read.All (Read your organization's policies) | Application | Support the Tenant settings analysis on the Overview page. | No |
On this page