Home > App Management > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > tyGraph
Export to PDFtyGraph
Refer to the table below for the apps that you can use for tyGraph and the requirements to consent to app permissions.
| Category | App type in AOS | App setup method | Feature/Module | App name in Entra ID | New or updated? | Consent |
|---|---|---|---|---|---|---|
| Service app | tyGraph Suite | Modern mode | All reports. View details in the tyGraph Suite permission table. | AvePoint tyGraph | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | tyGraph for Viva Engage | Modern mode | Viva Engage report | AvePoint tyGraph for Viva Engage | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | tyGraph for SharePoint | Modern mode | SharePoint report | AvePoint tyGraph for SharePoint | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | tyGraph for Copilot Adoption / Trials | Modern mode | Copilot adoption report | AvePoint tyGraph for Copilot Adoption | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
| Service app | tyGraph Pages (Only) | Modern mode | Pages report data | AvePoint tyGraph for Pages (only) | No changes | Create or re-authorize an app profile in AOS > Management > App management. |
Permissions Required by tyGraph Suite
When you create the tyGraph Suite app profile in AvePoint Online Services, the AvePoint tyGraph app will be automatically set up in your Microsoft Entra ID.
The tyGraph Suite option includes all modules in tyGraph.
The tyGraph data initialization will start after you sign into tyGraph interface once the app profile is set up. To ensure smooth data collection and reporting, confirm that the required roles and settings are properly configured.
-
For Viva Engage reports, the account used for app consent must hold the Viva Engage Verified Administrator role. Confirm this role assignment in the Viva Engage admin center or Microsoft Entra ID.
-
Auditing in your tenant is enabled. Turn on auditing in the Microsoft 365 Security & Compliance Center.
-
Usage reports are not anonymized. Go to the Microsoft 365 admin center > Settings > Org settings > Services > Reports and ensure the Display concealed user, group, and site names in all reports option is deselected.
-
To enable the data collection on SharePoint pages, you must install the Page Engine app in your SharePoint environment.
The tyGraph interface offers a Scan status tab on Home page tracking the data collection status and a Quick check page through Settings > Scan to verify the prerequisites condition. For more details, refer to Scan Job Status in tyGraph User Guide.
The table below lists the permissions that should be accepted when you authorize AvePoint tyGraph app.
| Feature/Module | API | Permission | Permission type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| Calling report | Microsoft Graph | CallRecords.Read.All (Read all call records) | Application | Read call records for all calls and online meetings. | No |
| Teams report | Microsoft Graph | Channel.ReadBasic.All (Read the names and descriptions of all channels) | Application | Read channel names and descriptions of Teams reporting. | No |
| Teams report | Microsoft Graph | ChannelMember.Read.All (Read the members of all channels) | Application | Read all channel messages of the Teams reporting. | No |
| Teams report | Microsoft Graph | ChannelMessage.Read.All (Read all channel messages) | Application | Read all channel messages of the Teams reporting. | No |
| Teams report | Microsoft Graph | Team.ReadBasic.All (Get a list of all teams) | Application | Read Teams basic information of Teams reporting. | No |
| Teams report | Microsoft Graph | TeamsTab.Read.All (Read tabs in Microsoft Teams) | Application | Read Teams tabs of Teams reporting. | No |
| SharePoint report | Microsoft Graph | Files.Read.All (Read files in all site collections) | Application | Read files in all site collections of the SharePoint reporting. | No |
| SharePoint report | Microsoft Graph | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections of the SharePoint reporting. | No |
| Copilot adoption report | Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization.) | Application | Retrieve tenant sensitive labels that will be displayed in the Copilot report. | No |
| Copilot adoption report | Microsoft Graph | AiEnterpriseInteraction.Read.All (Read all AI enterprise interactions) | Application | Retrieve Microsoft 365 Copilot interaction data. | No |
| Harvest job basic | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Harvest job basic | Microsoft Graph | Group.Read.All (Read all groups) | Application | Inventory the groups for reporting purposes. | No |
| Harvest job basic | Microsoft Graph | GroupMember.Read.All (Read all group memberships) | Application | Read group memberships of Pulse and Teams reporting. | No |
| Harvest job basic | Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Read usage report data of all reporting. | No |
| Harvest job basic | Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Retrieve your Microsoft 365 tenant information. | No |
| Harvest job basic | Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Read user properties. | No |
| Harvest job basic | Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage. | No |
| SharePoint report | SharePoint/Office 365 SharePoint Online | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections of the SharePoint reporting. | No |
| SharePoint report | SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Used in Sites that I own report to retrieve site owners and users with full control of sites. *Note: It can be removed in a custom app registration, but the Sites that I own report will not function. | No |
| Viva Engage report | Yammer | access_as_user (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
| Viva Engage report | Yammer | user_impersonation (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
Permissions Required by tyGraph for Viva Engage
When you create the tyGraph for Viva Engage app profile in AvePoint Online Services, the AvePoint tyGraph for Viva Engage app will be automatically set up in your Microsoft Entra ID.
The tyGraph data initialization will start after you sign into tyGraph interface once the app profile is set up. To ensure smooth data collection and reporting, confirm that the required roles and settings are properly configured.
-
For Viva Engage reports, the account used for app consent must hold the Viva Engage Verified Administrator role. Confirm this role assignment in the Viva Engage admin center or Microsoft Entra ID.
-
Auditing in your tenant is enabled. Turn on auditing in the Microsoft 365 Security & Compliance Center.
-
Usage reports are not anonymized. Go to the Microsoft 365 admin center > Settings > Org settings > Services > Reports and ensure the Display concealed user, group, and site names in all reports option is deselected.
-
To enable the data collection on SharePoint pages, you must install the Page Engine app in your SharePoint environment.
The tyGraph interface offers a Scan status page for tracking the data collection status and a Precheck page to verify the prerequisites condition through Settings > Scan. For more details, refer to Scan Job Status in tyGraph User Guide.
The table below lists the permissions that should be accepted when you authorize AvePoint tyGraph for Viva Engage app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Read usage report data of all reporting. | No |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Read user properties. | No |
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Inventory the groups for reporting purposes. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage. | No |
| Yammer | access_as_user (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
| Yammer | user_impersonation (Read and write to the Yammer platform [preview]) | Delegated | To access the Viva Engage platform on behalf of the signed-in user. | No |
Permissions Required by tyGraph for SharePoint
When you create the tyGraph for SharePoint app profile in AvePoint Online Services, the AvePoint tyGraph for SharePoint app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint tyGraph for SharePoint app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | Files.Read.All (Read files in all site collections) | Application | Read files in all site collections of the SharePoint reporting. | No |
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Inventory the groups for reporting purposes. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Read usage report data of all reporting. | No |
| Microsoft Graph | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections of the SharePoint reporting. | No |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Read user properties. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage. | No |
| SharePoint/Office 365 SharePoint Online | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections of the SharePoint reporting. | No |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All (Have full control of all site collections) | Application | Used in Sites that I own report to retrieve site owners and users with full control of sites. *Note: It can be removed in a custom app registration, but the Sites that I own report will not function. | No |
Permissions Required by tyGraph for Copilot Adoption / Trials
When you create the tyGraph for Copilot Adoption / Trials app profile in AvePoint Online Services, the AvePoint tyGraph for Copilot Adoption app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint tyGraph for Copilot Adoption app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Read usage report data of all reporting. | No |
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Inventory the groups for reporting purposes. | No |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Retrieve your Microsoft 365 tenant user information. | No |
| Microsoft Graph | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections for the Copilot report. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization.) | Application | Retrieve tenant sensitive labels that will be displayed in the Copilot report. | No |
| Microsoft Graph | AiEnterpriseInteraction.Read.All (Read all AI enterprise interactions) | Application | Retrieve Microsoft 365 Copilot interaction data. | No |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage. | No |
| SharePoint/Office 365 SharePoint Online | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections for the Copilot report. | No |
Permissions Required by tyGraph Pages (Only)
When you create the tyGraph Pages (only) app profile in AvePoint Online Services, the AvePoint tyGraph for Pages (only) app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint tyGraph for Pages (only) app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Read user properties. | No |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Sign in and read the user profile. | No |