Home > Manage Apps > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > EnPower
Export to PDFEnPower
For the permissions that should be accepted when you authorize the related app profiles for EnPower, refer to the following sections.
EnPower for Microsoft 365
When you create the EnPower for Microsoft 365 app profile in AvePoint Online Services, the AvePoint EnPower for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower for Microsoft365 app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | AdministrativeUnit.ReadWrite.All(Read and write all administrative units.) | Application | Retrieve administrative units’ information and assign users or Groups to administrative units. | No |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Retrieve users’ audit logs for reports and management. | No |
| Microsoft Graph | CallRecords.Read.All(Read all call records) | Application | Retrieve call records for Teams activity reports and PSTN and SMS reports. | No |
| Microsoft Graph | Channel.Create(Create channels) | Application | Create channels in your Teams. | No |
| Microsoft Graph | Channel.Delete.All(Delete channels) | Application | Delete channels in your Teams. | No |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve the basic information of channels in your Teams. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | Retrieve and update channel settings. | No |
| Microsoft Graph | Group.Create(Create Groups) | Application | Create Groups for your Microsoft users. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Retrieve and update Groups’ information. | No |
| Microsoft Graph | GroupMember.ReadWrite.All(Read and write all group memberships) | Application | Retrieve and update memberships for your Groups. | No |
| Microsoft Graph | Mail.Send(Send mail as any user) | Application | Sending passwords via emails to users created in EnPower. | No |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Retrieve data for usage reports. | No |
| Microsoft Graph | RoleManagement.ReadWrite.Directory(Read and write all directory RBAC settings) | Application | Manage permissions for the permission groups created in EnPower. | No |
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Retrieve OneDrive users and OneDrive information. | No |
| Microsoft Graph | Team.Create(Create Teams) | Application | Create Teams in your organization. | No |
| Microsoft Graph | Team.ReadBasic.All(Get a list of all Teams) | Application | Retrieve Teams data for Teams report. | No |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from all Teams) | Application | Retrieve and manage members in your Teams. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | Retrieve and manage settings for your Teams. | No |
| Microsoft Graph | Teamwork.Migrate.All(Create chat and channel messages with anyone's identity and with any timestamp) | Application | Create Teams and channels. | No |
| Microsoft Graph | User.Invite.All(Invite guest users to the organization) | Application | Invite or bulk invite guest users to your organization. | No |
| Microsoft Graph | User.ReadWrite.All(Read and write all users' full profiles) | Application | Retrieve and manage user properties. | No |
| Microsoft Graph | Organization.Read.All(Read organization information) | Application | Retrieve your organization's information. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | Retrieve your organization’s sensitivity labels for site creation. | No |
| Microsoft Graph | ReportSettings.Read.All(Read all admin report settings) | Application | Retrieve your organization’s report settings on whether the user, group, and site names have been concealed in your reports. | No |
| Microsoft Graph | Directory.ReadWrite.All(Read and write directory data) | Application | Retrieve and manage your organization’s Microsoft Entra data. | No |
| Microsoft Graph | User.DeleteRestore.All(Delete and restore all users) | Application | Retrieve and restore deleted users. | No |
| Microsoft Graph | UserAuthenticationMethod.ReadWrite.All(Read and write all users' authentication methods) | Application | Retrieve and update users’ authentication methods for users’ MFA management. | No |
| Microsoft Graph | Policy.ReadWrite.AuthenticationMethod(Read and write all authentication method policies) | Application | Retrieve and update users’ authentication method policies for users’ MFA management. | No |
| Microsoft Graph | Directory.AccessAsUser.All(Access directory as the signed-in user) | Delegated | Retrieve and manage users’ Microsoft Entra data. | No |
| Microsoft Graph | User.Read.All(Read all users’ full profiles) | Delegated | Retrieve and manage Teams policies in your tenants. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Delegated | Retrieve and manage Groups’ sensitivity and related Teams’ archiving status in your tenant. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All(Read and write user profiles) | Application | Retrieve data for EnPower Auto Discovery. | No |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve data for EnPower Auto Discovery. | No |
| Exchange Online | Exchange.ManageAsApp(Manage Exchange as application) | Application | Retrieve mailboxes’ data for EnPower Auto Discovery. | No |
| Azure Rights Management Services | Content.DelegatedReader(Read protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Azure Rights Management Services | Content.DelegatedWriter(Create protected content on behalf of a user) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Azure Rights Management Services | Content.SuperUser(Read all protected content for this tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Azure Rights Management Services | Content.Writer(Create protected content) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files with Workflows. | No |
| Skype and Teams Tenant Admin API | user_impersonation(Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Connect to Microsoft Teams. | No |
EnPower for Power Platform
When you create the EnPower for Power Platform app profile in AvePoint Online Services, the AvePoint EnPower PowerPlatform Management app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower PowerPlatform Management app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Retrieve information of Power Platform users. | No |
| Microsoft Graph | GroupMember.ReadWrite.All(Read and write all group memberships) | Application | Retrieve and updates group memberships. | No |
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Retrieve information about groups in your organization. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to your Power Platform resources. | No |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve your organization’s Microsoft Entra data. | No |
| PowerApps Service | User(Access the Power Apps Service API) | Delegated | Retrieve information on Power Platform environments, apps, and flows. | No |
| PowerPages Service | PowerPages.Websites.Read(Read Power Pages websites) | Delegated | Retrieve Power Pages sites. | No |
| PowerPages Service | PowerPages.Website.Write(Write Power Pages websites) | Delegated | Manage Power Pages sites. | No |
| Dynamics CRM | user_impersonation(Access Common Data Service as organization users) | Delegated | Retrieve information on Power Platform environments, apps, flows, and Copilot Studio agents. | No |
| Power BI Service | Tenant.ReadWrite.All(Read and write all content in tenant) | Delegated | Retrieve information of Power BI workspace, and adds admin role to Power BI workspaces. | No |
| Power BI Service | Workspace.ReadWrite.All(View and write all workspaces) | Delegated | Retrieve information on Power BI workspaces. | No |
| Power BI Service | Dashboard.ReadWrite.All(Read and write all dashboards) | Delegated | Retrieve and update dashboards in your Power BI workspaces. | No |
| Power BI Service | Dataflow.ReadWrite.All(Read and write all dataflows) | Delegated | Retrieve and update dataflows in your Power BI workspaces. | No |
| Power BI Service | Report.ReadWrite.All(Read and write all reports) | Delegated | Retrieve and update reports in your Power BI workspaces. | No |
| Power BI Service | Dataset.ReadWrite.All(Read and write all datasets) | Delegated | Retrieve and update datasets in your Power BI workspaces. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange as application) | Application | Retrieve and manage mail-enabled security groups and distribution groups in environments | No |
EnPower for Teams Calling
When you create the EnPower for Teams Calling app profile in AvePoint Online Services, the AvePoint EnPower Teams Calling app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower Teams Calling app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Delegated | Retrieve and display users’ profiles. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Delegated | Retrieve and update Groups for calling resource management. | No |
| Microsoft Graph | AppCatalog.ReadWrite.All(Read and write to all app catalogs) | Delegated | Retrieve and update all apps’ catalogs. | No |
| Microsoft Graph | User.ReadWrite.All(Read and write all users' full profiles) | Application | Retrieve and update user information and settings. | No |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve information from your organization’s Active Directory. | No |
| Microsoft Graph | CallRecords.Read.All(Read all call records) | Application | Retrieve and display users’ calling records. | No |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve the names and descriptions of your Teams channels. | No |
| Microsoft Graph | Team.ReadBasic.All(Get a list of all teams) | Application | Retrieve and display the list of your Teams. | No |
| Microsoft Graph | TeamMember.Read.All(Read the members of all teams) | Application | Retrieve your Team memberships. | No |
| Skype and Teams Tenant Admin API | user_impersonation(Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Connect to Microsoft Teams. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange as application) | Application | Scan security groups, mail-enabled security groups, and distribution groups to EnPower by Auto Discovery scan profile. | No |
EnPower for Azure Resources
When you create the EnPower for Azure Resources app profile in AvePoint Online Services, the AvePoint EnPower for Azure Resources app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower for Azure Resources app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Retrieve groups’ information from role assignment on Azure resources. | No |
| Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve users’ information from role assignment on Azure resources. | No |
EnPower for Azure Entra ID Enterprise Applications
When you create the EnPower for Azure EntraID Enterprise Applications app profile in AvePoint Online Services, the AvePoint EnPower Entra Application app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint EnPower Entra Application app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Load group information. | No |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Load user information. | No |
| Microsoft Graph | Application.Read.All(Read all applications) | Application | Retrieve and list app registrations and enterprise applications. | No |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Load the audit and sign-in information. | No |
| Microsoft Graph | Policy.Read.All(Read your organization's policies) | Application | Support the tenant settings analysis on the Overview page. | No |
On this page