Home > Manage Apps > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Microsoft Entra ID
Export to PDFMicrosoft Entra ID
The Microsoft Entra ID app profile can be used by the following services:
Once you create a Microsoft Entra ID app profile in AvePoint Online Services, the AvePoint Online Services Administration for Entra ID app will be automatically set up in your Microsoft Entra ID.
The table below lists the Microsoft Graph API permissions that should be accepted when you authorize the AvePoint Online Services Administration for Entra ID app.
| Permission | Type | Purpose | Is newly required? |
|---|---|---|---|
| User.ReadWrite.All(Read and write all users' full profiles) | Application | AvePoint Cloud Governance uses it to delete Microsoft 365 users. | No |
| User.ReadWrite.All(Read and write all users' full profiles) | Application | Identity Manager uses it to search for users and display them on the interface, as well as invite guest users to organizations. | No |
| Files.Read.All(Read files in all site collections) | Application | Retrieve URLs of channels in Teams or read files in Teams channels to support products’ functionalities. | No |
| User.Invite.All(Invite guest users to the organization) | Delegated | Identity Manager uses it to invite guest users to organizations. | No |
| Directory.AccessAsUser.All(Access directory as the signed-in user) | Delegated | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | No |
| Group.ReadWrite.All(Read and write all groups) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | No |
| Directory.ReadWrite.All(Read and write directory data) | Application | AvePoint Cloud Governance uses it to manage Microsoft 365 users, groups, and Microsoft Teams. | No |
| Directory.ReadWrite.All(Read and write directory data) | Application | Identity Manager uses it to manage licenses, users, roles, groups, and applications that can be accessed by users. | No |
| Domain.ReadWrite.All(Read and write domains) | Application | Identity Manager uses it to manage users and groups. | No |
| Member.Read.Hidden(Read all hidden memberships) | Application | AvePoint Cloud Governance uses it to manage groups and teams. | No |
| User.Read(Sign in and read user profile) | Delegated | Identity Manager uses it to retrieve tenant display name and display the name on the interface. | No |
| Mail.Send(Send mail as any user) | Application | AvePoint Cloud Governance uses it if an IT administrator specifies a Microsoft 365 account as the email sender when configuring Email settings in the new Cloud Governance admin center. | No |
| AuditLog.Read.All(Read all audit log data) | Application | AvePoint Cloud Governance uses it to retrieve the user who invited the guest user to the tenant.Cense uses it to retrieve users’ last sign-in time to determine if they are inactive users.Policies for Microsoft 365 uses it to remove inactive guest users. | No |
| CallRecords.Read.All(Read all call records) | Application | Cense uses it to retrieve detailed PSTN calling activities and costs. | No |
| InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | AvePoint Cloud Governance uses it to retrieve published sensitivity labels and label policy settings. | No |
| ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | AvePoint Cloud Governance uses it to retrieve and manage the private channel members. | No |
| Channel.Create(Create channels) | Application | AvePoint Cloud Governance uses it to create private channels in any team. | No |
| ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | AvePoint Cloud Governance uses it to update private channel properties. | No |
| TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | AvePoint Cloud Governance uses it to update team settings. | No |
| TeamSettings.ReadWrite.All(Read and change all Teams' settings) | Application | Policies for Microsoft 365 uses it to update Teams' settings. | No |
| Team.Create(Create Teams) | Application | AvePoint Cloud Governance uses it to create teams from existing teams or using team templates. | No |
| ChannelMessage.Read.All(Read all channel messages) | Application | AvePoint Cloud Governance uses it to retrieve Microsoft Teams channel conversations for team inactivity threshold calculation. | No |
| Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Policies for Microsoft 365 uses it to retrieve owner numbers of private channels. | No |
| Channel.Delete.All(Delete channels) | Application | Cloud Governance uses it to delete private channels. | No |
On this page