Home > Manage Apps > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Policies for Microsoft 365
Export to PDFPolicies for Microsoft 365
When you create the Policies for Microsoft 365 app profile in AvePoint Online Services, the AvePoint Policies for Microsoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Policies for Microsoft365.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange As Application) | Application | Retrieve and manage Exchange Online mailboxes. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Add and remove members from Teams channels. | No |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Read all audit logs. | No |
| Microsoft Graph | Files.Read.All(Read files in all site collections) | Application | Retrieve the URLs of the group team sites. | No |
| Microsoft Graph | User.ReadWrite.All(Read and write all users’ full profiles) | Application | Read and write users’ settings. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Application | Manage sensitivity labels. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Update groups’ members and settings. | No |
| Microsoft Graph | Directory.ReadWrite.All(Read and write data in the organization’s directory) | Application | Read and write user and group data in the organization’s directory. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Update Teams' settings. | No |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve owner numbers of private channels. | No |
| Microsoft Graph | Channel.Delete.All(Delete channels) | Application | Delete channels. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Retrieve information of published sensitivity labels from Microsoft 365. | No |
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve and update the information of site collections and groups/teams’ sites. | No |
| SharePoint/Office 365 SharePoint Online | User.Read.All(Read user profiles) | Application | Retrieve user profiles for OneDrive that are scanned by AvePoint Online Services. | No |
| Skype and Teams Tenant Admin API | user_impersonation(Access Microsoft Teams and Skype for Business data as the signed in user) | Delegated | Retrieve and update Teams admin settings. | No |
| Azure Rights Management Services*Note: Make sure your organization has a subscription (or service principal) for the Azure Rights Management Services API. | Content.SuperUser(Read all protected content for this tenant) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files. | No |
| Azure Rights Management Services*Note: Make sure your organization has a subscription (or service principal) for the Azure Rights Management Services API. | Content.Writer(Create protected content) | Application | Retrieve sensitivity labels in your organization and apply sensitivity labels to files. | No |
*Note: If you want to use the Teams Tagging Settings rule, an app with delegated permissions will be required. For the delegated app profile, consent from a Microsoft 365 Global Administrator or a Privileged Role Administrator is required and must be retained. If you revoke the Microsoft 365 Global Administrator or the Privileged Role Administrator role from the user who provided consent for the delegated app, ensure that the user who provided consent retains the Teams Administrator role.