Home > Appendices > Appendix C - Assignable Permissions > Microsoft 365 Permissions > Microsoft 365 Container Level Permissions
Export to PDFMicrosoft 365 Container Level Permissions
| Module | Accessible report | Available action | Description |
|---|---|---|---|
| Exchange | Mailboxes | Create mailboxes | Create user mailboxes. |
| *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. | |||
| Exchange | Mailboxes | Delete mailboxes | Delete user mailboxes. |
| Exchange | Mailboxes | Search for mailbox forwarding | Search for mailboxes that are automatically forwarding emails to specific internal recipients |
| Exchange | Mailboxes | Manage mailboxes | Manage user mailboxes, including to edit information for basics, update settings, and archive user mailboxes. |
| Exchange | Mailboxes | Litigation hold | Manage the litigation hold settings of mailboxes. |
| Exchange | Mailboxes | Manage mailbox delegation | Manage user mailbox delegation settings, including the contacts folder delegation, calendar delegation, and mailbox delegation settings. |
| Exchange | Mailboxes | Copy permission | Copy permission of a mailbox to another one. |
| Exchange | Mailboxes | Check if mailbox exists | Check if the mailbox still exists. |
| Exchange | Mailboxes | Export reports | Export user mailboxes into reports. |
| Exchange | Mailboxes | Manage organization units for on-premises mailboxes | Move hybrid mailboxes from one organization unit to another. |
| Exchange | Mailboxes | Apply renewal profile | Apply renewal profile created in Cloud Governance to shared mailboxes. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Mailboxes | Apply contact election profile | Apply contact election profile created in Cloud Governance to shared mailboxes. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Mailboxes | Restart renewal | Restart the renewal process of shared mailboxes. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Mailboxes | Auto-complete renewal | Complete the renewal process of shared mailboxes.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Exchange | Mailboxes | Assign renewal tasks | Update the assignees of a shared mailbox’s renewal. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Mailboxes | Specify contacts | Specify contacts for shared mailboxes. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Mailboxes | Edit metadata | Edit the Cloud Governance metadata applied to the shared mailboxes.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Exchange | Mailboxes | Remove from Cloud Governance. | Remove registered mailboxes from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Exchange | Mailboxes | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected user mailboxes. |
| Exchange | Resources | Create resource mailboxes | Create resource mailboxes. |
| *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. | |||
| Exchange | Resources | Delete resource mailboxes | Delete resource mailboxes |
| Exchange | Resources | Manage resource mailboxes | Manage resource mailboxes, including to edit information for the basics, resource address, and configure booking options. |
| Exchange | Resources | Manage resource mailbox delegation | Manage resource mailboxes delegation, including both resource and calendar delegation. |
| Exchange | Resources | Export reports | Export resource mailboxes into reports. |
| Exchange | Resources | Specify contacts | Specify contacts for resource mailboxes. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Exchange | Resources | Edit metadata | Edit the Cloud Governance metadata applied to the resource mailboxes.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Exchange | Resources | Remove from Cloud Governance. | Remove registered resource mailboxes from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Exchange | Mailbox activity | Export reports | View and export mailbox activity reports. |
| Exchange | Mail users | Manage mail users | Including mail users and guest mail users. |
| *Note: guest mail users can only be managed in Users module. | |||
| Exchange | Mail users | Delete mail users | Including mail users and guest mail users. |
| *Note: guest mail users can only be deleted in the Users module. | |||
| Exchange | Mail users | Export reports | Export mail users into reports. |
| Teams | Teams | Create Teams | Create Teams. |
| Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to.If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation | |||
| Teams | Teams | Delete Teams | Delete Teams. |
| Teams | Teams | Manage Teams | Manage Teams, including basics, channels, and settings. |
| Teams | Teams | Manage memberships | Manage memberships, including Team memberships, channel memberships, and policies. |
| Teams | Teams | Download permission report | Download Teams’ permission report.*Note: This is only available when you have a subscription for AvePoint Insights. |
| Teams | Teams | Export reports | Export Teams into reports. |
| Teams | Teams | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected Teams. |
| Teams | Teams | Appy renewal profile | Apply renewal profile created in Cloud Governance to Teams. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Teams | Teams | Restart renewal | Restart the renewal process of Teams. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Teams | Teams | Auto-complete renewal | Complete the renewal process of Teams.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams | Remove from Cloud Governance. | Remove registered Teams from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams | Edit metadata | Remove Teams’ Cloud Governance metadata.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams | Specify contacts | Specify primary and secondary contacts for Teams.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams | Assign renewal tasks | Update the assignee of Teams’ renewal task.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams | Apply contact election profile | Apply contact election profile to Teams.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams | Teams audits | Export reports | View and export Teams audit reports. |
| Teams | Teams activity report | Export reports | View and export Teams activity reports. |
| Teams | Channel report | Create channels | Create new channels. |
| Teams | Channel report | Delete channels | Delete channels from Teams. |
| Teams | Channel report | Manage channels | Update channel information. |
| Teams | Channel report | Manage membership | View and update channel membership. |
| Teams | Channel report | Export report | Export channel report into Excel files. |
| Teams | Device report | Export reports | View and export Teams device reports. |
| Teams | User report | Edit policies | Access Teams user report and edit user policies. |
| Teams | PSTN and SMS report | - | Access PSTN and SMS report. |
| Teams | Sensitivity report | Apply sensitivity labels | Apply sensitivity labels to Teams’ objects. |
| Teams | Sensitivity report | Remove permissions | Remove user permissions for Teams’ objects. |
| Groups | Groups | Create Groups | Create Groups, including Microsoft 365 Groups, distribution groups, security groups, and mail-enabled security groups. |
| Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to.If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation | |||
| Groups | Groups | Manage Groups | Manage Group properties. |
| Groups | Groups | Manage memberships | Manage Group memberships. |
| Groups | Groups | Delete Groups | Delete Groups. |
| Groups | Groups | Export reports | Export Groups into reports. |
| Groups | Groups | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected Groups. |
| Groups | Groups | Apply renewal profile | Apply renewal profile created in Cloud Governance to groups. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Groups | Groups | Apply contact election profile | Apply contact election profile created in Cloud Governance to groups. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Groups | Groups | Restart renewal | Restart the renewal process of groups. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Groups | Groups | Auto-complete renewal | Complete the renewal process of groups.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Groups | Assign renewal tasks | Update the assignees of a group renewal. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Groups | Groups | Specify contacts | Specify contacts for groups. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| Groups | Groups | Edit metadata | Edit the Cloud Governance metadata applied to the groups.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Groups | Remove from Cloud Governance | Remove registered Groups from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Groups | Groups activity report | Export reports | View and export Group activity reports. |
| Users | Users | Create users | Create Microsoft 365 users. |
| *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. | |||
| Users | Users | Create users/Invite users > Assign licenses and apps | Assign licenses and apps when creating or inviting users. |
| Users | Users | Create users/Invite users > Create users in all containers/Invite users to all containers | Create or invite users to containers that is not in the permission group’s manageable scope. |
| Users | Users | Invite users | Invite external users to your as guests in your organization. |
| *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. | |||
| Users | Users | Create on-premises users | Create on-premises users in your local Active Directory. |
| Users | Users | Manage organizational units for on-premises users | Manage the organization units of your on-premises users. |
| Users | Users | Edit user details | Edit users’ detail information. |
| Users | Users | Manage admin roles | Manage the administration roles of users. |
| Users | Users | Manage user licenses | Assign or remove user licenses. |
| Users | Users | Manage security settings | Manage settings, including password settings, user sessions, sign-in settings, and MFA settings. |
| Users | Users | Delete users | Delete users. |
| Users | Users | Export reports | Export users into reports. |
| Users | Users | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected users. |
| Users | Users | Remove from Cloud Governance | Remove registered users from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Users | Sign-in report | Configure MFA settings | Configure the MFA settings for users in the Sign-in report. |
| Users | Sign-in report | Reset MFA settings | Reset the MFA settings for users in the Sign-in report, including restoring the user’s authentication status, resetting the user’s authentication methods, and deleting the app passwords generated by this user. |
| Users | Sign-in report | Revoke sessions | Revoke all sessions for the user and require the user to re-sign in on all devices in the Sign-in report. |
| Users | Sign-in report | Reset password | Manually or automatically reset the password for users in the Sign-in report. |
| Users | Sign-in report | Block sign-in | Block users from signing in. |
| Users | Sign-in report | Export reports | View and export sign-in reports. |
| Users | User activity report | Export reports | View and export user activity reports. |
| Users | Microsoft 365 Apps activity report | Export reports | Export Microsoft 365 Apps activity report. |
| Users | User activation report | Export reports | Export user activation reports. |
| SharePoint | SharePoint sites | Create sites | Create SharePoint online sites. |
| Note the following: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to.If selected, you can also configure whether only users in this group's manageable tenants or user containers can be added to Groups during Group creation | |||
| SharePoint | SharePoint sites | Manage sites > Basics | Edit site basic information. |
| SharePoint | SharePoint sites | Manage sites > Hub | Manage sites’ hub settings. |
| SharePoint | SharePoint sites | Manage sites > Connect to new Microsoft 365 Group | Connect sites to Microsoft 365 Group. |
| SharePoint | SharePoint sites | Archive/Reactivate | Archive sites or reactive archived sites. |
| SharePoint | SharePoint sites | Archive/Reactivate | Archive sites or reactive archived sites. |
| SharePoint | SharePoint sites | Manage permissions | Manage site permissions, including site admins, site owners, site members, and site visitors. |
| SharePoint | SharePoint sites | Manage settings | Manage site settings, including the sharing, sensitivity, storage settings, and site status. |
| SharePoint | SharePoint sites | Delete sites | Delete sites. |
| SharePoint | SharePoint sites | Export reports | Export SharePoint Online sites into reports. |
| SharePoint | SharePoint sites | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected sites. |
| SharePoint | SharePoint sites | Apply renewal profile | Apply renewal profile created in Cloud Governance to SharePoint sites. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| SharePoint | SharePoint sites | Apply contact election profile | Apply contact election profile created in Cloud Governance to SharePoint sites. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| SharePoint | SharePoint sites | Restart renewal | Restart the renewal process of SharePoint sites. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| SharePoint | SharePoint sites | Auto-complete renewal | Complete the renewal process of SharePoint sites.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint | SharePoint sites | Assign renewal tasks | Update the assignees of SharePoint sites’ renewal. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| SharePoint | SharePoint sites | Specify contacts | Specify contacts for SharePoint sites. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| SharePoint | SharePoint sites | Edit metadata | Edit Cloud Governance metadata of the sites.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint | SharePoint sites | Remove from Cloud Governance | Remove registered SharePoint sites from Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| SharePoint | Group team sites | Create sites | Create SharePoint Online Group team sites. |
| *Note: This is a tenant-level permission. If selected, group members can create objects in the tenants that the selected containers belong to. | |||
| SharePoint | Group team sites | Manage sites > Basics | Edit sites’ basic information. |
| SharePoint | Group team sites | Manage sites > Hub | Update sites’ hub settings. |
| SharePoint | Group team sites | Archive/Reactivate | Archive sites or reactive archived sites. |
| SharePoint | Group team sites | Manage permissions | Manage Group team site permissions, including primary admin, additional admins, site owners, site members, and site visitors. |
| SharePoint | Group team sites | Manage settings | Manage Group team site settings, including the sharing, sensitivity, storage settings, and site status. |
| SharePoint | Group team sites | Delete sites | Delete Group team sites. |
| SharePoint | Group team sites | Export reports | Export Group team sites into reports. |
| SharePoint | Group team sites | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected sites. |
| OneDrive | OneDrive | Manage administrators | Manage OneDrive administrators. |
| OneDrive | OneDrive | Manage external sharing | Manage external sharing settings for OneDrive. |
| OneDrive | OneDrive | Manage storage limit | Manage storage limit for OneDrive. |
| OneDrive | OneDrive | Export reports | Export OneDrive into reports. |
| OneDrive | OneDrive | Update OneDrive status | Lock or unlock the OneDrive. |
| OneDrive | OneDrive | Trigger workflows | Trigger the manually triggered workflows to manage or report the selected OneDrive. |
| OneDrive | OneDrive | Apply renewal profile | Apply renewal profile created in Cloud Governance to OneDrive. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| OneDrive | OneDrive | Restart renewal | Restart the renewal process of OneDrive. |
| *Note: This is only available when you have a subscription for AvePoint Cloud Governance. | |||
| OneDrive | OneDrive | Enable/Disable assessment | Enable or disable OneDrive assessment in AvePoint Insights and Cloud Governance.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| OneDrive | OneDrive | Auto-complete renewal | Complete the renewal process of OneDrive.*Note: This is only available when you have a subscription for AvePoint Cloud Governance. |
| Teams dashboards | Teams user adoption | - | Access the default Teams user adoption dashboard, and manage gadgets for the Active users, 1:1 calls and meetings, Audio and video time (min), Chats, Active users in departments, Chats in departments, Audio and video time in departments (min), 1:1 calls and meetings in departments charts. |
| Teams dashboards | Teams activity | - | Access the default Teams activity dashboard, and manage gadgets for the Teams without owners, Inactive Teams, Top 10 Teams by members, Top 10 Teams by channels, Top 10 Teams by activity, Public vs Private Teams, Empty Teams, Teams with external users charts. |
| Teams dashboards | Teams users | - | Access the default Teams users dashboard, and manage gadgets for the Active users, Inactive users, Active vs Inactive users charts. |
| Loop | Loop | Manage settings | Manage basic workspace settings including sensitivity label assignment. |
| Loop | Loop | Manage permissions | Manage workspace permissions. |
| Loop | Loop | Delete | Delete workspaces. |
| Loop | Loop | Export reports | Export workspace properties into reports. |
| SharePoint dashboards | Total storage used | - | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| SharePoint dashboards | Total files | - | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| SharePoint dashboards | Top 10 inactive sites | - | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| SharePoint dashboards | Top 10 sites by storage | - | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| SharePoint dashboards | Top 10 sites by activity | - | View and manage the selected report charts on the default SharePoint activity and usage dashboard or custom SharePoint tenant-level dashboards. |
| OneDrive dashboards | Total storage used | - | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| OneDrive dashboards | Total files | - | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| OneDrive dashboards | Storage used by blocked users | - | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| OneDrive dashboards | Files of blocked users | - | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| OneDrive dashboards | Top 10 users by storage | - | View and manage the selected report charts on the OneDrive activity and usage dashboard or custom OneDrive tenant-level dashboards. |
| Compliance dashboards | Exchange compliance | - | Access the default Exchange compliance dashboard, and manage gadgets for the Litigation hold enabled mailboxes, Mailboxes forwarding to external domains, Mailboxes forwarding to specific domains, Litigation hold enabled mailboxes in departments, Mailboxes forwarding to external domains in departments, Mailboxes forwarding to specific domains in departments charts. |
| Compliance dashboards | Administration compliance | - | Access the default Administration compliance dashboard, and manage gadgets for the Users with administrative roles, Global administrators, OneDrive with multiple administrators, Administrative role assignments, Users with administrative roles in departments, OneDrive with multiple administrators in departments charts. |
| Compliance dashboards | User access compliance | - | Access the default User access compliance dashboard, and manage gadgets for the Users without strong password, Password changed/reset users, Sign-in failed users, Users with multiple IP addresses, Strong password required, Users without strong password in departments, Password never expires, Password never expired users in departments, MFA status, MFA disabled users in departments, Password changed/reset users in departments, Sign-in failed users in departments, Sign-in failed users with multiple IP addresses in departments, Failed sign-ins in departments charts. |
| Compliance dashboards | Collaboration compliance | - | Access the default Collaboration compliance dashboard, and manage gadgets for the External links, External users, Sensitive items, External links trend, External users trend, Sensitive items trend charts. |
| Compliance dashboards | Top 10 compliance risks | - | Access the default Top 10 compliance risks dashboard, and manage gadgets for the Top 10 countries with failed sign-ins, Top 10 departments with failed sign-ins, Top 10 sign-in failed users, Top 10 OneDrive with multiple administrators charts. |
On this page