AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Perform Microsoft Teams Chat Migrations > Required Permissions for Microsoft Teams Chat Migration > Source Permissions When Destination is Google Chat Space

Export to PDF

Source Permissions When Destination is Google Chat Space

Fly App Profile Permissions

With the Tenant Owner or Service Administrator role, you can create a Fly app profile in AvePoint Online Services > Management > App management to connect to the Microsoft 365 tenant using the Fly app.

Refer to Fly App Profile Permissions about how to create a Fly app profile and the required permissions of the Fly app profile.

Custom App Profile Permissions

With the Tenant Owner and Service Administrator role, you can create a custom app profile in AvePoint Online Services > Management > App management to connect to the Microsoft 365 tenant using a custom Azure app.

Refer to the following procedures to create a custom app profile:

  1. Prepare a certificate in Microsoft Entra ID. Refer to Prepare a Certificate for the Custom Azure App for more information.

    You can ignore this step if you have a certificate.

  2. Create a custom Azure app in Microsoft Entra ID. Refer to Create Custom Azure Applications for more information.

  3. Connect your tenant to AvePoint Online Services.

  4. Create an App Profile for a Custom Azure App in AvePoint Online Services.

NOTE

After you re-authorize the app profile, you need to wait about one hour before using the app profile for your migration to refresh the token if there are permissions updated.

Refer to the following tables to add API permissions required by Microsoft Teams Chat to Google Chat Space Migration to the custom Azure app.

APIPermissionTypePurpose
Microsoft Information Protection Sync ServiceUnifiedPolicy.Tenant.Read
(Read all unified policies of the tenant.)		ApplicationOnly required if you want to manage the sensitivity labels of files.
Microsoft GraphFiles.Read.All
(Read OneDrive data)		ApplicationRetrieve and migrate OneDrive files.
Microsoft GraphChat.Read.All
(Read all chat data)		ApplicationRetrieve chat data.
Microsoft GraphUser.Read.All
(Read all users’ full profiles)		ApplicationRetrieve information of chat user profiles.
SharePointSites.FullControl.All
(Have full control of all site collections)		ApplicationRetrieve settings and permissions of OneDrive sites.
Azure Rights Management Services
*Note: For 21Vianet tenants, the API name is Microsoft Rights Management Services.		Content.SuperUser
(Read all protected content for this tenant)		ApplicationOnly required if you want to manage the sensitivity labels of files.

For easy use, you can directly use the following commands to add required API permissions through Manifest for Microsoft 365 Commercial tenants.

"requiredResourceAccess": [
  {
    "resourceAppId": "00000003-0000-0000-c000-000000000000",
    "resourceAccess": [
      {
        "id": "6b7d71aa-70aa-4810-a8d9-5d9fb2830017",
        "type": "Role"
      },
      {
        "id": "01d4889c-1287-42c6-ac1f-5d1e02578ef6",
        "type": "Role"
      },
      {
        "id": "df021288-bdef-4463-88db-98f22de89214",
        "type": "Role"
      }
    ]
  },
  {
    "resourceAppId": "870c4f2e-85b6-4d43-bdda-6ed9a579b725",
    "resourceAccess": [
      {
        "id": "8b2071cd-015a-4025-8052-1c0dba2d3f64",
        "type": "Role"
      }
    ]
  },
  {
    "resourceAppId": "00000012-0000-0000-c000-000000000000",
    "resourceAccess": [
      {
        "id": "7347eb49-7a1a-43c5-8eac-a5cd1d1c7cf0",
        "type": "Role"
      }
    ]
  },
  {
    "resourceAppId": "00000003-0000-0ff1-ce00-000000000000",
    "resourceAccess": [
      {
        "id": "678536fe-1083-478a-9c59-b99265e6b0d3",
        "type": "Role"
      }
    ]
  }
],