#tyGraph

Instructions….

Refer to the following sections to see the API permissions that should be accepted when you give consent to the corresponding apps.

#tyGraph Suite

When you create the tyGraph Suite app profile in AvePoint Online Services, the AvePoint tyGraph app will be automatically set up in your Microsoft Entra ID.

*Note: The tyGraph Suite option includes all modules in tyGraph.

The tyGraph data initialization will start after you sign into tyGraph interface once the app profile is set up. To ensure smooth data collection and reporting, confirm that the required roles and settings are properly configured.

*Note: The tyGraph interface offers a Scan status tab on Home page tracking the data collection status and a Quick check page through Settings > Scan to verify the prerequisites condition. For more details, refer to in .

The table below lists the permissions that should be accepted when you authorize the AvePoint tyGraph app.

API	Permission	Type	Purpose
Microsoft Graph	CallRecords.Read.All (Read all call records)	Application	Read call records for all calls and online meetings.
Microsoft Graph	Channel.ReadBasic.All(Read the names and descriptions of all channels)	Application	Read channel names and descriptions of Teams reporting.
Microsoft Graph	ChannelMember.Read.All(Read the members of all channels)	Application	Read all channel messages of the Teams reporting.
Microsoft Graph	ChannelMessage.Read.All(Read all channel messages)	Application	Read all channel messages of the Teams reporting.
Microsoft Graph	Directory.Read.All(Read directory data)	Application	Retrieve information from your organization’s Active Directory.
Microsoft Graph	Files.Read.All(Read files in all site collections)	Application	Read files in all site collections of the SharePoint reporting.
Microsoft Graph	Group.Read.All(Read all groups)	Application	Inventory the groups for reporting purposes.
Microsoft Graph	GroupMember.Read.All(Read all group memberships)	Application	Read group memberships of Pulse and Teams reporting.
Microsoft Graph	InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization.)	Application	Retrieve tenant sensitive labels that will be displayed in the Copilot report.
Microsoft Graph	Reports.Read.All(Read all usage reports)	Application	Read usage report data of all reporting.
Microsoft Graph	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections of the SharePoint reporting.
Microsoft Graph	User.Read(Sign in and read user profile)	Delegated	Retrieve your Microsoft 365 tenant information.
Microsoft Graph	Team.ReadBasic.All(Get a list of all teams)	Application	Read Teams basic information of Teams reporting.
Microsoft Graph	TeamsTab.Read.All(Read tabs in Microsoft Teams)	Application	Read Teams tabs of Teams reporting.
Microsoft Graph	User.Read.All(Read all users' full profiles)	Application	Read user properties.
Microsoft Graph	AiEnterpriseInteraction.Read.All(Read all AI enterprise interactions)	Application	Retrieve Microsoft 365 Copilot interaction data.
Office 365 Management APIs	ActivityFeed.Read(Read activity data for your organization)	Application	An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage.
SharePoint/Office 365 SharePoint Online	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections of the SharePoint reporting.
SharePoint/Office 365 SharePoint Online	Sites.FullControl.All(Have full control of all site collections)	Application	Used in Sites that I own report to retrieve site owners and users with full control of sites.*Note: It can be removed in a custom app registration, but the Sites that I own report will not function.
Yammer	access_as_user(Read and write to the Yammer platform [preview])	Delegated	To access the Viva Engage platform on behalf of the signed-in user.
Yammer	user_impersonation(Read and write to the Yammer platform [preview])	Delegated	To access the Viva Engage platform on behalf of the signed-in user.

#tyGraph for Viva Engage

When you create the tyGraph for Viva Engage app profile in AvePoint Online Services, the AvePoint tyGraph for Viva Engage app will be automatically set up in your Microsoft Entra ID.

The tyGraph data initialization will start after you sign into tyGraph interface once the app profile is set up. To ensure smooth data collection and reporting, confirm that the required roles and settings are properly configured.

*Note: The tyGraph interface offers a Scan status page for tracking the data collection status and a Precheck page to verify the prerequisites condition through Settings > Scan. For more details, refer to in .

The table below lists the permissions that should be accepted when you authorize the AvePoint tyGraph for Viva Engage app.

API	Permission	Type	Purpose
Microsoft Graph	Directory.Read.All(Read directory data)	Application	Retrieve information from your organization’s Active Directory.
Microsoft Graph	Reports.Read.All(Read all usage reports)	Application	Read usage report data of all reporting.
Microsoft Graph	User.Read.All(Read all users' full profiles)	Application	Read user properties.
Microsoft Graph	Group.Read.All(Read all groups)	Application	Inventory the groups for reporting purposes.
Office 365 Management APIs	ActivityFeed.Read(Read activity data for your organization)	Application	An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage.
Yammer	access_as_user(Read and write to the Yammer platform [preview])	Delegated	To access the Viva Engage platform on behalf of the signed-in user.
Yammer	user_impersonation(Read and write to the Yammer platform [preview])	Delegated	To access the Viva Engage platform on behalf of the signed-in user.

#tyGraph for SharePoint

When you create the tyGraph for SharePoint app profile in AvePoint Online Services, the AvePoint tyGraph for SharePoint app will be automatically set up in your Microsoft Entra ID.

The table below lists the permissions that should be accepted when you authorize the AvePoint tyGraph for SharePoint app.

API	Permission	Type	Purpose
Microsoft Graph	Directory.Read.All(Read directory data)	Application	Retrieve information from your organization’s Active Directory.
Microsoft Graph	Files.Read.All(Read files in all site collections)	Application	Read files in all site collections of the SharePoint reporting.
Microsoft Graph	Group.Read.All(Read all groups)	Application	Inventory the groups for reporting purposes.
Microsoft Graph	Reports.Read.All(Read all usage reports)	Application	Read usage report data of all reporting.
Microsoft Graph	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections of the SharePoint reporting.
Microsoft Graph	User.Read.All(Read all users' full profiles)	Application	Read user properties.
Office 365 Management APIs	ActivityFeed.Read(Read activity data for your organization)	Application	An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage.
SharePoint/Office 365 SharePoint Online	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections of the SharePoint reporting.
SharePoint/Office 365 SharePoint Online	Sites.FullControl.All(Have full control of all site collections)	Application	Used in Sites that I own report to retrieve site owners and users with full control of sites.*Note: It can be removed in a custom app registration, but the Sites that I own report will not function.

#tyGraph for Copilot Adoption / Trials

When you create the tyGraph for Copilot Adoption / Trials app profile in AvePoint Online Services, the AvePoint tyGraph for Copilot Adoption app will be automatically set up in your Microsoft Entra ID.

The table below lists the permissions that should be accepted when you authorize the AvePoint tyGraph for Copilot Adoption app.

API	Permission	Type	Purpose
Microsoft Graph	Directory.Read.All(Read directory data)	Application	Retrieve information from your organization’s Active Directory.
Microsoft Graph	Reports.Read.All(Read all usage reports)	Application	Read usage report data of all reporting.
Microsoft Graph	Group.Read.All(Read all groups)	Application	Inventory the groups for reporting purposes.
Microsoft Graph	User.Read.All(Read all users' full profiles)	Application	Retrieve your Microsoft 365 tenant user information.
Microsoft Graph	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections for the Copilot report.
Microsoft Graph	InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization.)	Application	Retrieve tenant sensitive labels that will be displayed in the Copilot report.
Microsoft Graph	AiEnterpriseInteraction.Read.All(Read all AI enterprise interactions)	Application	Retrieve Microsoft 365 Copilot interaction data.
Office 365 Management APIs	ActivityFeed.Read(Read activity data for your organization)	Application	An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage.
SharePoint/Office 365 SharePoint Online	Sites.Read.All(Read items in all site collections)	Application	Read items in all site collections for the Copilot report.

#tyGraph Pages (Only)

When you create the tyGraph Pages (only) app profile in AvePoint Online Services, the AvePoint tyGraph for Pages (only) app will be automatically set up in your Microsoft Entra ID.

The table below lists the permissions that should be accepted when you authorize the AvePoint tyGraph for Pages (only) app.

API	Permission	Type	Purpose
Microsoft Graph	Directory.Read.All(Read directory data)	Application	Retrieve information from your organization’s Active Directory.
Microsoft Graph	User.Read.All(Read all users' full profiles)	Application	Read user properties.
Microsoft Graph	User.Read(Sign in and read user profile)	Delegated	Sign in and read the user profile.