Home > App Management > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Cense
この記事をダウンロードCense
Refer to the table below for the apps that you can use for Cense and the requirements to consent to app permissions.
| Category | App type in AOS | App setup method | Feature/Module | App name in Entra ID | New or updated? | Consent |
|---|---|---|---|---|---|---|
| Service app | Cense | Modern mode | Common license monitoring and management. View details in Cense permission table | AvePoint Cense | No changes | Create or re-authorize an app profile in AvePoint Online Services > Management > App management. |
| Service app | Cense Microsoft Foundry | Modern mode | Microsoft Foundry license usage and cost management. | AvePoint Cense Foundry | New | Create or re-authorize an app profile in AvePoint Online Services > Management > App management. |
Permissions Required by Cense
When you create an app profile for Cense in AvePoint Online Services, the AvePoint Cense app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize AvePoint Cense app.
| Feature/Module | API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|---|
| Dashboard and reports | Microsoft Graph | User.ReadWrite.All (Read and write all users’ full profiles) | Application | Retrieve Microsoft 365 user basic information and user license information and change/unassign user licenses. | No |
| Dashboard and reports | Microsoft Graph | Directory.Read.All (Read directory data) | Application | Retrieve Microsoft 365 user basic information and user license information. | No |
| Reporting > License reports > Last sign-in time | Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Retrieve user activity time in the following Microsoft 365 apps: Teams, Viva Engage, SharePoint, Exchange, OneDrive, and Skype for Business. | No |
| Reporting > License reports > Last sign-in time | Microsoft Graph | AuditLog.Read.All (Read all audit log data) | Application | Retrieve users’ last sign-in time to determine if they are inactive users. | No |
| Reporting > License report > PSTN cost | Microsoft Graph | CallRecords.Read.All (Read all call records) | Application | Retrieve detailed PSTN calling activities and cost. | No |
| Reporting > License report > Groups | Microsoft Graph | Group.ReadWrite.All (Read and write all groups) | Application | Retrieve and manage groups’ license assignment. | No |
| Reporting > License report > Users | Microsoft Graph | UserAuthenticationMethod.Read.All (Read all users' authentication methods) | Application | Retrieve users’ MFA settings. | No |
| Reporting > License report > Users | Microsoft Graph | Policy.Read.All (Read your organization's policies) | Application | Retrieve users’ MFA statuses. | No |
| Manage licenses > License Intelligence | Microsoft Graph | IdentityRiskyUser.Read.All (Read all identity risky user information) | Application | Access and evaluate license usage and activities for holders of the Microsoft Entra ID P2 licenses. | No |
| Reporting > License report > Manage export schedules | Microsoft Graph | Files.ReadWrite.All (Read and write files in all site collections) | Application | Export license reports to OneDrive | No |
| Reporting > License report > Manage export schedules | SharePoint/Office 365 SharePoint Online | Sites.ReadWrite.All (Read and write items in all site collections) | Application | Export license reports to SharePoint libraries. | No |
Permissions Required by AvePoint Cense Foundry
The table below lists the permissions that should be accepted when you authorize Cense Microsoft Foundry app.
Upon authorization, an app named AvePoint Cense Foundry will be created in your tenant. To track the costs of agents under your Azure subscriptions, the app should be added to the subscription that you want to monitor, with the following roles assigned to it:
- Reader
- Azure AI Developer
- Foundry User
- Cost Management Reader
For details on roles assignment, refer to How to assign the Exchange Administrator Role to an App
| Feature/Module | API | Permission | Type | Is newly required? |
|---|---|---|---|---|
| Microsoft Foundry report and budget | Azure Machine Learning Services | user_impersonation (Allow the application to access the Azure Machine Learning Services API on behalf of the signed-in user.) | Delegated | Yes |
| Microsoft Foundry report and budget | Azure Service Management | user_impersonation (Allows the application to access Azure Resource Manager acting as users in the organization.) | Delegated | Yes |