Home > Command Centers > AgentPulse > Get Started > AgentPulse App Profiles
Download this articleAgentPulse App Profiles
For data retrieval purposes, app profiles must be configured for your tenants. AvePoint Online Services provides two service apps with required API permissions, including:
-
AgentPulse app – This is the app created during the onboarding process. The app retrieves activities, interaction, users, and subscriptions of Copilot Studio agents, SharePoint, and Vertex AI.
-
AgentPulse Microsoft Foundry app – This app is not automatically added to your tenant during the onboarding process. It retrieves activities, interaction, users, and subscriptions of Microsoft Foundry agents. If you would like to check the related agents’ details in AgentPulse, manually create and connect the app in Management > App management. For details on creating an app profile, refer to Manage App Profiles for Microsoft Tenants.
When you create the app profiles in AvePoint Online Services, select the app to consent and use based on your requirements. Configured apps will be automatically set up in your Microsoft Entra ID.
AgentPulse Service App Permissions
For details on the API permissions required by each service app, refer to the following sections.
Required Permissions for Microsoft
The table below lists the permissions that should be accepted when you authorize the AgentPulse app for Microsoft.
| API | Permission | Type | Purpose | Comments |
|---|---|---|---|---|
| Microsoft Graph | AiEnterpriseInteraction.Read.All (Read all AI enterprise interactions) | Application | Retrieve Microsoft 365 Copilot interaction data. | |
| Microsoft Graph | Application.Read.All (Read all applications) | Application | Get the list of applications in this organization. | |
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Inventory the groups for reporting purposes; Add Microsoft 365 Groups into AvePoint Online Services, and support signing into AvePoint Online Services with Microsoft 365 accounts. | |
| Microsoft Graph | InformationProtectionPolicy.Read.All (Read all published labels and label policies for an organization) | Application | Retrieve tenant sensitive labels that will be displayed in the Copilot report. | |
| Microsoft Graph | Organization.Read.All (Read organization information) | Application | Get the list of commercial subscriptions that an organization has acquired and calculate user seats; Retrieve your Microsoft 365 tenant information (geo location, region, domain). | |
| Microsoft Graph | Reports.Read.All (Read all usage reports) | Application | Read usage report data of all reporting. | |
| Microsoft Graph | RoleManagement.Read.Directory (Read all directory RBAC settings) | Application | Retrieve the list of principals assigned to the directory role. | This is used only to check the consent user’s roles for custom apps and is not required for default apps. |
| Microsoft Graph | Sites.Read.All (Read items in all site collections ) | Application | Search across files related to SharePoint agents. | |
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | |
| Microsoft Graph | User.Read.All (Read all users' full profiles) | Application | Retrieve your Microsoft 365 tenant user information. | |
| Commercial environment: Dynamics CRM GCC or GCC High environment: Dataverse | user_impersonation (Access Common Data Service as organization users) | Delegated | Retrieve and list Copilot Studio agents. | |
| Office 365 Management APIs | ActivityFeed.Read (Read activity data for your organization) | Application | An aggregation of actions and events for specified content types such as Microsoft Entra, SharePoint, OneDrive, Teams, or Viva Engage. | |
| SharePoint Office 365 SharePoint Online | Sites.Read.All (Read items in all site collections) | Application | Read items in all site collections for the Copilot report. | |
| Commercial environment: PowerApps Service GCC environment: PowerApps Service – GCC GCC High environment: PowerApps Service – GCC L4 | User (Access the Power Apps Service API) | Delegated | Retrieve the information of the environments. |
The user who provides consent for the app profiles must have the Power Platform Administrator and Global Administrator roles assigned in Microsoft Entra ID > Roles and administrators to enable scanning of Copilot Studio agents.
Required Permissions for Google
To authorize the AgentPulse app for Google, you can refer to the following sections for the required permissions and configurations for your custom app. For details on how to configure an app profile for the custom Google app, refer to the Configure Custom Google App Profiles section.
-
Enable the following APIs in the projects where the Google service accounts are created:
API name Purpose Cloud Resource Manager API Get all projects. Vertex AI API List all reasoning engines. Admin SDK API Retrieve users in your domain. Cloud Logging API Query logs. Identity and Access Management (IAM) API Get the service account. -
Assign a role with the required permissions listed below to the service account:
Permission Purpose aiplatform.locations.list List all locations. aiplatform.reasoningEngines.list List all reasoning engine resources. resourcemanager.projects.get Get all projects. aiplatform.sessions.list List reasoning engine sessions. aiplatform.sessionEvents.list List session events. logging.logEntries.list Get the agent creator from logs. iam.serviceAccounts.get Get the service account. -
Configure the following scope in the OAuth scopes field:
Service API Scope Purpose Common Admin SDK API https://www.googleapis.com/auth/admin.directory.user.readonlyRetrieve users in your domain.
AgentPulse Microsoft Foundry Service App Permissions
The table below lists the permissions that should be accepted when you authorize the AgentPulse Microsoft Foundry app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | User.Read (Sign in and read user profile) | Delegated | Signing into AvePoint Online Services with Microsoft 365 accounts. |
| Azure Machine Learning Services | user_impersonation (Access Azure Machine Learning Services as organization users) | Delegated | Retrieve and list Microsoft Foundry agents that were previously created. |
| Azure Service Management | user_impersonation (Access Azure Resource Manager as organization users) | Delegated | Gets all subscriptions of a tenant. |
Note that the following roles must be assigned to the consent user of the app profiles to enable scanning of Microsoft Foundry agents:
- Azure AI User role in Azure portal > Subscriptions > Access control (IAM)
- Global Administrator role in Microsoft Entra ID > Roles and administrators