Home > Upgrading from Legacy tyGraph to AvePoint tyGraph > Prerequisites > Security Review
Export to PDFSecurity Review
With AvePoint tyGraph, permissions are similar to those you have already approved in your environment for legacy tyGraph. Depending on when you signed up for legacy tyGraph, some new permissions have been added to support reports such as Copilot Adoption and Sites that I Own. You can let AvePoint create an app in Microsoft Entra ID automatically or bring your own app registration if you need to customize the permission set.
See Automate App Creation in Microsoft Entra ID for more information on how to automatically create apps in Microsoft Entra ID.
Some reports may not show data if permissions are removed.
Most organizations will want to conduct a new security review, so we recommend starting that process early to ensure it is completed before you are ready to upgrade.
Permissions Required
Refer to API Permissions required by tyGraph to see the API permissions that should be accepted when you give consent to the corresponding apps.
-
tyGraph Suite
-
tyGraph for Viva Engage
-
tyGraph for SharePoint
-
tyGraph for Copilot Adoption / Trials
-
tyGraph Pages (Only)
Permission Comparison Between Legacy tyGraph and AvePoint tyGraph
The table below lists the differences in permissions between legacy tyGraph and AvePoint tyGraph.
| Permissions | Claim | Permission type | tyGraph for Viva Engage | tyGraph for SharePoint | tyGraph Enterprise | AvePoint tyGraph |
|---|---|---|---|---|---|---|
| Microsoft Graph | Directory.Read.All | Delegated | Yes | Yes | Yes | No |
| Microsoft Graph | Sites.Read.All | Delegated | No | Yes | No | No |
| Microsoft Graph | User.Read | Delegated | Yes | No | Yes | Yes |
| Microsoft Graph | Group.Read.All | Application | No | No | Yes | Yes |
| Microsoft Graph | GroupMember.Read.All | Application | No | No | No | Yes |
| Microsoft Graph | Sites.Read.All | Application | No | Yes | Yes | Yes |
| Microsoft Graph | CallRecords.Read.All | Application | No | No | Yes | Yes |
| Microsoft Graph | Directory.Read.All | Application | Yes | Yes | Yes | Yes |
| Microsoft Graph | User.Read.All | Application | Yes | Yes | Yes | Yes |
| Microsoft Graph | Files.Read.All | Application | No | Yes | Yes | Yes |
| Microsoft Graph | ChannelMember.Read.All | Application | No | No | No | Yes |
| Microsoft Graph | ChannelMessage.Read.All | Application | No | No | Yes | Yes |
| Microsoft Graph | Reports.Read.All | Application | Yes | Yes | Yes | Yes |
| Microsoft Graph | Channel.ReadBasic.All | Application | No | No | No | Yes |
| Microsoft Graph | Team.ReadBasic.All | Application | No | No | No | Yes |
| Microsoft Graph | TeamsTab.Read.All | Application | No | No | No | Yes |
| Office 365 | ActivityFeed.Read | Application | Yes | Yes | Yes | Yes |
| Management APIs | ActivityFeed.Read | Application | Yes | Yes | Yes | Yes |
| Office 365 | Sites.Read.All | Application | No | No | Yes | Yes |
| SharePoint Online | Sites.Read.All | Application | No | No | Yes | Yes |
| Office 365 | AllSites.FullControl | Delegated | No | Yes | No | No |
| SharePoint Online | AllSites.FullControl | Delegated | No | Yes | No | No |
| Office 365 | Sites.FullControl.All | Application | No | Yes | No | Yes |
| SharePoint Online | Sites.FullControl.All | Application | No | Yes | No | Yes |
| Viva Engage | access_as_user | Delegated | No | No | No | Yes |
| Viva Engage | User_impersonation | Delegated | No | No | No | Yes |