Microsoft Graph Permissions Explorer
Click on a permission below to view the APIs that are enabled and the data objects exposed to the calling application.
Permission Scopes
Permission | Description |
---|---|
AccessReview.Read.All | Read all access reviews that user can access |
AccessReview.ReadWrite.All | Manage all access reviews that user can access |
AccessReview.ReadWrite.Membership | Manage access reviews for group and app memberships |
Acronym.Read.All | Read all acronyms that the user can access |
AdministrativeUnit.Read.All | Read administrative units |
AdministrativeUnit.ReadWrite.All | Read and write administrative units |
Agreement.Read.All | Read all terms of use agreements |
Agreement.ReadWrite.All | Read and write all terms of use agreements |
AgreementAcceptance.Read | Read user terms of use acceptance statuses |
AgreementAcceptance.Read.All | Read terms of use acceptance statuses that user can access |
AiEnterpriseInteraction.Read.All | Read all AI enterprise interactions. |
Analytics.Read | Read user activity statistics |
APIConnectors.Read.All | Read API connectors for authentication flows |
APIConnectors.ReadWrite.All | Read and write API connectors for authentication flows |
AppCatalog.Read.All | Read all app catalogs |
AppCatalog.ReadWrite.All | Read and write to all app catalogs |
AppCatalog.Submit | Submit application packages to the catalog and cancel pending submissions |
AppCertTrustConfiguration.Read.All | Read the trusted certificate authority configuration for applications |
AppCertTrustConfiguration.ReadWrite.All | Read and write the trusted certificate authority configuration for applications |
Application-RemoteDesktopConfig.ReadWrite.All | Read and write the remote desktop security configuration for apps |
Application.Read.All | Read applications |
Application.ReadWrite.All | Read and write all applications |
Application.ReadWrite.OwnedBy | Manage apps that this app creates or owns |
AppRoleAssignment.ReadWrite.All | Manage app permission grants and app role assignments |
ApprovalSolution.Read | Read approvals |
ApprovalSolution.Read.All | Read all approvals |
ApprovalSolution.ReadWrite | Read, create, and respond to approvals |
ApprovalSolution.ReadWrite.All | Read all approvals and manage approval subscriptions |
ApprovalSolutionResponse.ReadWrite | Read and respond to approvals assigned to the current user |
AttackSimulation.Read.All | Read attack simulation data of an organization |
AttackSimulation.ReadWrite.All | Read, create, and update attack simulation data of an organization |
AuditLog.Read.All | Read audit log data |
AuditLogsQuery-CRM.Read.All | Read audit logs data from Dynamics CRM workload |
AuditLogsQuery-Endpoint.Read.All | Read audit logs data from Endpoint Data Loss Prevention workload |
AuditLogsQuery-Entra.Read.All | Read audit logs data from Entra (Azure AD) workload |
AuditLogsQuery-Exchange.Read.All | Read audit logs data from Exchange workload |
AuditLogsQuery-OneDrive.Read.All | Read audit logs data from OneDrive workload |
AuditLogsQuery-SharePoint.Read.All | Read audit logs data from SharePoint workload |
AuditLogsQuery.Read.All | Read audit logs data from all services |
AuthenticationContext.Read.All | Read all authentication context information |
AuthenticationContext.ReadWrite.All | Read and write all authentication context information |
BackupRestore-Configuration.Read.All | Read backup configuration policies |
BackupRestore-Configuration.ReadWrite.All | Read and edit backup configuration policies |
BackupRestore-Control.Read.All | Read the status of the M365 backup service |
BackupRestore-Control.ReadWrite.All | Update or read the status of the M365 backup service |
BackupRestore-Monitor.Read.All | Read monitoring, quota and billing information for the tenant |
BackupRestore-Restore.Read.All | Read restore sessions |
BackupRestore-Restore.ReadWrite.All | Read restore sessions and start restore sessions from backups |
BackupRestore-Search.Read.All | Search for metadata properties in backup snapshots |
BillingConfiguration.ReadWrite.All | Read and write application billing configuration |
BitlockerKey.Read.All | Read BitLocker keys |
BitlockerKey.ReadBasic.All | Read BitLocker keys basic information |
Bookings.Manage.All | Manage bookings information |
Bookings.Read.All | Read bookings information |
Bookings.ReadWrite.All | Read and write bookings information |
BookingsAppointment.ReadWrite.All | Read and write booking appointments |
Bookmark.Read.All | Read all bookmarks that the user can access |
BrowserSiteLists.Read.All | Read browser site lists for your organization |
BrowserSiteLists.ReadWrite.All | Read and write browser site lists for your organization |
BusinessScenarioConfig.Read.All | Read business scenario configurations |
BusinessScenarioConfig.Read.OwnedBy | Read business scenario configurations this app creates or owns |
BusinessScenarioConfig.ReadWrite.All | Read and write business scenario configurations |
BusinessScenarioConfig.ReadWrite.OwnedBy | Read and write business scenario configurations this app creates or owns |
BusinessScenarioData.Read.OwnedBy | Read all data for business scenarios this app creates or owns |
BusinessScenarioData.ReadWrite.OwnedBy | Read and write all data for business scenarios this app creates or owns |
Calendars.Read | Read user calendars |
Calendars.Read.Shared | Read user and shared calendars |
Calendars.ReadBasic | Read basic details of user calendars |
Calendars.ReadBasic.All | Read basic details of calendars in all mailboxes |
Calendars.ReadWrite | Have full access to user calendars |
Calendars.ReadWrite.Shared | Read and write user and shared calendars |
CallEvents-Emergency.Read.All | Read all emergency call events |
CallEvents.Read | Read call event data |
CallEvents.Read.All | Read all call events |
CallRecord-PstnCalls.Read.All | Read PSTN and direct routing call log data |
CallRecords.Read.All | Read all call records |
Calls.AccessMedia.All | Access media streams in a call as an app |
Calls.Initiate.All | Initiate outgoing 1 to 1 calls from the app |
Calls.InitiateGroupCall.All | Initiate outgoing group calls from the app |
Calls.JoinGroupCall.All | Join group calls and meetings as an app |
Calls.JoinGroupCallAsGuest.All | Join group calls and meetings as a guest |
Calls.JoinGroupCalls.Chat | |
Channel.Create | Create channels |
Channel.Create.Group | |
Channel.Delete.All | Delete channels |
Channel.Delete.Group | |
Channel.ReadBasic.All | Read the names and descriptions of channels |
ChannelMember.Read.All | Read the members of channels |
ChannelMember.ReadWrite | |
ChannelMember.ReadWrite.All | Add and remove members from channels |
ChannelMessage.Edit | Edit user's channel messages |
ChannelMessage.Read.All | Read user channel messages |
ChannelMessage.Read.Group | |
ChannelMessage.ReadWrite | Read and write user channel messages |
ChannelMessage.Send | Send channel messages |
ChannelMessage.UpdatePolicyViolation.All | Flag channel messages for violating policy |
ChannelSettings.Read.All | Read the names, descriptions, and settings of channels |
ChannelSettings.Read.Group | |
ChannelSettings.ReadWrite.All | Read and write the names, descriptions, and settings of channels |
ChannelSettings.ReadWrite.Group | |
Chat.Create | Create chats |
Chat.Manage.Chat | |
Chat.ManageDeletion.All | Delete and recover deleted chats |
Chat.ManageDeletion.Chat | |
Chat.Read | Read user chat messages |
Chat.Read.All | Read all chat messages |
Chat.Read.WhereInstalled | Read all chat messages for chats where the associated Teams application is installed. |
Chat.ReadBasic | Read names and members of user chat threads |
Chat.ReadBasic.All | Read names and members of all chat threads |
Chat.ReadBasic.WhereInstalled | Read names and members of all chat threads where the associated Teams application is installed. |
Chat.ReadWrite | Read and write user chat messages |
Chat.ReadWrite.All | Read and write all chat messages |
Chat.ReadWrite.WhereInstalled | Read and write all chat messages for chats where the associated Teams application is installed. |
Chat.UpdatePolicyViolation.All | Flag chat messages for violating policy |
ChatMember.Read | Read the members of chats |
ChatMember.Read.All | Read the members of all chats |
ChatMember.Read.Chat | |
ChatMember.Read.WhereInstalled | Read the members of all chats where the associated Teams application is installed. |
ChatMember.ReadWrite | Add and remove members from chats |
ChatMember.ReadWrite.All | Add and remove members from all chats |
ChatMember.ReadWrite.WhereInstalled | Add and remove members from all chats where the associated Teams application is installed. |
ChatMessage.Read | Read user chat messages |
ChatMessage.Read.All | Read all chat messages |
ChatMessage.Read.Chat | |
ChatMessage.Send | Send user chat messages |
ChatSettings.Read.Chat | |
ChatSettings.ReadWrite.Chat | |
CloudApp-Discovery.Read.All | Read discovered cloud applications data |
CloudPC.Read.All | Read Cloud PCs |
CloudPC.ReadWrite | |
CloudPC.ReadWrite.All | Read and write Cloud PCs |
Community.Read.All | Read all Viva Engage communities |
Community.ReadWrite.All | Read and write all Viva Engage communities |
ConsentRequest.Create | Create consent requests |
ConsentRequest.Read | Read consent requests created by the user |
ConsentRequest.Read.All | Read consent requests |
ConsentRequest.ReadApprove.All | Read and approve consent requests |
ConsentRequest.ReadWrite.All | Read and write consent requests |
Contacts.Read | Read user contacts |
Contacts.Read.Shared | Read user and shared contacts |
Contacts.ReadWrite | Have full access to user contacts |
Contacts.ReadWrite.Shared | Read and write user and shared contacts |
CrossTenantInformation.ReadBasic.All | Read cross-tenant basic information |
CrossTenantUserProfileSharing.Read | Read shared cross-tenant user profile and export data |
CrossTenantUserProfileSharing.Read.All | Read all shared cross-tenant user profiles and export their data |
CrossTenantUserProfileSharing.ReadWrite | Read shared cross-tenant user profile and export or delete data |
CrossTenantUserProfileSharing.ReadWrite.All | Read all shared cross-tenant user profiles and export or delete their data |
CustomAuthenticationExtension.Read.All | Read your organization's custom authentication extensions |
CustomAuthenticationExtension.ReadWrite.All | Read and write your organization's custom authentication extensions |
CustomAuthenticationExtension.Receive.Payload | Receive custom authentication extension HTTP requests |
CustomDetection.Read.All | Read custom detection rules |
CustomDetection.ReadWrite.All | Read and write custom detection rules |
CustomSecAttributeAssignment.Read.All | Read custom security attribute assignments |
CustomSecAttributeAssignment.ReadWrite.All | Read and write custom security attribute assignments |
CustomSecAttributeAuditLogs.Read.All | Read custom security attribute audit logs |
CustomSecAttributeDefinition.Read.All | Read custom security attribute definitions |
CustomSecAttributeDefinition.ReadWrite.All | Read and write custom security attribute definitions |
CustomSecAttributeProvisioning.Read.All | |
CustomSecAttributeProvisioning.ReadWrite.All | |
CustomTags.Read.All | Read all custom tags data |
CustomTags.ReadWrite.All | Read and write custom tags data |
DelegatedAdminRelationship.Read.All | Read Delegated Admin relationships with customers |
DelegatedAdminRelationship.ReadWrite.All | Manage Delegated Admin relationships with customers |
DelegatedPermissionGrant.Read.All | Read delegated permission grants |
DelegatedPermissionGrant.ReadWrite.All | Manage all delegated permission grants |
Device.Command | Communicate with user devices |
Device.Read | Read user devices |
Device.Read.All | Read all devices |
Device.ReadWrite.All | |
DeviceLocalCredential.Read.All | Read device local credential passwords |
DeviceLocalCredential.ReadBasic.All | Read device local credential properties |
DeviceManagementApps.Read.All | Read Microsoft Intune apps |
DeviceManagementApps.ReadWrite.All | Read and write Microsoft Intune apps |
DeviceManagementCloudCA.Read.All | Read Microsoft Cloud PKI objects |
DeviceManagementCloudCA.ReadWrite.All | Read and write Microsoft Cloud PKI objects |
DeviceManagementConfiguration.Read.All | Read Microsoft Intune Device Configuration and Policies |
DeviceManagementConfiguration.ReadWrite.All | Read and write Microsoft Intune Device Configuration and Policies |
DeviceManagementManagedDevices.PrivilegedOperations.All | Perform user-impacting remote actions on Microsoft Intune devices |
DeviceManagementManagedDevices.PriviligedOperation.All | |
DeviceManagementManagedDevices.Read.All | Read Microsoft Intune devices |
DeviceManagementManagedDevices.ReadWrite.All | Read and write Microsoft Intune devices |
DeviceManagementRBAC.Read.All | Read Microsoft Intune RBAC settings |
DeviceManagementRBAC.ReadWrite.All | Read and write Microsoft Intune RBAC settings |
DeviceManagementServiceConfig.Read.All | Read Microsoft Intune configuration |
DeviceManagementServiceConfig.ReadWrite.All | Read and write Microsoft Intune configuration |
Directory.AccessAsUser.All | Access directory as the signed in user |
Directory.Read.All | Read directory data |
Directory.ReadWrite.All | Read and write directory data |
DirectoryRecommendations.Read.All | Read Azure AD recommendations |
DirectoryRecommendations.ReadWrite.All | Read and update Azure AD recommendations |
Domain.Read.All | Read domains. |
Domain.ReadWrite.All | Read and write domains |
EAS.AccessAsUser.All | Access mailboxes via Exchange ActiveSync |
eDiscovery.Read.All | Read all eDiscovery objects |
eDiscovery.ReadWrite.All | Read and write all eDiscovery objects |
EduAdministration.Read | Read education app settings |
EduAdministration.Read.All | Read Education app settings |
EduAdministration.ReadWrite | Manage education app settings |
EduAdministration.ReadWrite.All | Manage education app settings |
EduAssignments.Read | Read users' class assignments and their grades |
EduAssignments.Read.All | Read all class assignments with grades |
EduAssignments.ReadBasic | Read users' class assignments without grades |
EduAssignments.ReadBasic.All | Read all class assignments without grades |
EduAssignments.ReadWrite | Read and write users' class assignments and their grades |
EduAssignments.ReadWrite.All | Create, read, update and delete all class assignments with grades |
EduAssignments.ReadWriteBasic | Read and write users' class assignments without grades |
EduAssignments.ReadWriteBasic.All | Create, read, update and delete all class assignments without grades |
EduCurricula.Read | Read the user's class modules and resources |
EduCurricula.Read.All | Read all class modules and resources |
EduCurricula.ReadWrite | Read and write the user's class modules and resources |
EduCurricula.ReadWrite.All | Read and write all class modules and resources |
EduReports-Reading.Read.All | Read all tenant reading assignments submissions data |
EduReports-Reading.ReadAnonymous.All | Read all tenant reading assignments submissions data |
EduReports-Reflect.Read.All | Read all tenant reflect check-ins submissions data |
EduReports-Reflect.ReadAnonymous.All | Read all tenant reflect check-ins submissions data |
EduRoster.Read | Read users' view of the roster |
EduRoster.Read.All | Read the organization's roster |
EduRoster.ReadBasic | Read a limited subset of users' view of the roster |
EduRoster.ReadBasic.All | Read a limited subset of the organization's roster |
EduRoster.ReadWrite | Read and write users' view of the roster |
EduRoster.ReadWrite.All | Read and write the organization's roster |
EduRoster.Write | |
EduRoster.WriteWrite.All | |
View users' email address | |
EntitlementManagement.Read.All | Read all entitlement management resources |
EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All | |
EntitlementManagement.ReadWrite.All | Read and write entitlement management resources |
EntitlementMgmt-SubjectAccess.ReadWrite | Read and write entitlement management resources related to self-service operations |
EventListener.Read.All | Read your organization's authentication event listeners |
EventListener.ReadWrite.All | Read and write your organization's authentication event listeners |
EWS.AccessAsUser.All | Access mailboxes as the signed-in user via Exchange Web Services |
ExternalConnection.Read.All | Read all external connections |
ExternalConnection.ReadWrite.All | Read and write all external connections |
ExternalConnection.ReadWrite.OwnedBy | Read and write external connections |
ExternalItem.Read.All | Read items in external datasets |
ExternalItem.ReadWrite.All | Read and write all external items |
ExternalItem.ReadWrite.OwnedBy | Read and write external items |
ExternalUserProfile.Read.All | Read external user profiles |
ExternalUserProfile.ReadWrite.All | Read and write external user profiles |
Family.Read | Read your family info |
File.Read.Group | |
Files.Read | Read user files |
Files.Read.All | Read all files that user can access |
Files.Read.Selected | Read files that the user selects (preview) |
Files.ReadWrite | Have full access to user files |
Files.ReadWrite.All | Have full access to all files user can access |
Files.ReadWrite.AppFolder | Have full access to the application's folder (preview) |
Files.ReadWrite.Selected | Read and write files that the user selects (preview) |
Files.SelectedOperations.Selected | Access selected Files, on behalf of the signed-in user |
FileStorageContainer.Manage.All | |
FileStorageContainer.Selected | Access selected file storage containers |
Financials.ReadWrite.All | Read and write financials data |
Goals-Export.Read.All | Read all goals and export jobs that a user can access |
Goals-Export.ReadWrite.All | Have full access to all goals and export jobs a user can access |
Group-Conversation.Read.All | Read group conversations |
Group-Conversation.ReadWrite.All | Read and write group conversations |
Group.Create | Create groups |
Group.Read.All | Read all groups |
Group.ReadWrite.All | Read and write all groups |
GroupMember.Read.All | Read group memberships |
GroupMember.ReadWrite.All | Read and write group memberships |
HealthMonitoringAlert.Read.All | Read all scenario health monitoring alerts |
HealthMonitoringAlert.ReadWrite.All | Read and write all scenario monitoring alerts |
HealthMonitoringAlertConfig.Read.All | Read all scenario health monitoring alert configurations |
HealthMonitoringAlertConfig.ReadWrite.All | Read and write all scenario monitoring alert configurations. |
IdentityProvider.Read.All | Read identity providers |
IdentityProvider.ReadWrite.All | Read and write identity providers |
IdentityRiskEvent.Read.All | Read identity risk event information |
IdentityRiskEvent.ReadWrite.All | Read and write risk event information |
IdentityRiskyServicePrincipal.Read.All | Read all identity risky service principal information |
IdentityRiskyServicePrincipal.ReadWrite.All | Read and write all identity risky service principal information |
IdentityRiskyUser.Read.All | Read identity risky user information |
IdentityRiskyUser.ReadWrite.All | Read and write risky user information |
IdentityUserFlow.Read.All | Read all identity user flows |
IdentityUserFlow.ReadWrite.All | Read and write all identity user flows |
IMAP.AccessAsUser.All | Read and write access to mailboxes via IMAP. |
IndustryData-DataConnector.Read.All | View data connector definitions |
IndustryData-DataConnector.ReadWrite.All | Manage data connector definitions |
IndustryData-DataConnector.Upload | Upload files to a data connector |
IndustryData-InboundFlow.Read.All | View inbound flow definitions |
IndustryData-InboundFlow.ReadWrite.All | Manage inbound flow definitions |
IndustryData-OutboundFlow.Read.All | View outbound flow definitions |
IndustryData-OutboundFlow.ReadWrite.All | Manage outbound flow definitions |
IndustryData-ReferenceDefinition.Read.All | View reference definitions |
IndustryData-ReferenceDefinition.ReadWrite.All | Manage reference definitions |
IndustryData-Run.Read.All | View current and previous runs |
IndustryData-SourceSystem.Read.All | View source system definitions |
IndustryData-SourceSystem.ReadWrite.All | Manage source system definitions |
IndustryData-TimePeriod.Read.All | Read time period definitions |
IndustryData-TimePeriod.ReadWrite.All | Manage time period definitions |
IndustryData.ReadBasic.All | Read basic Industry Data service and resource definitions |
InformationProtectionConfig.Read | Read configurations for protecting organizational data applicable to the user |
InformationProtectionConfig.Read.All | Read all configurations for protecting organizational data applicable to users |
InformationProtectionContent.Sign.All | Sign digests for data |
InformationProtectionContent.Write.All | Create protected content |
InformationProtectionPolicy.Read | Read user sensitivity labels and label policies. |
InformationProtectionPolicy.Read.All | Read all published labels and label policies for an organization. |
Insights-UserMetric.Read.All | Read user metrics insights |
LearningAssignedCourse.Read | Read user's assignments |
LearningAssignedCourse.Read.All | |
LearningAssignedCourse.ReadWrite.All | Read and write all assignments |
LearningContent.Read.All | Read learning content |
LearningContent.ReadWrite.All | Manage learning content |
LearningProvider.Read | Read learning provider |
LearningProvider.ReadWrite | Manage learning provider |
LearningSelfInitiatedCourse.Read | Read user's self-initiated courses |
LearningSelfInitiatedCourse.Read.All | |
LearningSelfInitiatedCourse.ReadWrite.All | Read and write all self-initiated courses |
LicenseAssignment.ReadWrite.All | Manage all license assignments |
LifecycleWorkflows.Read.All | Read all lifecycle workflows resources |
LifecycleWorkflows.ReadWrite.All | Read and write all lifecycle workflows resources |
ListItems.SelectedOperations.Selected | Access selected ListItems, on behalf of the signed-in user |
Lists.SelectedOperations.Selected | Access selected Lists, on behalf of the signed-in user |
Mail.Read | Read user mail |
Mail.Read.Shared | Read user and shared mail |
Mail.ReadBasic | Read user basic mail |
Mail.ReadBasic.All | Read basic mail in all mailboxes |
Mail.ReadBasic.Shared | Read user and shared basic mail |
Mail.ReadWrite | Read and write access to user mail |
Mail.ReadWrite.Shared | Read and write user and shared mail |
Mail.Send | Send mail as a user |
Mail.Send.Shared | Send mail on behalf of others |
MailboxFolder.Read | Read a user's mailbox folders |
MailboxFolder.Read.All | Read all the users' mailbox folders |
MailboxFolder.ReadWrite | Read and write a user's mailbox folders |
MailboxFolder.ReadWrite.All | Read and write all the users' mailbox folders |
MailboxItem.ImportExport | Allows the app to perform backup and restore of mailbox items |
MailboxItem.ImportExport.All | Allows the app to perform backup and restore for all mailbox items |
MailboxItem.Read | Read a user's mailbox items |
MailboxItem.Read.All | Read all the users' mailbox items |
MailboxSettings.Read | Read user mailbox settings |
MailboxSettings.ReadWrite | Read and write user mailbox settings |
ManagedTenant.Read.All | |
ManagedTenant.ReadWrite.All | |
ManagedTenants.Read.All | Read all managed tenant information |
ManagedTenants.ReadWrite.All | Read and write all managed tenant information |
Member.Read.Hidden | Read hidden memberships |
MultiTenantOrganization.Read.All | Read multi-tenant organization details and tenants |
MultiTenantOrganization.ReadBasic.All | Read multi-tenant organization basic details and active tenants |
MultiTenantOrganization.ReadWrite.All | Read and write multi-tenant organization details and tenants |
NetworkAccess-Reports.Read.All | Read all network access reports |
NetworkAccess.Read.All | Read all network access information |
NetworkAccess.ReadWrite.All | Read and write all network access information |
NetworkAccessBranch.Read.All | Read properties of branches for network access |
NetworkAccessBranch.ReadWrite.All | Read and write properties of branches for network access |
NetworkAccessPolicy.Read.All | Read security and routing policies for network access |
NetworkAccessPolicy.ReadWrite.All | Read and write security and routing policies for network access |
Notes.Create | Create user OneNote notebooks |
Notes.Read | Read user OneNote notebooks |
Notes.Read.All | Read all OneNote notebooks that user can access |
Notes.ReadWrite | Read and write user OneNote notebooks |
Notes.ReadWrite.All | Read and write all OneNote notebooks that user can access |
Notes.ReadWrite.CreatedByApp | Limited notebook access (deprecated) |
Notifications.ReadWrite.CreatedByApp | Deliver and manage user notifications for this app |
offline_access | Maintain access to data you have given it access to |
OnlineMeetingAiInsight.Read.All | Read all AI Insights for online meetings. |
OnlineMeetingAiInsight.Read.Chat | Read all AI Insights for online meetings where the Teams application is installed. |
OnlineMeetingArtifact.Read.All | Read user's online meeting artifacts |
OnlineMeetingRecording.Read.All | Read all recordings of online meetings. |
OnlineMeetingRecording.Read.Chat | |
OnlineMeetings.Read | Read user's online meetings |
OnlineMeetings.Read.All | Read online meeting details |
OnlineMeetings.ReadWrite | Read and create user's online meetings |
OnlineMeetings.ReadWrite.All | Read and create online meetings |
OnlineMeetingTranscript.Read.All | Read all transcripts of online meetings. |
OnlineMeetingTranscript.Read.Chat | |
OnPremDirectorySynchronization.Read.All | Read all on-premises directory synchronization information |
OnPremDirectorySynchronization.ReadWrite.All | Read and write all on-premises directory synchronization information |
OnPremisesPublishingProfiles.ReadWrite.All | Manage on-premises published resources |
openid | Sign users in |
Organization.Read.All | Read organization information |
Organization.ReadWrite.All | Read and write organization information |
OrganizationalBranding.Read.All | Read organizational branding information |
OrganizationalBranding.ReadWrite.All | Read and write organizational branding information |
OrgContact.Read | |
OrgContact.Read.All | Read organizational contacts |
OrgSettings-AppsAndServices.Read.All | Read organization-wide apps and services settings |
OrgSettings-AppsAndServices.ReadWrite.All | Read and write organization-wide apps and services settings |
OrgSettings-DynamicsVoice.Read.All | Read organization-wide Dynamics customer voice settings |
OrgSettings-DynamicsVoice.ReadWrite.All | Read and write organization-wide Dynamics customer voice settings |
OrgSettings-Forms.Read.All | Read organization-wide Microsoft Forms settings |
OrgSettings-Forms.ReadWrite.All | Read and write organization-wide Microsoft Forms settings |
OrgSettings-Microsoft365Install.Read.All | Read organization-wide Microsoft 365 apps installation settings |
OrgSettings-Microsoft365Install.ReadWrite.All | Read and write organization-wide Microsoft 365 apps installation settings |
OrgSettings-MicrosoftInstall.Read.All | |
OrgSettings-MicrosoftInstall.ReadWrite.All | |
OrgSettings-Todo.Read.All | Read organization-wide Microsoft To Do settings |
OrgSettings-Todo.ReadWrite.All | Read and write organization-wide Microsoft To Do settings |
PartnerBilling.Read.All | Read all billing data for your company's tenant |
PartnerSecurity.Read.All | Read security alerts of customer with CSP relationship |
PartnerSecurity.ReadWrite.All | Read security alerts and update status of security alerts of customer with CSP relationship |
PendingExternalUserProfile.Read.All | Read pending external user profiles |
PendingExternalUserProfile.ReadWrite.All | Read and write pending external user profiles |
People.Read | Read users' relevant people lists |
People.Read.All | Read all users' relevant people lists |
PeopleSettings.Read.All | Read tenant-wide people settings |
PeopleSettings.ReadWrite.All | Read and write tenant-wide people settings |
PermissionsAnalytics.Read.OwnedBy | |
Place.Read.All | Read all company places |
Place.ReadWrite.All | Read and write organization places |
PlaceDevice.Read.All | Read all workplace devices |
PlaceDevice.ReadWrite.All | Read and write all workplace devices |
PlaceDeviceTelemetry.ReadWrite.All | Read and write telemetry for all workplace devices. |
Policy.Read.All | Read your organization's policies |
Policy.Read.ApplicationConfiguration | |
Policy.Read.ConditionalAccess | Read your organization's conditional access policies |
Policy.Read.DeviceConfiguration | Read your organization's device configuration policies |
Policy.Read.IdentityProtection | Read your organization’s identity protection policy |
Policy.Read.PermissionGrant | Read consent and permission grant policies |
Policy.ReadWrite.AccessReview | Read and write your organization's directory access review default policy |
Policy.ReadWrite.ApplicationConfiguration | Read and write your organization's application configuration policies |
Policy.ReadWrite.AuthenticationFlows | Read and write authentication flow policies |
Policy.ReadWrite.AuthenticationMethod | Read and write authentication method policies |
Policy.ReadWrite.Authorization | Read and write your organization's authorization policy |
Policy.ReadWrite.ConditionalAccess | Read and write your organization's conditional access policies |
Policy.ReadWrite.ConsentRequest | Read and write consent request policy |
Policy.ReadWrite.CrossTenantAccess | Read and write your organization's cross tenant access policies |
Policy.ReadWrite.DeviceConfiguration | Read and write your organization's device configuration policies |
Policy.ReadWrite.ExternalIdentities | Read and write your organization's external identities policy |
Policy.ReadWrite.FeatureRollout | Read and write your organization's feature rollout policies |
Policy.ReadWrite.FedTokenValidation | Read and write your organization's federated token validation policy |
Policy.ReadWrite.IdentityProtection | Read and write your organization’s identity protection policy |
Policy.ReadWrite.MobilityManagement | Read and write your organization's mobility management policies |
Policy.ReadWrite.PermissionGrant | Manage consent and permission grant policies |
Policy.ReadWrite.SecurityDefaults | Read and write your organization's security defaults policy |
Policy.ReadWrite.TrustFramework | Read and write your organization's trust framework policies |
POP.AccessAsUser.All | Read and write access to mailboxes via POP. |
Presence.Read | Read user's presence information |
Presence.Read.All | Read presence information of all users in your organization |
Presence.ReadWrite | Read and write a user's presence information |
Presence.ReadWrite.All | Read and write presence information for all users |
PrintAlertSettings.Read.All | |
PrintAlertSettings.ReadWrite.All | |
PrintConnector.Read.All | Read print connectors |
PrintConnector.ReadWrite.All | Read and write print connectors |
Printer.Create | Register printers |
Printer.FullControl.All | Register, read, update, and unregister printers |
Printer.Read.All | Read printers |
Printer.ReadWrite.All | Read and update printers |
PrinterShare.Read.All | Read printer shares |
PrinterShare.ReadBasic.All | Read basic information about printer shares |
PrinterShare.ReadWrite.All | Read and write printer shares |
PrintJob.Create | Create print jobs |
PrintJob.Manage.All | Perform advanced operations on print jobs |
PrintJob.Read | Read user's print jobs |
PrintJob.Read.All | Read print jobs |
PrintJob.ReadBasic | Read basic information of user's print jobs |
PrintJob.ReadBasic.All | Read basic information of print jobs |
PrintJob.ReadWrite | Read and write user's print jobs |
PrintJob.ReadWrite.All | Read and write print jobs |
PrintJob.ReadWriteBasic | Read and write basic information of user's print jobs |
PrintJob.ReadWriteBasic.All | Read and write basic information of print jobs |
PrintSettings.Read.All | Read tenant-wide print settings |
PrintSettings.ReadWrite.All | Read and write tenant-wide print settings |
PrintTaskDefinition.ReadWrite.All | Read, write and update print task definitions |
PrivilegedAccess.Read.AzureAD | Read privileged access to Azure AD |
PrivilegedAccess.Read.AzureADGroup | Read privileged access to Azure AD groups |
PrivilegedAccess.Read.AzureResources | Read privileged access to Azure resources |
PrivilegedAccess.ReadWrite.AzureAD | Read and write privileged access to Azure AD |
PrivilegedAccess.ReadWrite.AzureADGroup | Read and write privileged access to Azure AD groups |
PrivilegedAccess.ReadWrite.AzureResources | Read and write privileged access to Azure resources |
PrivilegedAssignmentSchedule.Read.AzureADGroup | Read assignment schedules for access to Azure AD groups |
PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup | Read, create, and delete assignment schedules for access to Azure AD groups |
PrivilegedAssignmentSchedule.Remove.AzureADGroup | Delete assignment schedules for access to Azure AD groups |
PrivilegedEligibilitySchedule.Read.AzureADGroup | Read eligibility schedules for access to Azure AD groups |
PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup | Read, create, and delete eligibility schedules for access to Azure AD groups |
PrivilegedEligibilitySchedule.Remove.AzureADGroup | Delete eligibility schedules for access to Azure AD groups |
profile | View users' basic profile |
ProfilePhoto.Read.All | Read profile photo of a user or group |
ProfilePhoto.ReadWrite.All | Read and write profile photo of a user or group |
ProgramControl.Read.All | Read all programs that user can access |
ProgramControl.ReadWrite.All | Manage all programs that user can access |
PublicKeyInfrastructure.Read.All | Read certificate based authentication configurations |
PublicKeyInfrastructure.ReadWrite.All | Read and write certificate based authentication configurations |
QnA.Read.All | Read all Questions and Answers that the user can access. |
RecordsManagement.Read.All | Read Records Management configuration, labels, and policies |
RecordsManagement.ReadWrite.All | Read and write Records Management configuration, labels, and policies |
Reports.Read.All | Read all usage reports |
ReportSettings.Read.All | Read admin report settings |
ReportSettings.ReadWrite.All | Read and write admin report settings |
ResourceSpecificPermissionGrant.ReadForChat | Read resource specific permissions granted on a chat |
ResourceSpecificPermissionGrant.ReadForChat.All | Read resource specific permissions granted on a chat |
ResourceSpecificPermissionGrant.ReadForTeam | Read resource specific permissions granted on a team |
ResourceSpecificPermissionGrant.ReadForTeam.All | Read resource specific permissions granted on a team |
ResourceSpecificPermissionGrant.ReadForUser | Read resource specific permissions granted on a user account |
ResourceSpecificPermissionGrant.ReadForUser.All | Read all resource specific permissions granted on user accounts |
RoleAssignmentSchedule.Read.Directory | Read all active role assignments for your company's directory |
RoleAssignmentSchedule.ReadWrite.Directory | Read, update, and delete all active role assignments for your company's directory |
RoleAssignmentSchedule.Remove.Directory | Delete all active role assignments for your company's directory |
RoleEligibilitySchedule.Read.Directory | Read all eligible role assignments for your company's directory |
RoleEligibilitySchedule.ReadWrite.Directory | Read, update, and delete all eligible role assignments for your company's directory |
RoleEligibilitySchedule.Remove.Directory | Delete all eligible role assignments for your company's directory |
RoleManagement.Read.All | Read role management data for all RBAC providers |
RoleManagement.Read.CloudPC | Read Cloud PC RBAC settings |
RoleManagement.Read.Directory | Read directory RBAC settings |
RoleManagement.Read.Exchange | Read Exchange Online RBAC configuration |
RoleManagement.ReadWrite.CloudPC | Read and write Cloud PC RBAC settings |
RoleManagement.ReadWrite.Directory | Read and write directory RBAC settings |
RoleManagement.ReadWrite.Exchange | Read and write Exchange Online RBAC configuration |
RoleManagementAlert.Read.Directory | Read all alert data for your company's directory |
RoleManagementAlert.ReadWrite.Directory | Read all alert data, configure alerts, and take actions on all alerts for your company's directory |
RoleManagementPolicy.Read.AzureADGroup | Read all policies in PIM for Groups |
RoleManagementPolicy.Read.Directory | Read all policies for privileged role assignments of your company's directory |
RoleManagementPolicy.ReadWrite.AzureADGroup | Read, update, and delete all policies in PIM for Groups |
RoleManagementPolicy.ReadWrite.Directory | Read, update, and delete all policies for privileged role assignments of your company's directory |
Schedule-WorkingTime.ReadWrite.All | Trigger working time policies and read the working time status |
Schedule.Read.All | Read user schedule items |
Schedule.ReadWrite.All | Read and write user schedule items |
ScheduledPermissions.ReadWrite.All | |
SchedulePermissions.ReadWrite.All | Read/Write schedule permissions for a role. |
SearchConfiguration.Read.All | Read your organization's search configuration |
SearchConfiguration.ReadWrite.All | Read and write your organization's search configuration |
SecurityActions.Read.All | Read your organization's security actions |
SecurityActions.ReadWrite.All | Read and update your organization's security actions |
SecurityAlert.Read.All | Read all security alerts |
SecurityAlert.ReadWrite.All | Read and write to all security alerts |
SecurityAnalyzedMessage.Read.All | Read metadata and detection details for emails in your organization |
SecurityAnalyzedMessage.ReadWrite.All | Read metadata, detection details, and execute remediation actions on emails in your organization |
SecurityEvents.Read.All | Read your organization’s security events |
SecurityEvents.ReadWrite.All | Read and update your organization’s security events |
SecurityIdentitiesHealth.Read.All | Read identity security health issues |
SecurityIdentitiesHealth.ReadWrite.All | Read and write identity security health issues |
SecurityIdentitiesSensors.Read.All | Read identity security sensors |
SecurityIdentitiesSensors.ReadWrite.All | Read and write identity security sensors |
SecurityIdentitiesUserActions.Read.All | Read identity security available user actions |
SecurityIdentitiesUserActions.ReadWrite.All | Read and perform identity security available user actions |
SecurityIncident.Read.All | Read incidents |
SecurityIncident.ReadWrite.All | Read and write to incidents |
ServiceActivity-Exchange.Read.All | Read all Exchange service activity |
ServiceActivity-Microsoft365Web.Read.All | Read all Microsoft 365 Web service activity |
ServiceActivity-OneDrive.Read.All | Read all One Drive service activity |
ServiceActivity-Teams.Read.All | Read all Teams service activity |
ServiceHealth.Read.All | Read service health |
ServiceMessage.Read.All | Read service announcement messages |
ServiceMessageViewpoint.Write | Update user status on service announcement messages |
ServicePrincipalEndpoint.Read.All | Read service principal endpoints |
ServicePrincipalEndpoint.ReadWrite.All | Read and update service principal endpoints |
SharePointTenantSettings.Read.All | Read SharePoint and OneDrive tenant settings |
SharePointTenantSettings.ReadWrite.All | Read and change SharePoint and OneDrive tenant settings |
ShortNotes.Read | Read short notes of the signed-in user |
ShortNotes.Read.All | Read all users' short notes |
ShortNotes.ReadWrite | Read, create, edit, and delete short notes of the signed-in user |
ShortNotes.ReadWrite.All | Read, create, edit, and delete all users' short notes |
Site.Manage.All | |
Sites.FullControl.All | Have full control of all site collections |
Sites.Manage.All | Create, edit, and delete items and lists in all site collections |
Sites.Read.All | Read items in all site collections |
Sites.ReadWrite.All | Edit or delete items in all site collections |
Sites.Selected | Access selected Sites, on behalf of the signed-in user |
SMTP.Send | Send emails from mailboxes using SMTP AUTH. |
SpiffeTrustDomain.Read.All | Read SPIFFE trust domains and child resources |
SpiffeTrustDomain.ReadWrite.All | Read and write SPIFFE trust domains and child resources |
SubjectRightsRequest.Read.All | Read subject rights requests |
SubjectRightsRequest.ReadWrite.All | Read and write subject rights requests |
Subscription.Read.All | Read all webhook subscriptions |
Synchronization.Read.All | Read all Azure AD synchronization data |
Synchronization.ReadWrite.All | Read and write all Azure AD synchronization data |
SynchronizationData-User.Upload | Upload user data to the identity synchronization service |
Tasks.Read | Read user's tasks and task lists |
Tasks.Read.All | Read all users’ tasks and tasklist |
Tasks.Read.Shared | Read user and shared tasks |
Tasks.ReadWrite | Create, read, update, and delete user’s tasks and task lists |
Tasks.ReadWrite.All | Read and write all users’ tasks and tasklists |
Tasks.ReadWrite.Shared | Read and write user and shared tasks |
Team.Create | Create teams |
Team.ReadBasic.All | Read the names and descriptions of teams |
TeamMember.Read.All | Read the members of teams |
TeamMember.Read.Group | |
TeamMember.ReadWrite.All | Add and remove members from teams |
TeamMember.ReadWriteNonOwnerRole.All | Add and remove members with non-owner role for all teams |
TeamsActivity.Read | Read user's teamwork activity feed |
TeamsActivity.Read.All | Read all users' teamwork activity feed |
TeamsActivity.Send | Send a teamwork activity as the user |
TeamsActivity.Send.Chat | |
TeamsActivity.Send.Group | |
TeamsActivity.Send.User | |
TeamsApp.Read.Group | |
TeamsAppInstallation.ManageSelectedForChat | |
TeamsAppInstallation.ManageSelectedForChat.All | |
TeamsAppInstallation.ManageSelectedForTeam | |
TeamsAppInstallation.ManageSelectedForTeam.All | |
TeamsAppInstallation.ManageSelectedForUser | |
TeamsAppInstallation.ManageSelectedForUser.All | |
TeamsAppInstallation.Read.All | Read installed Teams apps for all installation scopes |
TeamsAppInstallation.Read.Chat | |
TeamsAppInstallation.Read.Group | |
TeamsAppInstallation.Read.User | |
TeamsAppInstallation.ReadForChat | Read installed Teams apps in chats |
TeamsAppInstallation.ReadForChat.All | Read installed Teams apps for all chats |
TeamsAppInstallation.ReadForTeam | Read installed Teams apps in teams |
TeamsAppInstallation.ReadForTeam.All | Read installed Teams apps for all teams |
TeamsAppInstallation.ReadForUser | Read user's installed Teams apps |
TeamsAppInstallation.ReadForUser.All | Read installed Teams apps for all users |
TeamsAppInstallation.ReadWriteAndConsentForChat | Manage installed Teams apps in chats |
TeamsAppInstallation.ReadWriteAndConsentForChat.All | Manage installation and permission grants of Teams apps for all chats |
TeamsAppInstallation.ReadWriteAndConsentForTeam | Manage installed Teams apps in teams |
TeamsAppInstallation.ReadWriteAndConsentForTeam.All | Manage installation and permission grants of Teams apps for all teams |
TeamsAppInstallation.ReadWriteAndConsentForUser | Manage installation and permission grants of Teams apps in users' personal scope |
TeamsAppInstallation.ReadWriteAndConsentForUser.All | Manage installation and permission grants of Teams apps in a user account |
TeamsAppInstallation.ReadWriteAndConsentSelfForChat | Allow the Teams app to manage itself and its permission grants in chats |
TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All | Allow the Teams app to manage itself and its permission grants for all chats |
TeamsAppInstallation.ReadWriteAndConsentSelfForTeam | Allow the Teams app to manage itself and its permission grants in teams |
TeamsAppInstallation.ReadWriteAndConsentSelfForTeam.All | Allow the Teams app to manage itself and its permission grants for all teams |
TeamsAppInstallation.ReadWriteAndConsentSelfForUser | Allow the Teams app to manage itself and its permission grants in user accounts |
TeamsAppInstallation.ReadWriteAndConsentSelfForUser.All | Allow the Teams app to manage itself and its permission grants in all user accounts |
TeamsAppInstallation.ReadWriteForChat | Manage installed Teams apps in chats |
TeamsAppInstallation.ReadWriteForChat.All | Manage Teams apps for all chats |
TeamsAppInstallation.ReadWriteForTeam | Manage installed Teams apps in teams |
TeamsAppInstallation.ReadWriteForTeam.All | Manage Teams apps for all teams |
TeamsAppInstallation.ReadWriteForUser | Manage user's installed Teams apps |
TeamsAppInstallation.ReadWriteForUser.All | Manage Teams apps for all users |
TeamsAppInstallation.ReadWriteSelectedForUser | |
TeamsAppInstallation.ReadWriteSelectedForUser.All | |
TeamsAppInstallation.ReadWriteSelfForChat | Allow the Teams app to manage itself in chats |
TeamsAppInstallation.ReadWriteSelfForChat.All | Allow the Teams app to manage itself for all chats |
TeamsAppInstallation.ReadWriteSelfForTeam | Allow the app to manage itself in teams |
TeamsAppInstallation.ReadWriteSelfForTeam.All | Allow the Teams app to manage itself for all teams |
TeamsAppInstallation.ReadWriteSelfForUser | Allow the Teams app to manage itself for a user |
TeamsAppInstallation.ReadWriteSelfForUser.All | Allow the app to manage itself for all users |
TeamSettings.Read.All | Read teams' settings |
TeamSettings.Read.Group | |
TeamSettings.ReadWrite.All | Read and change teams' settings |
TeamSettings.ReadWrite.Group | |
TeamsTab.Create | Create tabs in Microsoft Teams. |
TeamsTab.Create.Chat | |
TeamsTab.Create.Group | |
TeamsTab.Delete.Chat | |
TeamsTab.Delete.Group | |
TeamsTab.Read.All | Read tabs in Microsoft Teams. |
TeamsTab.Read.Chat | |
TeamsTab.Read.Group | |
TeamsTab.ReadWrite.All | Read and write tabs in Microsoft Teams. |
TeamsTab.ReadWrite.Chat | |
TeamsTab.ReadWrite.Group | |
TeamsTab.ReadWriteForChat | Allow the Teams app to manage all tabs in chats |
TeamsTab.ReadWriteForChat.All | Allow the Teams app to manage all tabs for all chats |
TeamsTab.ReadWriteForTeam | Allow the Teams app to manage all tabs in teams |
TeamsTab.ReadWriteForTeam.All | Allow the Teams app to manage all tabs for all teams |
TeamsTab.ReadWriteForUser | Allow the Teams app to manage all tabs for a user |
TeamsTab.ReadWriteForUser.All | Allow the app to manage all tabs for all users |
TeamsTab.ReadWriteSelfForChat | Allow the Teams app to manage only its own tabs in chats |
TeamsTab.ReadWriteSelfForChat.All | Allow the Teams app to manage only its own tabs for all chats |
TeamsTab.ReadWriteSelfForTeam | Allow the Teams app to manage only its own tabs in teams |
TeamsTab.ReadWriteSelfForTeam.All | Allow the Teams app to manage only its own tabs for all teams |
TeamsTab.ReadWriteSelfForUser | Allow the Teams app to manage only its own tabs for a user |
TeamsTab.ReadWriteSelfForUser.All | Allow the Teams app to manage only its own tabs for all users |
TeamsUserConfiguration.Read.All | Read Teams user configurations |
TeamTemplates.Read | Read available Teams templates |
TeamTemplates.Read.All | Read all available Teams Templates |
Teamwork.Migrate.All | Create chat and channel messages with anyone's identity and with any timestamp |
Teamwork.Read.All | Read organizational teamwork settings |
TeamworkAppSettings.Read.All | Read Teams app settings |
TeamworkAppSettings.ReadWrite.All | Read and write Teams app settings |
TeamworkDevice.Read.All | Read Teams devices |
TeamworkDevice.ReadWrite.All | Read and write Teams devices |
TeamworkTag.Read | Read tags in Teams |
TeamworkTag.Read.All | Read tags in Teams |
TeamworkTag.ReadWrite | Read and write tags in Teams |
TeamworkTag.ReadWrite.All | Read and write tags in Teams |
TeamworkUserInteraction.Read.All | Read all of the possible Teams interactions between the user and other users |
TermStore.Read.All | Read term store data |
TermStore.ReadWrite.All | Read and write term store data |
ThreatAssessment.Read.All | Read threat assessment requests |
ThreatAssessment.ReadWrite.All | Read and write threat assessment requests |
ThreatHunting.Read.All | Run hunting queries |
ThreatIndicators.Read.All | Read all threat indicators |
ThreatIndicators.ReadWrite.OwnedBy | Manage threat indicators this app creates or owns |
ThreatIntelligence.Read.All | Read all threat intelligence information |
ThreatSubmission.Read | Read threat submissions |
ThreatSubmission.Read.All | Read all threat submissions |
ThreatSubmission.ReadWrite | Read and write threat submissions |
ThreatSubmission.ReadWrite.All | Read and write all threat submissions |
ThreatSubmissionPolicies.ReadWrite.All | |
ThreatSubmissionPolicy.ReadWrite.All | Read and write all threat submission policies |
Topic.Read.All | Read topic items |
TrustFrameworkKeySet.Read.All | Read trust framework key sets |
TrustFrameworkKeySet.ReadWrite.All | Read and write trust framework key sets |
UnifiedGroupMember.Read.AsGuest | Read unified group memberships as guest |
User-ConvertToInternal.ReadWrite.All | Convert an external user to internal memeber user |
User-LifeCycleInfo.Read.All | Read all users' lifecycle information |
User-LifeCycleInfo.ReadWrite.All | Read and write all users' lifecycle information |
User-Mail.ReadWrite.All | Read and write secondary mail addresses for users |
User-PasswordProfile.ReadWrite.All | Read and write password profiles and reset user passwords |
User-Phone.ReadWrite.All | Read and write user mobile phone and business phones |
User.DeleteRestore.All | Delete and restore users |
User.EnableDisableAccount.All | Enable and disable user accounts |
User.Export.All | Export user's data |
User.Invite.All | Invite guest users to the organization |
User.ManageIdentities.All | Manage user identities |
User.Read | Sign in and read user profile |
User.Read.All | Read all users' full profiles |
User.ReadBasic.All | Read all users' basic profiles |
User.ReadWrite | Read and write access to user profile |
User.ReadWrite.All | Read and write all users' full profiles |
User.RevokeSessions.All | Revoke all sign in sessions for a user |
UserActivity.ReadWrite.CreatedByApp | Read and write app activity to users' activity feed |
UserAuthenticationMethod.Read | Read user authentication methods. |
UserAuthenticationMethod.Read.All | Read all users' authentication methods |
UserAuthenticationMethod.ReadWrite | Read and write user authentication methods |
UserAuthenticationMethod.ReadWrite.All | Read and write all users' authentication methods. |
UserCloudClipboard.Read | |
UserNotification.ReadWrite.CreatedByApp | Deliver and manage user's notifications |
UserShiftPreferences.Read.All | Read all user shift preferences |
UserShiftPreferences.ReadWrite.All | Read and write all user shift preferences |
UserTeamwork.Read | Read user teamwork settings |
UserTeamwork.Read.All | Read all user teamwork settings |
UserTimelineActivity.Write.CreatedByApp | Write app activity to users' timeline |
UserWindowsSettings.Read | |
VirtualAppointment.Read | Read a user's virtual appointments |
VirtualAppointment.Read.All | Read all virtual appointments for users, as authorized by online meetings application access policy |
VirtualAppointment.ReadWrite | Read and write a user's virtual appointments |
VirtualAppointment.ReadWrite.All | Read-write all virtual appointments for users, as authorized by online meetings app access policy |
VirtualAppointmentNotification.Send | Send notification regarding virtual appointments for the signed-in user |
VirtualEvent.Read | Read your virtual events |
VirtualEvent.Read.All | Read all users' virtual events |
VirtualEvent.ReadWrite | Read and write your virtual events |
VirtualEvent.ReadWrite.All | |
VirtualEventRegistration-Anon.ReadWrite.All | Read and write anonymous users' virtual event registrations |
WindowsUpdates.ReadWrite.All | Read and write all Windows update deployment settings |
WorkforceIntegration.Read.All | Read workforce integrations |
WorkforceIntegration.ReadWrite.All | Read and write workforce integrations |