Microsoft Graph Permission Explorer
Click on a permission below to view the APIs that are enabled and the data objects exposed to the calling application.
Permission Scopes
| Permission | Description |
|---|---|
| [(permission/See](permission/(permission/See.md) | |
| AccessReview.Read.All | Read all access reviews that user can access |
| AccessReview.ReadWrite.All | Manage all access reviews that user can access |
| AccessReview.ReadWrite.Membership | Manage access reviews for group and app memberships |
| Acronym.Read.All | Read all acronyms that the user can access |
| AdministrativeUnit.Read.All | Read administrative units |
| AdministrativeUnit.ReadWrite.All | Read and write administrative units |
| Agreement.Read.All | Read all terms of use agreements |
| Agreement.ReadWrite.All | Read and write all terms of use agreements |
| AgreementAcceptance.Read | Read user terms of use acceptance statuses |
| AgreementAcceptance.Read.All | Read terms of use acceptance statuses that user can access |
| Analytics.Read | Read user activity statistics |
| APIConnectors.Read.All | Read API connectors for authentication flows |
| APIConnectors.ReadWrite.All | Read and write API connectors for authentication flows |
| AppCatalog.Read.All | Read all app catalogs |
| AppCatalog.ReadWrite.All | Read and write to all app catalogs |
| AppCatalog.Submit | Submit application packages to the catalog and cancel pending submissions |
| Application-RemoteDesktopConfig.ReadWrite.All | Read and write the remote desktop security configuration for apps |
| Application.Read.All | Read applications |
| Application.ReadWrite.All | Read and write all applications |
| Application.ReadWrite.OwnedBy | Manage apps that this app creates or owns |
| AppRoleAssignment.ReadWrite.All | Manage app permission grants and app role assignments |
| AttackSimulation.Read.All | Read attack simulation data of an organization |
| AttackSimulation.ReadWrite.All | Read, create, and update attack simulation data of an organization |
| AuditLog.Read.All | Read audit log data |
| AuthenticationContext.Read.All | Read all authentication context information |
| AuthenticationContext.ReadWrite.All | Read and write all authentication context information |
| below | |
| BillingConfiguration.ReadWrite.All | Read and write application billing configuration |
| BitlockerKey.Read.All | Read BitLocker keys |
| BitLockerKey.Read.All | |
| BitlockerKey.ReadBasic.All | Read BitLocker keys basic information |
| BitLockerKey.ReadBasic.All | |
| Bookings.Manage.All | Manage bookings information |
| Bookings.Read.All | Read bookings information |
| Bookings.ReadWrite.All | Read and write bookings information |
| BookingsAppointment.ReadWrite.All | Read and write booking appointments |
| Bookmark.Read.All | Read all bookmarks that the user can access |
| BrowserSiteLists.Read.All | Read browser site lists for your organization |
| BrowserSiteLists.ReadWrite.All | Read and write browser site lists for your organization |
| BusinessScenarioConfig.Read.All | Read business scenario configurations |
| BusinessScenarioConfig.Read.OwnedBy | Read business scenario configurations this app creates or owns |
| BusinessScenarioConfig.ReadWrite.All | Read and write business scenario configurations |
| BusinessScenarioConfig.ReadWrite.OwnedBy | Read and write business scenario configurations this app creates or owns |
| BusinessScenarioData.Read.OwnedBy | Read all data for business scenarios this app creates or owns |
| BusinessScenarioData.ReadWrite.OwnedBy | Read and write all data for business scenarios this app creates or owns |
| Calendar.Read | |
| Calendar.ReadWrite | |
| Calendars.Read | Read user calendars |
| Calendars.Read.Shared | Read user and shared calendars |
| Calendars.ReadBasic | Read basic details of user calendars |
| Calendars.ReadBasic.All | Read basic details of calendars in all mailboxes |
| Calendars.ReadWrite | Have full access to user calendars |
| Calendars.ReadWrite.Shared | Read and write user and shared calendars |
| CallRecord-PstnCalls.Read.All | Read PSTN and direct routing call log data |
| CallRecords.Read.All | Read all call records |
| Calls.AccessMedia.All | Access media streams in a call as an app |
| Calls.Initiate.All | Initiate outgoing 1 to 1 calls from the app |
| Calls.InitiateGroupCall.All | Initiate outgoing group calls from the app |
| Calls.InitiateGroupCalls.All | |
| Calls.JoinGroupCall.All | Join group calls and meetings as an app |
| Calls.JoinGroupCallAsGuest.All | Join group calls and meetings as a guest |
| Calls.JoinGroupCalls.All | |
| Calls.JoinGroupCalls.Chat | |
| Calls.JoinGroupCallsasGuest.All | |
| Channel.Create | Create channels |
| Channel.Create.Group | |
| Channel.Delete.All | Delete channels |
| Channel.Delete.Group | |
| Channel.ReadBasic.All | Read the names and descriptions of channels |
| ChannelMember.Read.All | Read the members of channels |
| ChannelMember.ReadWrite | |
| ChannelMember.ReadWrite.All | Add and remove members from channels |
| ChannelMember.ReadWrite.All. | |
| ChannelMessage.Edit | Edit user's channel messages |
| ChannelMessage.Read.All | Read user channel messages |
| ChannelMessage.Read.Group | |
| ChannelMessage.ReadWrite | Read and write user channel messages |
| ChannelMessage.Send | Send channel messages |
| ChannelMessage.UpdatePolicyViolation.All | Flag channel messages for violating policy |
| ChannelSettings.Read.All | Read the names, descriptions, and settings of channels |
| ChannelSettings.Read.Group | |
| ChannelSettings.ReadWrite.All | Read and write the names, descriptions, and settings of channels |
| ChannelSettings.ReadWrite.Group | |
| Chat.Create | Create chats |
| Chat.Manage.Chat | |
| Chat.Manage.Chat1 | |
| Chat.Manage.Chat2 | |
| Chat.ManageDeletion.All | Delete and recover deleted chats |
| Chat.Read | Read user chat messages |
| Chat.Read.All | Read all chat messages |
| Chat.Read.WhereInstalled | Read all chat messages for chats where the associated Teams application is installed. |
| Chat.ReadBasic | Read names and members of user chat threads |
| Chat.ReadBasic.All | Read names and members of all chat threads |
| Chat.ReadBasic.WhereInstalled | Read names and members of all chat threads where the associated Teams application is installed. |
| Chat.ReadWrite | Read and write user chat messages |
| Chat.ReadWrite.All | Read and write all chat messages |
| Chat.ReadWrite.All. | |
| Chat.ReadWrite.WhereInstalled | Read and write all chat messages for chats where the associated Teams application is installed. |
| Chat.UpdatePolicyViolation.All | Flag chat messages for violating policy |
| ChatMember.Read | Read the members of chats |
| ChatMember.Read.All | Read the members of all chats |
| ChatMember.Read.Chat | |
| ChatMember.Read.WhereInstalled | Read the members of all chats where the associated Teams application is installed. |
| ChatMember.ReadWrite | Add and remove members from chats |
| ChatMember.ReadWrite.All | Add and remove members from all chats |
| ChatMember.ReadWrite.WhereInstalled | Add and remove members from all chats where the associated Teams application is installed. |
| ChatMessage.Read | Read user chat messages |
| ChatMessage.Read.All | Read all chat messages |
| ChatMessage.Read.Chat | |
| ChatMessage.Send | Send user chat messages |
| ChatSettings.Read.Chat | |
| ChatSettings.ReadWrite.Chat | |
| CloudApp-Discovery.Read.All | Read discovered cloud applications data |
| CloudPC.Read.All | Read Cloud PCs |
| CloudPC.ReadWrite.All | Read and write Cloud PCs |
| CloudPC.ReadWrite.All. | |
| ConsentRequest.Read.All | Read consent requests |
| ConsentRequest.ReadWrite.All | Read and write consent requests |
| ConsentRequest.ReadWrite.All. | |
| Contacts.Read | Read user contacts |
| Contacts.Read.Shared | Read user and shared contacts |
| Contacts.ReadWrite | Have full access to user contacts |
| Contacts.ReadWrite.Shared | Read and write user and shared contacts |
| CrossTenantInformation.ReadBasic.All | Read cross-tenant basic information |
| CrossTenantUserProfileSharing.Read | Read shared cross-tenant user profile and export data |
| CrossTenantUserProfileSharing.Read.All | Read all shared cross-tenant user profiles and export their data |
| CrossTenantUserProfileSharing.ReadWrite | Read shared cross-tenant user profile and export or delete data |
| CrossTenantUserProfileSharing.ReadWrite.All | Read all shared cross-tenant user profiles and export or delete their data |
| CustomAuthenticationExtension.Read.All | Read your oganization's custom authentication extensions |
| CustomAuthenticationExtension.ReadWrite.All | Read and write your organization's custom authentication extensions |
| CustomAuthenticationExtension.Receive.Payload | Receive custom authentication extension HTTP requests |
| CustomSecAttributeAssignment.Read.All | Read custom security attribute assignments |
| CustomSecAttributeAssignment.ReadWrite.All | Read and write custom security attribute assignments |
| CustomSecAttributeDefinition.Read.All | Read custom security attribute definitions |
| CustomSecAttributeDefinition.ReadWrite.All | Read and write custom security attribute definitions |
| DelegatedAdminRelationship.Read.All | Read Delegated Admin relationships with customers |
| DelegatedAdminRelationship.ReadWrite.All | Manage Delegated Admin relationships with customers |
| DelegatedPermissionGrant.ReadWrite.All | Manage all delegated permission grants |
| Device.Command | Communicate with user devices |
| Device.Read | Read user devices |
| Device.Read.All | Read all devices |
| Device.ReadWrite.All | Read and write devices |
| DeviceLocalCredential.Read.All | Read device local credential passwords |
| DeviceLocalCredential.ReadBasic.All | Read device local credential properties |
| DeviceManagementApps.Read.All | Read Microsoft Intune apps |
| DeviceManagementApps.ReadWrite.All | Read and write Microsoft Intune apps |
| DeviceManagementConfiguration.Read.All | Read Microsoft Intune Device Configuration and Policies |
| DeviceManagementConfiguration.ReadWrite.All | Read and write Microsoft Intune Device Configuration and Policies |
| DeviceManagementManagedDevices.PrivilegedOperations.All | Perform user-impacting remote actions on Microsoft Intune devices |
| DeviceManagementManagedDevices.PriviligedOperation.All | |
| DeviceManagementManagedDevices.Read.All | Read Microsoft Intune devices |
| DeviceManagementManagedDevices.ReadWrite.All | Read and write Microsoft Intune devices |
| DeviceManagementRBAC.Read.All | Read Microsoft Intune RBAC settings |
| DeviceManagementRBAC.ReadWrite.All | Read and write Microsoft Intune RBAC settings |
| DeviceManagementServiceConfig.Read.All | Read Microsoft Intune configuration |
| DeviceManagementServiceConfig.ReadWrite.All | Read and write Microsoft Intune configuration |
| Directory.AccessAsUser.All | Access directory as the signed in user |
| Directory.Read.All | Read directory data |
| Directory.Read.All1 | |
| Directory.ReadWrite.All | Read and write directory data |
| Directory.ReadWrite.All1 | |
| Directory.ReadWrite.All2 | |
| Directory.Write.Restricted | Manage restricted resources in the directory |
| DirectoryRecommendations.Read.All | Read Azure AD recommendations |
| DirectoryRecommendations.ReadWrite.All | Read and update Azure AD recommendations |
| Domain.Read.All | Read domains. |
| Domain.ReadWrite.All | Read and write domains |
| EAS.AccessAsUser.All | Access mailboxes via Exchange ActiveSync |
| eDiscovery.Read.All | Read all eDiscovery objects |
| eDiscovery.ReadWrite.All | Read and write all eDiscovery objects |
| EduAdministration.Read | Read education app settings |
| EduAdministration.Read.All | Read Education app settings |
| EduAdministration.ReadWrite | Manage education app settings |
| EduAdministration.ReadWrite.All | Manage education app settings |
| EduAssignments.Read | Read users' class assignments and their grades |
| EduAssignments.Read.All | Read all class assignments with grades |
| EduAssignments.ReadBasic | Read users' class assignments without grades |
| EduAssignments.ReadBasic.All | Read all class assignments without grades |
| EduAssignments.ReadWrite | Read and write users' class assignments and their grades |
| EduAssignments.ReadWrite.All | Create, read, update and delete all class assignments with grades |
| EduAssignments.ReadWriteBasic | Read and write users' class assignments without grades |
| EduAssignments.ReadWriteBasic.All | Create, read, update and delete all class assignments without grades |
| EduRoster.Read | Read users' view of the roster |
| EduRoster.Read.All | Read the organization's roster |
| EduRoster.ReadBasic | Read a limited subset of users' view of the roster |
| EduRoster.ReadBasic.All | Read a limited subset of the organization's roster |
| EduRoster.ReadWrite | Read and write users' view of the roster |
| EduRoster.ReadWrite.All | Read and write the organization's roster |
| EduRoster.Write | |
| EduRoster.WriteWrite.All | |
| View users' email address | |
| EntitlementManagement.Read.All | Read all entitlement management resources |
| EntitlementManagement.ReadWrite.All | Read and write entitlement management resources |
| EntitlementMgmt-SubjectAccess.ReadWrite | Read and write entitlement management resources related to self-service operations |
| EventListener.Read.All | Read your organization's authentication event listeners |
| EventListener.ReadWrite.All | Read and write your organization's authentication event listeners |
| EWS.AccessAsUser.All | Access mailboxes as the signed-in user via Exchange Web Services |
| expirationDateTime | |
| ExternalConnection.Read.All | Read all external connections |
| ExternalConnection.ReadWrite.All | Read and write all external connections |
| ExternalConnection.ReadWrite.OwnedBy | Read and write external connections |
| ExternalItem.Read.All | Read items in external datasets |
| ExternalItem.ReadWrite.All | Read and write all external items |
| ExternalItem.ReadWrite.OwnedBy | Read and write external items |
| Family.Read | Read your family info |
| File.Read.Group | |
| Files.Read | Read user files |
| Files.Read.All | Read all files that user can access |
| Files.Read.Selected | Read files that the user selects (permission/preview) |
| Files.ReadWrite | Have full access to user files |
| Files.ReadWrite. | |
| Files.ReadWrite.All | Have full access to all files user can access |
| Files.ReadWrite.AppFolder | Have full access to the application's folder (permission/preview) |
| Files.ReadWrite.Selected | Read and write files that the user selects (permission/preview) |
| Financials.ReadWrite.All | Read and write financials data |
| for | |
| Group.Create | Create groups |
| Group.Read.All | Read all groups |
| Group.Read.All1 | |
| Group.ReadBasic.All | |
| Group.ReadWrite.All | Read and write all groups |
| Group.ReadWrite.All1 | |
| Group.ReadWrite.All2 | |
| GroupMember.Read.All | Read group memberships |
| GroupMember.ReadWrite.All | Read and write group memberships |
| IdentityProvider.Read.All | Read identity providers |
| IdentityProvider.ReadWrite.All | Read and write identity providers |
| IdentityProvider.ReadWrite.Alll | |
| IdentityRiskEvent.Read.All | Read identity risk event information |
| IdentityRiskEvent.ReadWrite.All | Read and write risk event information |
| IdentityRiskyServicePrincipal.Read.All | Read all identity risky service principal information |
| IdentityRiskyServicePrincipal.ReadWrite.All | Read and write all identity risky service principal information |
| IdentityRiskyUser.Read.All | Read identity risky user information |
| IdentityRiskyUser.ReadWrite.All | Read and write risky user information |
| IdentityUserFlow.Read.All | Read all identity user flows |
| IdentityUserFlow.ReadWrite.All | Read and write all identity user flows |
| IMAP.AccessAsUser.All | Read and write access to mailboxes via IMAP. |
| IndustryData-DataConnector.Read.All | View data connector definitions |
| IndustryData-DataConnector.ReadWrite.All | Manage data connector definitions |
| IndustryData-DataConnector.Upload | Upload files to a data connector |
| IndustryData-InboundFlow.Read.All | View inbound flow definitions |
| IndustryData-InboundFlow.ReadWrite.All | Manage inbound flow definitions |
| IndustryData-ReferenceDefinition.Read.All | View reference definitions |
| IndustryData-Run.Read.All | View current and previous runs |
| IndustryData-SourceSystem.Read.All | View source system definitions |
| IndustryData-SourceSystem.ReadWrite.All | Manage source system definitions |
| IndustryData-TimePeriod.Read.All | Read time period definitions |
| IndustryData-TimePeriod.ReadWrite.All | Manage time period definitions |
| IndustryData.ReadBasic.All | Read basic Industry Data service and resource definitions |
| InformationProtectionConfig.Read | Read configurations for protecting organizational data applicable to the user |
| InformationProtectionConfig.Read.All | Read all configurations for protecting organizational data applicable to users |
| InformationProtectionContent.Sign.All | Sign digests for data |
| InformationProtectionContent.Write.All | Create protected content |
| InformationProtectionPolicy.Read | Read user sensitivity labels and label policies. |
| InformationProtectionPolicy.Read.All | Read all published labels and label policies for an organization. |
| LearningAssignedCourse.Read | Read user's assignments |
| LearningAssignedCourse.Read.All | |
| LearningAssignedCourse.ReadWrite.All | Read and write all assignments |
| LearningContent.Read.All | Read learning content |
| LearningContent.ReadWrite.All | Manage learning content |
| LearningProvider.Read | Read learning provider |
| LearningProvider.ReadWrite | Manage learning provider |
| LearningSelfInitiatedCourse.Read | Read user's self-initiated courses |
| LearningSelfInitiatedCourse.Read.All | |
| LearningSelfInitiatedCourse.ReadWrite.All | Read and write all self-initiated courses |
| least | |
| LicenseAssignment.ReadWrite.All | Manage all license assignments |
| LifecycleWorkflows.Read.All | Read all lifecycle workflows resources |
| LifecycleWorkflows.ReadWrite.All | Read and write all lifecycle workflows resources |
| Mail.Read | Read user mail |
| Mail.Read.Shared | Read user and shared mail |
| Mail.ReadBasic | Read user basic mail |
| Mail.ReadBasic.All | Read basic mail in all mailboxes |
| Mail.ReadBasic.Shared | Read user and shared basic mail |
| Mail.ReadWrite | Read and write access to user mail |
| Mail.ReadWrite.Shared | Read and write user and shared mail |
| Mail.Send | Send mail as a user |
| Mail.Send.Shared | Send mail on behalf of others |
| MailboxSettings.Read | Read user mailbox settings |
| MailboxSettings.ReadWrite | Read and write user mailbox settings |
| ManagedTenant.Read.All | |
| ManagedTenant.ReadWrite.All | |
| ManagedTenants.Read.All | Read all managed tenant information |
| ManagedTenants.ReadWrite.All | Read and write all managed tenant information |
| ManagedTenants.WriteRead.All | |
| Member.Read.Hidden | Read hidden memberships |
| NetworkAccessBranch.Read.All | Read properties of branches for network access |
| NetworkAccessBranch.ReadWrite.All | Read and write properties of branches for network access |
| NetworkAccessPolicy.Read.All | Read security and routing policies for network access |
| NetworkAccessPolicy.ReadWrite.All | Read and write security and routing policies for network access |
| note | |
| Notes.Create | Create user OneNote notebooks |
| Notes.Read | Read user OneNote notebooks |
| Notes.Read.All | Read all OneNote notebooks that user can access |
| Notes.ReadWrite | Read and write user OneNote notebooks |
| Notes.ReadWrite.All | Read and write all OneNote notebooks that user can access |
| Notes.ReadWrite.CreatedByApp | Limited notebook access (permission/deprecated) |
| Notifications.ReadWrite.CreatedByApp | Deliver and manage user notifications for this app |
| offline_access | Maintain access to data you have given it access to |
| oleManagement.ReadWrite.Directory | |
| OnlineMeetingArtifact.Read.All | Read user's online meeting artifacts |
| OnlineMeetingRecording.Read.All | Read all recordings of online meetings. |
| OnlineMeetings.Read | Read user's online meetings |
| OnlineMeetings.Read.All | Read online meeting details |
| OnlineMeetings.ReadWrite | Read and create user's online meetings |
| OnlineMeetings.ReadWrite.All | Read and create online meetings |
| OnlineMeetingTranscript.Read.All | Read all transcripts of online meetings. |
| OnPremDirectorySynchronization.Read.All | Read all on-premises directory synchronization information |
| OnPremDirectorySynchronization.ReadWrite.All | Read and write all on-premises directory synchronization information |
| OnPremisesPublishingProfiles.ReadWrite.All | Manage on-premises published resources |
| openid | Sign users in |
| Organization.Read.All | Read organization information |
| Organization.ReadWrite.All | Read and write organization information |
| OrgContact.Read | |
| OrgContact.Read.All | Read organizational contacts |
| People.Read | Read users' relevant people lists |
| People.Read.All | Read all users' relevant people lists |
| PeopleSettings.Read.All | Read tenant-wide people settings |
| PeopleSettings.ReadWrite.All | Read and write tenant-wide people settings |
| Place.Read.All | Read all company places |
| Place.ReadWrite.All | Read and write organization places |
| Policy.Read.All | Read your organization's policies |
| Policy.Read.ConditionalAccess | Read your organization's conditional access policies |
| Policy.Read.PermissionGrant | Read consent and permission grant policies |
| Policy.ReadWrite.AccessReview | Read and write your organization's directory access review default policy |
| Policy.ReadWrite.ApplicationConfiguration | Read and write your organization's application configuration policies |
| Policy.ReadWrite.AuthenticationFlows | Read and write authentication flow policies |
| Policy.ReadWrite.AuthenticationMethod | Read and write authentication method policies |
| Policy.ReadWrite.Authorization | Read and write your organization's authorization policy |
| Policy.ReadWrite.ConditionalAccess | Read and write your organization's conditional access policies |
| Policy.ReadWrite.ConsentRequest | Read and write consent request policy |
| Policy.ReadWrite.CrossTenantAccess | Read and write your organization's cross tenant access policies |
| Policy.ReadWrite.DeviceConfiguration | Read and write your organization's device configuration policies |
| Policy.ReadWrite.ExternalIdentities | Read and write your organization's external identities policy |
| Policy.ReadWrite.FeatureRollout | Read and write your organization's feature rollout policies |
| Policy.ReadWrite.MobilityManagement | Read and write your organization's mobility management policies |
| Policy.ReadWrite.PermissionGrant | Manage consent and permission grant policies |
| Policy.ReadWrite.SecurityDefaults | Read and write your organization's security defaults policy |
| Policy.ReadWrite.TrustFramework | Read and write your organization's trust framework policies |
| POP.AccessAsUser.All | Read and write access to mailboxes via POP. |
| Presence.Read | Read user's presence information |
| Presence.Read.All | Read presence information of all users in your organization |
| Presence.ReadWrite | Read and write a user's presence information |
| Presence.ReadWrite.All | Read and write presence information for all users |
| PrintConnector.Read.All | Read print connectors |
| PrintConnector.ReadWrite.All | Read and write print connectors |
| Printer.Create | Register printers |
| Printer.FullControl.All | Register, read, update, and unregister printers |
| Printer.Read.All | Read printers |
| Printer.ReadWrite.All | Read and update printers |
| PrinterShare.Read.All | Read printer shares |
| PrinterShare.ReadBasic.All | Read basic information about printer shares |
| PrinterShare.ReadWrite.All | Read and write printer shares |
| PrintJob.Create | Create print jobs |
| PrintJob.Manage.All | Perform advanced operations on print jobs |
| PrintJob.Read | Read user's print jobs |
| PrintJob.Read.All | Read print jobs |
| PrintJob.ReadBasic | Read basic information of user's print jobs |
| PrintJob.ReadBasic.All | Read basic information of print jobs |
| PrintJob.ReadWrite | Read and write user's print jobs |
| PrintJob.ReadWrite.All | Read and write print jobs |
| PrintJob.ReadWriteBasic | Read and write basic information of user's print jobs |
| PrintJob.ReadWriteBasic.All | Read and write basic information of print jobs |
| PrintSettings.Read.All | Read tenant-wide print settings |
| PrintSettings.ReadWrite.All | Read and write tenant-wide print settings |
| PrintTaskDefinition.ReadWrite.All | Read, write and update print task definitions |
| privileged).md) | |
| PrivilegedAccess.Read.AzureAD | Read privileged access to Azure AD |
| PrivilegedAccess.Read.AzureADGroup | Read privileged access to Azure AD groups |
| PrivilegedAccess.Read.AzureResources | Read privileged access to Azure resources |
| PrivilegedAccess.ReadWrite.AzureAD | Read and write privileged access to Azure AD |
| PrivilegedAccess.ReadWrite.AzureADGroup | Read and write privileged access to Azure AD groups |
| PrivilegedAccess.ReadWrite.AzureResources | Read and write privileged access to Azure resources |
| PrivilegedAssignmentSchedule.Read.AzureADGroup | Read assignment schedules for access to Azure AD groups |
| PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup | Read, create, and delete assignment schedules for access to Azure AD groups |
| PrivilegedEligibilitySchedule.Read.AzureADGroup | Read eligibility schedules for access to Azure AD groups |
| PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup | Read, create, and delete eligibility schedules for access to Azure AD groups |
| profile | View users' basic profile |
| ProgramControl.Read.All | Read all programs that user can access |
| ProgramControl.Read.All` | |
| ProgramControl.ReadWrite.All | Manage all programs that user can access |
| QnA.Read.All | Read all Questions and Answers that the user can access. |
| RecordsManagement.Read.All | Read Records Management configuration, labels, and policies |
| RecordsManagement.ReadWrite.All | Read and write Records Management configuration, labels, and policies |
| Reports.Read.All | Read all usage reports |
| ReportSettings.Read.All | Read admin report settings |
| ReportSettings.ReadWrite.All | Read and write admin report settings |
| ResourceSpecificPermissionGrant.ReadForChat | |
| ResourceSpecificPermissionGrant.ReadForChat.All | |
| RoleAssignmentSchedule.Read.Directory | Read all active role assignments for your company's directory |
| RoleAssignmentSchedule.ReadWrite.Directory | Read, update, and delete all active role assignments for your company's directory |
| RoleEligibilitySchedule.Read.Directory | Read all eligible role assignments for your company's directory |
| RoleEligibilitySchedule.ReadWrite.Directory | Read, update, and delete all eligible role assignments for your company's directory |
| RoleManagement.Read.All | Read role management data for all RBAC providers |
| RoleManagement.Read.CloudPC | Read Cloud PC RBAC settings |
| RoleManagement.Read.Directory | Read directory RBAC settings |
| RoleManagement.Read.Exchange | Read Exchange Online RBAC configuration |
| RoleManagement.ReadWrite.CloudPC | Read and write Cloud PC RBAC settings |
| RoleManagement.ReadWrite.Directory | Read and write directory RBAC settings |
| RoleManagement.ReadWrite.Exchange | Read and write Exchange Online RBAC configuration |
| RoleManagementAlert.Read.Directory | Read all alert data for your company's directory |
| RoleManagementAlert.ReadWrite.Directory | Read all alert data, configure alerts, and take actions on all alerts for your company's directory |
| RoleManagementPolicy.Read.Directory | Read all policies for privileged role assignments of your company's directory |
| RoleManagementPolicy.ReadWrite.Directory | Read, update, and delete all policies for privileged role assignments of your company's directory |
| roles | |
| Schedule.Read.All | Read user schedule items |
| Schedule.ReadWrite.All | Read and write user schedule items |
| SearchConfiguration.Read.All | Read your organization's search configuration |
| SearchConfiguration.ReadWrite.All | Read and write your organization's search configuration |
| SecurityActions.Read.All | Read your organization's security actions |
| SecurityActions.ReadWrite.All | Read and update your organization's security actions |
| SecurityAlert.Read.All | Read all security alerts |
| SecurityAlert.ReadWrite.All | Read and write to all security alerts |
| SecurityAnalyzedMessage.Read.All | Read metadata and detection details for emails in your organization |
| SecurityAnalyzedMessage.ReadWrite.All | Read metadata, detection details, and execute remediation actions on emails in your organization |
| SecurityEvents.Read.All | Read your organization’s security events |
| SecurityEvents.ReadWrite.All | Read and update your organization’s security events |
| SecurityIncident.Read.All | Read incidents |
| SecurityIncident.ReadWrite.All | Read and write to incidents |
| ServiceHealth.Read.All | Read service health |
| ServiceMessage.Read.All | Read service announcement messages |
| ServiceMessageViewpoint.Write | Update user status on service announcement messages |
| ServicePrincipalEndpoint.Read.All | Read service principal endpoints |
| ServicePrincipalEndpoint.ReadWrite.All | Read and update service principal endpoints |
| SharePointTenantSettings.Read.All | Read SharePoint and OneDrive tenant settings |
| SharePointTenantSettings.ReadWrite.All | Read and change SharePoint and OneDrive tenant settings |
| ShortNotes.Read | Read short notes of the signed-in user |
| ShortNotes.Read.All | Read all users' short notes |
| ShortNotes.ReadWrite | Read, create, edit, and delete short notes of the signed-in user |
| ShortNotes.ReadWrite.All | Read, create, edit, and delete all users' short notes |
| Sites.FullControl.All | Have full control of all site collections |
| Sites.Manage.All | Create, edit, and delete items and lists in all site collections |
| Sites.Read.All | Read items in all site collections |
| Sites.ReadWrite.All | Edit or delete items in all site collections |
| Sites.Selected | Access selected site collections |
| SMTP.Send | Send emails from mailboxes using SMTP AUTH. |
| SubjectRightsRequest.Read.All | Read subject rights requests |
| SubjectRightsRequest.ReadWrite.All | Read and write subject rights requests |
| Subscription.Read.All | Read all webhook subscriptions |
| Synchronization.Read.All | Read all Azure AD synchronization data |
| Synchronization.ReadWrite.All | Read and write all Azure AD synchronization data |
| Tasks.Read | Read user's tasks and task lists |
| Tasks.Read.All | Read all users’ tasks and tasklist |
| Tasks.Read.Shared | Read user and shared tasks |
| Tasks.ReadWrite | Create, read, update, and delete user’s tasks and task lists |
| Tasks.ReadWrite.All | Read and write all users’ tasks and tasklists |
| Tasks.ReadWrite.All. | |
| Tasks.ReadWrite.Shared | Read and write user and shared tasks |
| Team.Create | Create teams |
| Team.ReadBasic.All | Read the names and descriptions of teams |
| TeamMember.Read.All | Read the members of teams |
| TeamMember.Read.Group | |
| TeamMember.ReadWrite.All | Add and remove members from teams |
| TeamMember.ReadWrite.All. | |
| TeamMember.ReadWriteNonOwnerRole.All | Add and remove members with non-owner role for all teams |
| TeamsActivity.Read | Read user's teamwork activity feed |
| TeamsActivity.Read.All | Read all users' teamwork activity feed |
| TeamsActivity.Send | Send a teamwork activity as the user |
| TeamsActivity.Send.Chat | |
| TeamsActivity.Send.Group | |
| TeamsApp.Read.Group | |
| TeamsAppInstallation.Read.Chat | |
| TeamsAppInstallation.Read.Chat1 | |
| TeamsAppInstallation.Read.Group | |
| TeamsAppInstallation.Read.Group2 | |
| TeamsAppInstallation.ReadForChat | Read installed Teams apps in chats |
| TeamsAppInstallation.ReadForChat.All | Read installed Teams apps for all chats |
| TeamsAppInstallation.ReadForTeam | Read installed Teams apps in teams |
| TeamsAppInstallation.ReadForTeam.All | Read installed Teams apps for all teams |
| TeamsAppInstallation.ReadForUser | Read user's installed Teams apps |
| TeamsAppInstallation.ReadForUser.All | Read installed Teams apps for all users |
| TeamsAppInstallation.ReadWriteAndConsentForChat | Manage installed Teams apps in chats |
| TeamsAppInstallation.ReadWriteAndConsentForChat.All | Manage installation and permission grants of Teams apps for all chats |
| TeamsAppInstallation.ReadWriteAndConsentForChat.All1 | |
| TeamsAppInstallation.ReadWriteAndConsentForChat1 | |
| TeamsAppInstallation.ReadWriteAndConsentForTeam | Manage installed Teams apps in teams |
| TeamsAppInstallation.ReadWriteAndConsentForTeam.All | Manage installation and permission grants of Teams apps for all teams |
| TeamsAppInstallation.ReadWriteAndConsentSelfForChat | Allow the Teams app to manage itself and its permission grants in chats |
| TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All | Allow the Teams app to manage itself and its permission grants for all chats |
| TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All1 | |
| TeamsAppInstallation.ReadWriteAndConsentSelfForChat1 | |
| TeamsAppInstallation.ReadWriteAndConsentSelfForTeam | Allow the Teams app to manage itself and its permission grants in teams |
| TeamsAppInstallation.ReadWriteAndConsentSelfForTeam.All | Allow the Teams app to manage itself and its permission grants for all teams |
| TeamsAppInstallation.ReadWriteForChat | Manage installed Teams apps in chats |
| TeamsAppInstallation.ReadWriteForChat.All | Manage Teams apps for all chats |
| TeamsAppInstallation.ReadWriteForChat.All1 | |
| TeamsAppInstallation.ReadWriteForChat1 | |
| TeamsAppInstallation.ReadWriteForTeam | Manage installed Teams apps in teams |
| TeamsAppInstallation.ReadWriteForTeam.All | Manage Teams apps for all teams |
| TeamsAppInstallation.ReadWriteForTeam.All1 | |
| TeamsAppInstallation.ReadWriteForTeam1 | |
| TeamsAppInstallation.ReadWriteForUser | Manage user's installed Teams apps |
| TeamsAppInstallation.ReadWriteForUser.All | Manage Teams apps for all users |
| TeamsAppInstallation.ReadWriteSelfForChat | Allow the Teams app to manage itself in chats |
| TeamsAppInstallation.ReadWriteSelfForChat.All | Allow the Teams app to manage itself for all chats |
| TeamsAppInstallation.ReadWriteSelfForChat.All1 | |
| TeamsAppInstallation.ReadWriteSelfForChat1 | |
| TeamsAppInstallation.ReadWriteSelfForTeam | Allow the app to manage itself in teams |
| TeamsAppInstallation.ReadWriteSelfForTeam.All | Allow the Teams app to manage itself for all teams |
| TeamsAppInstallation.ReadWriteSelfForTeam.All1 | |
| TeamsAppInstallation.ReadWriteSelfForTeam1 | |
| TeamsAppInstallation.ReadWriteSelfForUser | Allow the Teams app to manage itself for a user |
| TeamsAppInstallation.ReadWriteSelfForUser.All | Allow the app to manage itself for all users |
| TeamSettings.Read.All | Read teams' settings |
| TeamSettings.Read.Group | |
| TeamSettings.ReadWrite.All | Read and change teams' settings |
| TeamSettings.ReadWrite.Group | |
| TeamsTab.Create | Create tabs in Microsoft Teams. |
| TeamsTab.Create.Chat | |
| TeamsTab.Create.Group | |
| TeamsTab.Delete.Chat | |
| TeamsTab.Delete.Group | |
| TeamsTab.Read.All | Read tabs in Microsoft Teams. |
| TeamsTab.Read.Chat | |
| TeamsTab.Read.Group | |
| TeamsTab.ReadWrite.All | Read and write tabs in Microsoft Teams. |
| TeamsTab.ReadWrite.Chat | |
| TeamsTab.ReadWrite.Group | |
| TeamsTab.ReadWriteForChat | Allow the Teams app to manage all tabs in chats |
| TeamsTab.ReadWriteForChat.All | Allow the Teams app to manage all tabs for all chats |
| TeamsTab.ReadWriteForTeam | Allow the Teams app to manage all tabs in teams |
| TeamsTab.ReadWriteForTeam.All | Allow the Teams app to manage all tabs for all teams |
| TeamsTab.ReadWriteForUser | Allow the Teams app to manage all tabs for a user |
| TeamsTab.ReadWriteForUser.All | Allow the app to manage all tabs for all users |
| TeamsTab.ReadWriteSelfForChat | Allow the Teams app to manage only its own tabs in chats |
| TeamsTab.ReadWriteSelfForChat.All | Allow the Teams app to manage only its own tabs for all chats |
| TeamsTab.ReadWriteSelfForTeam | Allow the Teams app to manage only its own tabs in teams |
| TeamsTab.ReadWriteSelfForTeam.All | Allow the Teams app to manage only its own tabs for all teams |
| TeamsTab.ReadWriteSelfForUser | Allow the Teams app to manage only its own tabs for a user |
| TeamsTab.ReadWriteSelfForUser.All | Allow the Teams app to manage only its own tabs for all users |
| TeamTemplates.Read | Read available Teams templates |
| TeamTemplates.Read.All | Read all available Teams Templates |
| Teamwork.Migrate.All | Create chat and channel messages with anyone's identity and with any timestamp |
| TeamworkAppSettings.Read.All | Read Teams app settings |
| TeamworkAppSettings.ReadWrite.All | Read and write Teams app settings |
| TeamworkDevice.Read.All | Read Teams devices |
| TeamworkDevice.ReadWrite.All | Read and write Teams devices |
| TeamworkTag.Read | Read tags in Teams |
| TeamworkTag.Read.All | Read tags in Teams |
| TeamworkTag.ReadWrite | Read and write tags in Teams |
| TeamworkTag.ReadWrite.All | Read and write tags in Teams |
| TermStore.Read.All | Read term store data |
| TermStore.ReadWrite.All | Read and write term store data |
| ThreatAssessment.Read.All | Read threat assessment requests |
| ThreatAssessment.ReadWrite.All | Read and write threat assessment requests |
| ThreatHunting.Read.All | Run hunting queries |
| ThreatIndicators.Read.All | Read all threat indicators |
| ThreatIndicators.ReadWrite.OwnedBy | Manage threat indicators this app creates or owns |
| ThreatIntelligence.Read.All | Read all threat intelligence information |
| ThreatSubmission.Read | Read threat submissions |
| ThreatSubmission.Read.All | Read all threat submissions |
| ThreatSubmission.ReadWrite | Read and write threat submissions |
| ThreatSubmission.ReadWrite.All | Read and write all threat submissions |
| ThreatSubmissionPolicies.ReadWrite.All | |
| ThreatSubmissionPolicy.ReadWrite.All | Read and write all threat submission policies |
| TrustFrameworkKeySet.Read.All | Read trust framework key sets |
| TrustFrameworkKeySet.ReadWrite.All | Read and write trust framework key sets |
| UnifiedGroupMember.Read.AsGuest | Read unified group memberships as guest |
| User-LifeCycleInfo.Read.All | Read all users' lifecycle information |
| User-LifeCycleInfo.ReadWrite.All | Read and write all users' lifecycle information |
| User.EnableDisableAccount.All | Enable and disable user accounts |
| User.Export.All | Export user's data |
| User.Invite.All | Invite guest users to the organization |
| User.ManageIdentities.All | Manage user identities |
| User.Read | Sign in and read user profile |
| User.Read.All | Read all users' full profiles |
| User.ReadBasic.All | Read all users' basic profiles |
| User.ReadWrite | Read and write access to user profile |
| User.ReadWrite.All | Read and write all users' full profiles |
| UserActivity.ReadWrite.CreatedByApp | Read and write app activity to users' activity feed |
| UserAuthenticationMethod.Read | Read user authentication methods. |
| UserAuthenticationMethod.Read.All | Read all users' authentication methods |
| UserAuthenticationMethod.ReadWrite | Read and write user authentication methods |
| UserAuthenticationMethod.ReadWrite.All | Read and write all users' authentication methods. |
| UserNotification.ReadWrite.CreatedByApp | Deliver and manage user's notifications |
| UserShiftPreferences.Read.All | Read all user shift preferences |
| UserShiftPreferences.ReadWrite.All | Read and write all user shift preferences |
| UserTimelineActivity.Write.CreatedByApp | Write app activity to users' timeline |
| VirtualAppointment.Read | Read a user's virtual appointments |
| VirtualAppointment.Read.All | Read all virtual appointments for users, as authorized by online meetings application access policy |
| VirtualAppointment.ReadWrite | Read and write a user's virtual appointments |
| VirtualAppointment.ReadWrite.All | Read-write all virtual appointments for users, as authorized by online meetings app access policy |
| VirtualEvent.Read | Read your virtual events |
| VirtualEvent.Read.All | Read all users' virtual events |
| WindowsUpdates.ReadWrite.All | Read and write all Windows update deployment settings |
| WorkforceIntegration.Read.All | Read workforce integrations |
| WorkforceIntegration.ReadWrite.All | Read and write workforce integrations |