Home > Manage Apps > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Fly
Export to PDFFly
When you create an app profile for Fly in AvePoint Online Services, the AvePoint Fly app will be automatically set up in your Microsoft Entra ID.
*Note: When creating an app profile for the Fly service and consenting to the app with a Privileged Role Administrator account, the account may need additional permissions.
The table below lists the permissions that should be accepted when you authorize the AvePoint Fly app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve and migrate settings and permissions of SharePoint Online site collections and team sites. | No |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All(Read and write managed metadata) | Application | Retrieve and migrate Managed Metadata Service. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All(Read and write user profiles) | Application | Retrieve and migrate Microsoft 365 user profiles. | No |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve and migrate Microsoft 365 users. | No |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Retrieve the information of Microsoft 365 user profiles. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Retrieve and migrate Microsoft 365 groups and group members. | No |
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Migrate channel folders and files of team sites and private channels’ site collections. | No |
| Microsoft Graph | User.Read(Sign in and read user profile) | Delegated | Retrieve information of Microsoft 365 user profiles. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Retrieve and migrate private channel members. | No |
| Microsoft Graph | ChannelMessage.Read.All(Read all channel messages) | Application | Retrieve and migrate all channel messages. | No |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from all teams) | Application | Retrieve and migrate team members. | No |
| Microsoft Graph | Teamwork.Migrate.All(Create chat and channel messages with anyone’s identity and with any timestamp) | Application | Create teams and channels, and migrate channel messages with any message sender and timestamp. | No |
| Microsoft Graph | TeamworkTag.ReadWrite.All(Read and write tags in Teams) | Application | Retrieve and migrate tags in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteAndConsentForTeam.All(Manage installation and permission grants of Teams apps for all teams) | Application | Read, install, upgrade, and uninstall Teams apps in Teams and manage Teams access permissions. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All | |||
| (Read all published labels and label policies for an organization) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/groups/sites. | No | |
| Microsoft Graph | OnlineMeetings.ReadWrite.All(Read and create online meetings) | Application | Make sure the replaced meeting links in the destination are available to all attendees. | No |
| Microsoft Graph | Chat.Create(Create chats) | Application | Create chats in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | Chat.ReadWrite.All(Read and write all chat messages) | Application | Retrieve and migrate chat members/chat messages in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | Channel.Create(Create channels) | Application | Create channels in Microsoft Teams migrations. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | Retrieve and migrate channel settings in Microsoft Teams migrations. | No |
| Microsoft Graph | Team.Create(Create teams) | Application | Create teams in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Retrieve and migrate team settings in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteForTeam.All(Manage Teams apps for all teams) | Application | Retrieve and migrate team apps in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsTab.ReadWriteForTeam.All(Allow the Teams app to manage all tabs for all teams) | Application | Retrieve and migrate team tabs in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsTab.Read.All(Read tabs in Microsoft Teams) | Application | Retrieve tabs in destination chats in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | TeamsTab.Create(Create tabs in Microsoft Teams) | Application | Create tabs in destination chats in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | Schedule.ReadWrite.All(Read and write user schedule items) | Application | Retrieve and migrate Teams Shifts app data in Microsoft Teams migrations. | No |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | Only required by tenant discovery. | No |
| Microsoft Graph | Tasks.ReadWrite.All(Read and write all users’ tasks and task lists) | Application | Retrieve and migrate planners and data in planners. | No |
| Microsoft Graph | ReportSettings.Read.All(Read all admin report settings) | Application | Retrieve the Reports setting of the Microsoft 365 admin center. | No |
| Microsoft Graph | Calendars.ReadWrite(Read and write calendars in all mailboxes) | Application | Keep the source Response statuses of Gmail event attendees to the destination Exchange Online. | No |
| Microsoft Graph | TeamworkTag.ReadWrite(Read and write tags in Teams) | Delegated | Retrieve and migrate tags in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsTab.ReadWriteSelfForChat(Allow the Teams app to manage only its own tabs in chats) | Application | Update tabs in destination chats. | No |
| Microsoft Graph | TeamsAppInstallation.ReadForUser.All(Read installed Teams apps for all users) | Application | Retrieve the list of apps installed in the personal scope of the specified user. | No |
| Office 365 Exchange Online | full_access_as_app(Use Exchange Web Services with full access to all mailboxes) | Application | Retrieve and migrate items from all mailboxes. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange As Application) | Application | Use Exchange PowerShell to migrate mailbox permissions and distribution lists. | No |
| Azure Rights Management Services | Content.DelegatedReader(Read protected content on behalf of a user) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/sites. | No |
| Azure Rights Management Services | Content.DelegatedWriter(Create protected content on behalf of a user) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/sites. | No |
| Azure Rights Management Services | Content.SuperUser(Read all protected content for this tenant) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/sites. | No |
| Azure Rights Management Services | Content.Writer(Create protected content) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/sites. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Only required if you want to manage sensitivity labels of files/emails/teams/sites. | No |
Fly Delegated App
When you create an app profile for Fly delegated app in AvePoint Online Services, the AvePoint Fly Delegated App will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Fly Delegated App.
| API | Permission | Purpose | Is newly required? |
|---|---|---|---|
| Microsoft Graph | RoleManagement.Read.Directory(Read directory RBAC settings) | Retrieve Microsoft global groups.Check Service Account available roles. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Allow to create groups and read all group properties and memberships.Additionally, allow group owners to manage their groups and allow group members to update group content. | No |
| Microsoft Graph | Domain.Read.All(Read domains) | Retrieve the Microsoft 365 tenant domain. | No |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Retrieve information of user profiles. | No |
| Microsoft Graph | Chat.ReadWrite(Read and write user chat messages) | Retrieve and migrate chat members / chat messages in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | TeamsTab.ReadWriteForTeam(Allow the Teams app to manage all tabs in teams) | Retrieve and migrate team tabs in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteAndConsentForTeam(Manage installed Teams apps in teams) | Read, install, upgrade, and uninstall Teams apps in Teams and manage Teams access permissions. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change teams’ settings) | Retrieve and migrate team settings in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteForTeam(Manage installed Teams apps in teams) | Retrieve and migrate team apps in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from teams) | Migrate team members to the destination. | No |
| Microsoft Graph | Team.Create(Create teams) | Create Teams in Microsoft Teams migrations. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of channels) | Retrieve and migrate channel settings in Microsoft Teams migrations. | No |
| Microsoft Graph | ChannelMessage.Send(Send channel messages) | Migrate channel messages in Microsoft Teams migrations. | No |
| Microsoft Graph | ChannelMessage.Read.All(Read user channel messages) | Retrieve channel messages in Microsoft Teams migrations. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from channels) | Retrieve and migrate channel members in Microsoft Teams migrations. | No |
| Microsoft Graph | Channel.Create(Create channels) | Create channels in Microsoft Teams migrations. | No |
| Microsoft Graph | Schedule.ReadWrite.All(Read and write all schedule items) | Retrieve and migrate Teams Shifts app data in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsTab.Create(Create tabs in Microsoft Teams) | Create tabs in destination chats in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | TeamsTab.Read.All(Read tabs in Microsoft Teams) | Retrieve tabs of destination chats in Microsoft Teams Chat migrations. | No |
| Microsoft Graph | TeamworkTag.ReadWrite(Read and write tag and tag member) | Retrieve and migrate Teams work tags in Microsoft Teams migrations. | No |
| Microsoft Graph | TeamsTab.ReadWriteSelfForChat(Allow the Teams app to manage only its own tabs in chats) | Update tabs in destination chats. | No |
| Microsoft Graph | Files.ReadWrite.All(Have full access to all files user can access) | Migrate files of team sites to the destination. | No |
| Microsoft Graph | Sites.Read.All(Real content in all site collections) | Retrieve all site collections. | No |
| SharePoint | AllSites.FullControl(Have full control of all site collections) | Retrieve and migrate content in SharePoint migrations. | No |
| SharePoint | TermStore.ReadWrite.All(Read and write managed metadata) | Retrieve and migrate Managed Metadata Service data. | No |
| Office 365 Exchange Online | EWS.AccessAsUser.All(Access mailboxes as the signed-in user via Exchange Web Services) | Use Exchange Web Services with full access to user data via impersonation. | No |
| Office 365 Exchange Online | Exchange.Manage(Manage Exchange configuration) | Retrieve and migrate mailbox permissions, distribution groups, and other data related to Exchange PowerShell. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.User.Read(Read all unified policies a user has access to) | Retrieve sensitivity labels of files/mails/Groups. | No |
| Azure Rights Management Services | user_impersonation(Create and access protected content for users) | Migrate sensitivity labels of files/mails/Groups. | No |
Fly for Power Platform
When you create a Fly for Power Platform app profile in AvePoint Online Services, the AvePoint Fly for Power Platform app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Fly for Power Platform app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| SharePoint/Office 365 SharePoint Online | Sites.Read.All(Read items in all site collections) | Application | Retrieve source trigger parameters. | No |
| Microsoft Graph | TeamSettings.Read.All(Read all teams' settings) | Application | Retrieve Team settings. | No |
| Microsoft Graph | TeamworkTag.Read.All(Read tags in Teams) | Application | Retrieve team tags.(You can ignore this if your tenant is for Microsoft 365 Government High environment since the environment does not support Team tags.) | No |
| Microsoft Graph | ChannelSettings.Read.All(Read the names, descriptions, and settings of all channels) | Application | Retrieve channel settings. | No |
| Microsoft Graph | Sites.Read.All(Read items in all site collections) | Application | Retrieve the SharePoint site and list information. | No |
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Retrieve Group information. | No |
| Microsoft Graph | Contacts.Read(Read contacts in all mailboxes) | Application | Retrieve user’s contact folder information. | No |
| Microsoft Graph | Mail.Read(Read mail in all mailboxes) | Application | Retrieve user’s mail folder information. | No |
| Microsoft Graph | Calendars.Read(Read calendars in all mailboxes) | Application | Retrieve user’s calendar information. | No |
| Microsoft Graph | Directory.Read.All | Application | Retrieve your organization’s Microsoft Entra data. Use this permission to get user list (user ID+UPN) to find the user information in apps and flows. | No |
| Microsoft Graph | Place.Read.All(Read all company places) | Application | Retrieve the room list parameter. | No |
| Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | User(Access the PowerApps Service API) | Delegated | Retrieve information of Power Platform environments, apps, and cloud flows. | No |
| Power Automate | Flows.Manage.All(Allow the application to manage flows) | Delegated | Retrieve and manage flows. | No |
| Dataverse | user_impersonation(Access Common Data Service as organization users) | Delegated | Retrieve information of Power Automate desktop flows and business process flows. | No |
| Microsoft Forms | Forms.Read.All(View forms) | Application | Map the forms and generate a Forms ID mapping. | No |
Fly for Entra ID Source
When you create a Fly for Entra ID source app profile in AvePoint Online Services, the AvePoint Fly for Entra ID source app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Fly for Entra ID source app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | Domain.Read.All(Read domains) | Application | Retrieve tenant domain. |
| Microsoft Graph | RoleManagement.Read.Directory(Read roles and Role assignments) | Application | Retrieve directory roles. |
| Microsoft Graph | Group.Read.All (Read all groups) | Application | Retrieve Microsoft 365 Groups and Group members. |
| Microsoft Graph | User.Read.All (Read all users’ full profiles) | Application | Retrieve information of Microsoft 365 user profiles. |
| Microsoft Graph | Organization.Read.All(Read subscribed SKUs) | Application | Retrieve information of license. |
| Microsoft Graph | MailboxSettings.Read(Read user’s mail setting) | Application | Retrieve the mailbox settings information for all users. |
Fly for Entra ID Source and Destination
When you create a Fly for Entra ID source and destination app profile in AvePoint Online Services, the AvePoint Fly for Entra ID source and destination app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Fly for Entra ID source and destination app.
| API | Permission | Type | Purpose |
|---|---|---|---|
| Microsoft Graph | Domain.Read.All(Read domains) | Application | Retrieve tenant domain. |
| Microsoft Graph | RoleManagement.ReadWrite.Directory (Read and Write roles and Role assignments) | Application | Retrieve directory roles and migrate roles. |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Retrieve and migrate Microsoft 365 Groups and group members. |
| Microsoft Graph | User.ReadWrite.All(Read and write all users’ full profiles) | Application | Retrieve and migrate Microsoft 365 user. |
| Microsoft Graph | Organization.Read.All(Read subscribed SKUs) | Application | Retrieve information of license. |
| Microsoft Graph | User.EnableDisableAccount.All(Unblock user sign-in) | Application | Enable and disable users' accounts. |
| Microsoft Graph | User-Phone.ReadWrite.All(Update Business phone and Mobile phone) | Application | Update business phones and mobile phone properties for all users. |
| Microsoft Graph | User-Mail.ReadWrite.All(Update Other emails) | Application | Update other mails property for all users. |
| Microsoft Graph | MailboxSettings.Read(Read user’s mail setting) | Application | Retrieve the mailbox settings information for all users. |
On this page