Home > Manage Apps > Manage App Profiles for Microsoft Tenants > API Permissions Required by Default AvePoint Apps for Microsoft Tenants > Microsoft 365 (All Permissions)
Export to PDFMicrosoft 365 (All Permissions)
The Microsoft 365 (All permissions) app profile can be used by the following services:
Once you create a Microsoft 365 (All permissions) app profile in AvePoint Online Services, the AvePoint Online Services Administration forMicrosoft365 app will be automatically set up in your Microsoft Entra ID.
The table below lists the permissions that should be accepted when you authorize the AvePoint Online Services Administration forMicrosoft365 app.
| API | Permission | Type | Purpose | Is newly required? |
|---|---|---|---|---|
| SharePoint/Office 365 SharePoint Online | Sites.FullControl.All(Have full control of all site collections) | Application | Retrieve information of SharePoint Online site collections that are scanned by Auto discovery. | No |
| SharePoint/Office 365 SharePoint Online | User.ReadWrite.All(Read and write user profiles) | Application | Retrieve information of Microsoft 365 user profiles related to OneDrive that are scanned by Auto discovery. | No |
| SharePoint/Office 365 SharePoint Online | TermStore.ReadWrite.All(Read and write managed metadata) | Application | Back up and restore Managed Metadata Service of SharePoint Online site collections and Microsoft 365 Group team sites. | No |
| Office 365 Exchange Online | full_access_as_app(Use Exchange Web Services with full access to all mailboxes) | Application | Retrieve information of Exchange Online mailboxes and Microsoft 365 Group mailboxes that are scanned by Auto discovery. | No |
| Office 365 Exchange Online | Exchange.ManageAsApp(Manage Exchange As Application) | Application | Scan in-place archived mailboxes. | No |
| Office 365 Management APIs | ActivityFeed.Read(Read activity data for your organization) | Application | Retrieve activity data in your organization to generate reports in AvePoint Cloud Insights. | No |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Scan Microsoft Teams via Auto discovery. | No |
| Microsoft Graph | User.Read(Sign in and read user profile) | Delegated | Support signing into AvePoint Online Services with Microsoft 365 accounts. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Scan Microsoft 365 Groups and Microsoft Teams via Auto discovery. | No |
| Microsoft Graph | Group.ReadWrite.All(Read and write all groups) | Application | Back up and restore Microsoft Teams and Microsoft 365 Groups data. | No |
| Microsoft Graph | Directory.Read.All(Read directory data) | Application | Retrieve your Microsoft 365 tenant information. | No |
| Microsoft Graph | Sites.ReadWrite.All(Read and write items in all site collections) | Application | Back up and restore Microsoft Teams, Microsoft 365 Groups, and OneDrive data. | No |
| Microsoft Graph | Sites.Read.All(Read items in all site collections [preview]) | Application | Back up and restore Microsoft Teams and Microsoft 365 Groups data. | No |
| Microsoft Graph | Reports.Read.All(Read all usage reports) | Application | AvePoint Cloud Backup for Microsoft 365 can retrieve data size directly, which improves the efficiency of the Subscription Consumption Report. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the members and messages of Teams private channels. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Insights uses it to retrieve private channel members. | No |
| Microsoft Graph | ChannelMember.ReadWrite.All(Add and remove members from all channels) | Application | Policies for Microsoft 365 uses it to read all channel members. | No |
| Microsoft Graph | ChannelMessage.Read.All(Read all channel messages) | Application | Back up and restore the members and messages of Teams private channels. | No |
| Microsoft Graph | Tasks.ReadWrite.All (Read and write all users’ tasks and task lists) | Application | Backup up and restore Planner data. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | Required by the restore jobs of Teams service. | No |
| Microsoft Graph | ChannelSettings.ReadWrite.All(Read and write the names, descriptions, and settings of all channels) | Application | Insights can retrieve information of channels in Teams. | No |
| Microsoft Graph | User.Read.All(Read all users' full profiles) | Application | Retrieves and displays user photos and user basic information. | No |
| Microsoft Graph | User.ReadWrite.All(Read and write all users’ full profiles) | Application | It allows users to remove or block external users in Insights. | No |
| Microsoft Graph | AuditLog.Read.All(Read all audit log data) | Application | Insights uses it to retrieve the last sign-in time of external users. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Insights can retrieve information of teams. | No |
| Microsoft Graph | TeamSettings.ReadWrite.All(Read and change all teams' settings) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ settings. | No |
| Microsoft Graph | Files.Read.All(Read files in all site collections) | Application | Retrieve URLs of channels in Teams or read files in Teams channels to support products’ functionalities. | No |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from teams) | Application | Insights can retrieve and manage members in your Teams. | No |
| Microsoft Graph | TeamMember.ReadWrite.All(Add and remove members from teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ members. | No |
| Microsoft Graph | TeamsTab.ReadWrite.All(Read and write tabs in Microsoft Teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ tabs. | No |
| Microsoft Graph | Team.Create(Create teams) | Application | Cloud Backup for Microsoft 365 uses it to restore teams. | No |
| Microsoft Graph | TeamsAppInstallation.ReadWriteForTeam.All(Manage Teams apps for all teams) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore teams’ apps. | No |
| Microsoft Graph | Channel.Create(Create channels) | Application | Cloud Backup for Microsoft 365 uses it to restore teams’ channels. | No |
| Microsoft Graph | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization.) | Application | Insights uses it to retrieve sensitivity labels from Microsoft 365. | No |
| Microsoft Graph | Chat.Read.All(Read all chat messages) | Application | Cloud Backup for Microsoft 365 uses it to back up Microsoft Teams Chat. | No |
| Microsoft Graph | Files.ReadWrite.All(Read and write files in all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the OneDrive files. | No |
| Microsoft Graph | Sites.Manage.All(Create, edit, and delete items and lists in all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up and restore the OneDrive files. | No |
| Microsoft Graph | Sites.FullControl.All(Have full control of all site collections) | Application | Cloud Backup for Microsoft 365 uses it to back up some files in specific conditions, such as DLP-sensitive files. | No |
| Microsoft Information Protection Sync Service | UnifiedPolicy.Tenant.Read(Read all unified policies of the tenant) | Application | Insights can retrieve information of published sensitivity labels from Microsoft 365. | No |
On this page