Requested permissions for Microsoft 365 connection
To enable contentACCESS to authenticate and connect to Microsoft 365 services through a previously registered application, certain permissions are required:
Requested permissions
Name
Description
Requested for
Exchange.ManageAsApp
manage Exchange as Application
Exchange Online
full_access_as_app
use Exchange Web Services with full access to all mailboxes
Exchange Online
Group.Read.All
read all groups
Email, SharePoint, and Teams
GroupMember.Read.All
read all group memberships
Email, SharePoint, and Teams
Files.Read.All
read files in all site collections
SharePoint and Teams
Notes.ReadWrite.All
read and write all OneNote notebooks
SharePoint and Teams
Sites.FullControl.All
have full control of all site collections
SharePoint and Teams
Sites.Manage.All
read and write items and lists in all site collections
SharePoint and Teams
Sites.Read.All
read items in all site collections
SharePoint and Teams
Sites.ReadWrite.All
read and write items in all site collections
SharePoint and Teams
TermStore.ReadWrite.All
read and write managed metadata
SharePoint and Teams
User.Read.All
read user profiles
SharePoint and Teams
Channel.Create
create channels
Teams
ChannelMessage.Read.All
read user cannel messages
Teams
Directory.Read.All
read directory data
Teams
Team.Create
create teams
Teams
TeamMember.ReadWrite.All
add and remove members from all teams
Teams
TeamSettings.ReadWrite.All
read and change all teams' settings
Teams
TeamsAppInstallation.
ReadWriteAndConsentForTeam.All
manage installation and permission grants of Teams apps for all teams
Teams
TeamsTab.ReadWrite.All
read and write tabs in Microsoft Teams.
Teams
Teamwork.Migrate.All
create chat and channel messages with anyone’s identity and with any timestamp
Teams
TeamworkTag.ReadWrite.All
read and write tags in Teams
Teams
Chat.Read.All
read all chat messages
Teams chat
Chat.ReadBasic.All
read names and members of all chat threads
Teams chat
Learn more about permissions and consent here.