Microsoft Connections, widgets, and plugins use a variety of Microsoft API permissions that Azure global admins can manage in the Azure Portal. This includes managing which content is accessed by your internal communications platform from your Microsoft 365 environment. The default permissions used by Microsoft Connections, widgets, and plugins are listed here.
In this Article
- Staffbase Microsoft 365 Search and Widgets
- Microsoft 365 Search
- Microsoft 365 Document Library Widget
- Microsoft 365 Files Widget
- Microsoft 365 Sites Widget
- Microsoft 365 Calendar Widget
- Microsoft 365 Tasks Widget
- Microsoft 365 Teams Overview Widget
- Microsoft 365 Teams Feed Widget
- Microsoft 365 File Viewer Widget
- Microsoft 365 Viva Communities Widget
- Staffbase Microsoft 365 Calendar Plugin
- Staffbase Microsoft 365 Files Plugin
Staffbase Microsoft 365 Search and Widgets
Use the following permissions under the app you used for setting up Microsoft Connection.
If you used the default Azure app, you can find the permissions under Staffbase Integrations.
Display Name |
Claim Value |
Permission Type |
Admin Consent required |
Description |
Sign in and read user profile |
User.Read |
Delegated |
No |
Allows users to sign-in to the app, and for the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
Read items in all site collections |
Sites.Read.All |
Delegated |
No |
Allows the app to read documents and list items in all site collections on behalf of the signed-in user |
Read all user files |
Files.Read |
Delegated |
No |
Allows the app to read the signed-in user's files. |
Read all files that user can access |
Files.Read.All |
Delegated |
No |
Allows the app to read all files the signed-in user can access. |
Read all users' full profiles |
User.Read.All |
Delegated |
Yes |
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization on behalf of the signed-in user. |
Read all groups |
Group.Read.All |
Delegated |
Yes |
Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendars, conversations, files, and other group content for all groups the signed-in user can access. |
Read user calendars |
Calendars.Read |
Delegated |
No |
Allows the app to read events in user calendars . |
Read user and shared calendars |
Calendars.Read.Shared |
Delegated |
No |
Allows the app to read events in all calendars that the user can access, including delegate and shared calendars. |
Read user chat messages |
Chat.Read |
Delegated |
No |
Allows an app to read 1:1 or group chat threads, on behalf of the signed-in user. |
Access user's data anytime | offline_access | Delegated | No | Allows the app to read and update user data, even when they are not currently using the app. |
Microsoft 365 Search
You need the following permissions for Microsoft 365 Search:
- User.Read
- Sites.Read.All
- offline_access
Microsoft 365 Document Library Widget
You need the following permissions for Microsoft 365 Document Library widget:
- User.Read
- Sites.Read.All
- Files.Read
- offline_access
Microsoft 365 Files Widget
You need the following permissions for Microsoft 365 Files widget:
- User.Read
- Sites.Read.All
- offline_access
Microsoft 365 Sites Widget
You need the following permissions for Microsoft 365 Sites widget:
- User.Read
- Sites.Read.All
- offline_access
Microsoft 365 Calendar Widget
You need the following permissions for Microsoft 365 Calendar widget:
- User.Read
- User.Read.All
- Calendars.Read
- Calendars.Read.Shared
- offline_access
Microsoft 365 Tasks Widget
You need the following permissions for Microsoft 365 Tasks widget:
- User.Read
- Group.Read.All
- offline_access
Microsoft 365 Teams Overview Widget
You need the following permissions for Microsoft 365 Teams Overview widget:
- User.Read
- User.Read.All
- Group.Read.All
- offline_access
Microsoft 365 Teams Feed Widget
You need the following permissions for Microsoft 365 Teams Feed widget:
- User.Read
- User.Read.All
- Group.Read.All
- Chat.Read
- offline_access
Microsoft 365 File Viewer Widget
You need the following permissions for Microsoft 365 File Viewer widget:
- User.Read
- Files.Read.All
- offline_access
Microsoft 365 Viva Communities Widget
You need the following permission for the Microsoft 365 Viva Communities widget:
- Group.Read.All
Staffbase Microsoft 365 Calendar Plugin
You can find the following permissions if you are using the Microsoft 365 Calendar Plugin under the app name Staffbase MS365 Calendar Plugin:
Display Name |
Claim Value |
Permission Type |
Admin Consent required |
Description |
Read user and shared calendars |
Calendars.Read.Shared |
Delegated |
No |
Allows the app to read events in all calendars that the user can access, including delegate and shared calendars. |
Read all groups |
Group.Read.All |
Delegated |
Yes |
Allows the app to list groups and read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendars, conversations, files, and other group content for all groups the signed-in user can access. |
Sign in and read user profile |
User.Read |
Delegated |
No |
Allows users to sign in to the app and for the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
Read all users' basic profiles |
User.ReadBasic.All |
Delegated |
No |
Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, and image. |
Sign users in |
openid |
Delegated |
No |
Allows users to sign in to the app and for the app to see basic user profile information. |
View users' basic profile |
profile |
Delegated |
No |
Allows the app to see your users' basic profile (name, image, user name) |
Staffbase Microsoft 365 Files Plugin
You can find the following permissions if you are using the Microsoft 365 Files Plugin under the app name Staffbase MS365 Files Plugin:
Display Name |
Claim Value |
Permission Type |
Admin Consent required |
Description |
Read user files |
Files.Read |
Delegated |
No |
Allows the app to read the signed-in user's files. |
Read all files that user can access |
Files.Read.All |
Delegated |
No |
Allows the app to read all files the signed-in user can access. |
Read items in all site collections |
Sites.Read.All |
Delegated |
No |
Allows the application to read documents and list items in all site collections on behalf of the signed-in user |
Sign in and read user profile |
User.Read |
Delegated |
No |
Allows users to sign-in to the app, and for the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
Sign users in |
openid |
Delegated |
No |
Allows users to sign in to the app and for the app to see basic user profile information. |
View users' basic profile |
profile |
Delegated |
No |
Allows the app to see your users' basic profile (name, image, user name) |
Comments
0 comments
Please sign in to leave a comment.