DeliverPoint Microsoft Graph permissions

This is a list of the Microsoft Graph permissions requested by the DeliverPoint SPFx web part for SharePoint Online.

 

Following is a list of all of the Microsoft Graph permissions requested by the current version of DeliverPoint for SharePoint Online. You may decide not to approve any for which you do not need the functionality provided by that permission.

These are all "Delegated" permissions, which a Global or Application Admin can approve on the API Access page in the SharePoint Admin Center. They will then be listed as API Permissions under the SharePoint Online Client Extensibility Web Application Principal application in Azure AD in your tenant. 

ChannelSettings.Read.All: Needed for retrieving team channels (needed by the "Teams view" mode of the tree view)  

Directory.Read.All: Read information from AD: list of users, AD groups, and members of AD groups. Necessary for reporting and also for retrieving data prior to starting permission management operations. This is a basic permission that should always be granted for DeliverPoint to function properly. 

Directory.ReadWrite.All: Necessary for DeliverPoint operations that require modification of M365 groups (i.e. adding/removing members to/from a M365 group).

Files.Read.All: Needed for OneDrive reporting - both the OneDrive Permissions and OneDrive Sharing Links reports.

Files.ReadWrite.All: Only needed if you want the option to remove OneDrive permissions or sharing links from within those reports. 

InformationProtectionPolicy.Read (added in version 4.2.0.0): Allows DeliverPoint to report on Sensitivity Labels.

Mail.Read: Necessary for full functionality of user avatars and profile cards.

Mail.Send (added in version 4.1.0.0): Allows sending an email to users who are granted permission to an object.

People.Read.All: Necessary for full functionality of user avatars and profile cards.

Presence.Read.All: Necessary for full functionality of user avatars and profile cards.

Sites.Read.All: Necessary for full functionality of user avatars and profile cards.

User.Read.All: Necessary for full functionality of user avatars and profile cards.

 

Published June 21, 2023