MS Entra ID permissions overview
On this page you will find overview of all MS Entra ID permissions you may need when setting up various Alvao components.
MS Entra ID User Authentication
- API: APIs my organization uses / ALVAO
- Delegated: user_impersonation
- Application: Internal.Access
- API: Microsoft APIs / Microsoft Graph
- Delegated: User_Read
Service Desk users status
- API: Microsoft APIs / Microsoft Graph
- Application: Presence.Read.All
Portrait import
- API: Microsoft APIs / Microsoft Graph
- Application: User.Read.All
Loading messages (Oauth 2.0)
- API: APIs my organization uses/Office 365 Exchange Online
- Application: full_access_as_appl
Seending messages (Oauth 2.0)
- API: APIs my organization uses/Office 365 Exchange Online
- Application: SMTP.SendAsApp
ALVAO for Outlook
- API: Microsoft APIs / Microsoft Graph
- Delegated: User_Read, Mail.Read, Mail.Read.Shared
ALVAO for Teams
- API: Microsoft APIs / Microsoft Graph
- Application: AppCatalog.ReadAll, TeamsAppInstallation.ReadForUser.All
SharePoint/OneDrive attachments
- API: Microsoft APIs / Microsoft Graph
- Delegated: User_Read, Files.Read.All, MFiles.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
- API: Microsoft APIs/SharePoint
- Delegated: AllSites.Read, AllSites.Write, MyFiles.Read, MyFiles.Write
Microsoft Intune Connector
API: Microsoft APIs / Microsoft Graph
- Application: Device.Read.All, DeviceManagementApps.Read.All, DeviceManagementManagedDevices.Read.All, DeviceManagementConfiguration.Read.All, User.Read.All
- Delegated: User.Read
Importing license assignments from Microsoft 365
API: Microsoft APIs / Microsoft Graph
- Application: Organization.Read.All, User.Read.All
note
As the Internal.Access is not very common, you need to follow these steps to set it up:
- ME-ID -> App registration -> find the Alvao app -> App roles -> Button "+ Create app role". Enter these parameters:
Display name: Internal Acess
Allowed member types: Applications
Value: Internal.Access
Description: _for example_ Alvao role
A check box pro enable this app role dát na Ano
-
ME-ID -> App registration -> find the Alvao app> -> API permissions -> Button "+ Add a permission" -> Tab "APIs my organization uses" -> find the Alvao app -> Type Delegated permision -> Select "Internal.Access"