API permissions for the Connector for Microsoft 365 and Teams
You must set the following API permissions in Microsoft Azure to use the Connector for Microsoft 365 and Teams.
Permission types
The permissions are of the "Delegated" and "Application" types. The actions associated with the permissions of the "Delegated" type are performed by a (personal) Microsoft 365 user. The actions associated with the permissions of the "Application" type are performed by a Microsoft 365 service account.
Often there is the same permission for both the "Delegated" and "Application" types. Depending on the use case, it may be desired for an action to be performed by a personal user or by a service account. Accordingly, you can select in Intrexx whether Intrexx should log in to Microsoft 365 via a (personal) user or via a service account.
For detailed information, see section New registration - static user accounts and New registration - service accounts.
Note that for "Application" type permissions, an AzureAD administrator must give administrator approval.
API permissions - Sorted alphabetically
API/Permission name | Type | Description | Admin consent | |
|---|---|---|---|---|
| 1 | Calendars.Read | Delegated | Read access to user calendars | No |
| 2 | Calendars.Read.Shared | Delegated | Read users and shared calendars | No |
| 3 | Calendars.ReadWrite | Delegated | Has full access to user calendars. | No |
| 4 | Calendars.ReadWrite | Application | Read and write calendars in all mailboxes | Yes |
| 5 | Channel.Create | Delegated | Create channels | Yes |
| 6 | Channel.ReadBasic.All | Delegated | Read the names and descriptions of channels | No |
| 7 | Channel.ReadBasic.All | Application | Read the names and descriptions of all channels | Yes |
| 8 | ChannelMessage.Read.All | Delegated | Read user channel messages | Yes |
| 9 | ChannelMessage.Send | Delegated | Send channel messages | No |
| 10 | Chat.Create | Delegated | Create chats | No |
| 11 | Chat.Read | Delegated | Read user chat messages | No |
| 12 | Chat.Read.All | Application | Read all chat messages | Yes |
| 13 | Chat.ReadBasic | Delegated | Read names and members of user chat threads | No |
| 14 | Chat.ReadWrite | Delegated | Read and write user chat messages | No |
| 15 | Directory.Read.All | Application | Read directory data | Yes |
| 16 | Delegated | Show user email address | No | |
| 17 | Files.ReadWrite.All | Delegated | Full access to all files that the user can access | No |
| 18 | Group.Create | Application | Create groups | Yes |
| 19 | Group.ReadWrite.All | Application | Read and write all groups | Yes |
| 20 | GroupMember.Read.All | Application | Read all group memberships | Yes |
| 21 | GroupMember.ReadWrite.All | Application | Read and write all group memberships | Yes |
| 22 | Mail.ReadWrite * | Delegated | Read and write access to user emails | No |
| 23 | Mail.Send * | Delegated | Send emails under a different user name | No |
| 24 | offline_access (OpenID Permissions) | Delegated | Keep access to data for which you have given access | No |
| 25 | Presence.Read | Delegated | Read user's presence information | No |
| 26 | Presence.ReadWrite.All * | Application | Read and write presence information for all users | Yes |
| 27 | profile | Delegated | Show basic profile of users | No |
| 28 | Sites.Read.All | Delegated | Read elements in all site collections | No |
| 29 | Sites.Read.All | Application | Read items in all site collections | Yes |
| 30 | Sites.ReadWrite.All * | Delegated | Edit or delete elements in all site collections | No |
| 31 | Team.Create | Delegated | Create teams | No |
| 32 | Team.Create | Application | Create teams | Yes |
| 33 | Team.ReadBasic.All | Delegated | Read the names and descriptions of teams | No |
| 34 | Team.ReadBasic.All | Application | Get a list of all teams | Yes |
| 35 | TeamMember.ReadWrite.All | Delegated | Add and remove members from teams | Yes |
| 36 | User.Read.All | Application | Read all users' full profiles | Yes |
*optional
API Permissions - Sorted by Type
API/Permission name | Type | Description | Admin consent | |
|---|---|---|---|---|
| 1 | Group.Create | Application | Create groups | Yes |
| 2 | Team.ReadBasic.All | Application | Get a list of all teams | Yes |
| 3 | Team.Create | Application | Create teams | Yes |
| 4 | Sites.Read.All | Application | Read items in all site collections | Yes |
| 5 | Presence.ReadWrite.All * | Application | Read and write presence information for all users | Yes |
| 6 | GroupMember.ReadWrite.All | Application | Read and write all group memberships | Yes |
| 7 | GroupMember.Read.All | Application | Read all group memberships | Yes |
| 8 | Group.ReadWrite.All | Application | Read and write all groups | Yes |
| 9 | Directory.Read.All | Application | Read directory data | Yes |
| 10 | Chat.Read.All | Application | Read all chat messages | Yes |
| 11 | User.Read.All | Application | Read all users' full profiles | Yes |
| 12 | Calendars.ReadWrite | Application | Read and write calendars in all mailboxes | Yes |
| 13 | Channel.ReadBasic.All | Application | Read the names and descriptions of all channels | Yes |
| 14 | Chat.Create | Delegated | Create chats | No |
| 15 | Calendars.Read.Shared | Delegated | Read users and shared calendars | No |
| 16 | Team.ReadBasic.All | Delegated | Read the names and descriptions of teams | No |
| 17 | Calendars.ReadWrite | Delegated | Has full access to user calendars. | No |
| 18 | Team.Create | Delegated | Create teams | No |
| 19 | Sites.ReadWrite.All * | Delegated | Edit or delete elements in all site collections | No |
| 20 | Sites.Read.All | Delegated | Read elements in all site collections | No |
| 21 | profile | Delegated | Show basic profile of users | No |
| 22 | Channel.Create | Delegated | Create channels | Yes |
| 23 | Presence.Read | Delegated | Read user's presence information | No |
| 24 | offline_access (OpenID Permissions) | Delegated | Keep access to data for which you have given access | No |
| 25 | Mail.Send * | Delegated | Send emails under a different user name | No |
| 26 | Mail.ReadWrite * | Delegated | Read and write access to user emails | No |
| 27 | Channel.ReadBasic.All | Delegated | Read the names and descriptions of channels | No |
| 28 | ChannelMessage.Read.All | Delegated | Read user channel messages | Yes |
| 29 | TeamMember.ReadWrite.All | Delegated | Add and remove members from teams | Yes |
| 30 | Files.ReadWrite.All | Delegated | Full access to all files that the user can access | No |
| 31 | Delegated | Show user email address | No | |
| 32 | ChannelMessage.Send | Delegated | Send channel messages | No |
| 33 | Chat.ReadWrite | Delegated | Read and write user chat messages | No |
| 34 | Chat.ReadBasic | Delegated | Read names and members of user chat threads | No |
| 35 | Chat.Read | Delegated | Read user chat messages | No |
| 36 | Calendars.Read | Delegated | Read access to user calendars | No |
*optional
Specify API permissions in Intrexx
In the Connector for Microsoft 365 and Teams "Authentication" menu item you must enter the permissions (scope) with which Intrexx users or Intrexx service accounts are to access Microsoft 365. You can store the permissions individually there. The individual permissions must be separated by a space.
You can also store in Connector for Microsoft 365 and Teams "https://graph.microsoft.com/.default". Then the Intrexx users or Intrexx service accounts access Microsoft 365 with the permissions you have granted in Microsoft Azure.
For detailed information, see section New registration - Authentication.
Email us