API authorizations for the Connector for Microsoft 365 and Teams

You must set the following API authorizations in Microsoft Azure for the use of Connector for Microsoft 365 and Teams.

Permission types

The authorizations are of the type "Delegated" and "Application". The actions linked to the "Delegated" type authorizations are executed by a (personal) Microsoft 365 user. The actions associated with the "Application" type authorizations are executed by a Microsoft 365 service account.

There is often the same authorization for both the "Delegated" and "Application" type. Depending on the use case, it may be desired for an action to be performed by a personal user or by a service account. Accordingly, you can select in Intrexx whether Intrexx should log in to Microsoft 365 via a (personal) user or via a service account.

Detailed information on this can be found in section New registration - static user accounts and New registration - service accounts.

Please note that an Entra ID (formerly Azure AD) administrator must grant administrator approval for the "Application" type authorizations.

API permissions

In the input field below you can enter a term, by which the table will then be filtered.

API/Permission name

TYPE

Description

Admin consent

Calendars.ReadDelegatedRead access to user calendarsNo
Calendars.Read.SharedDelegatedRead users and shared calendarsNo
Calendars.ReadWriteDelegatedHas full access to user calendars.No
Calendars.ReadWriteApplicationRead and write calendars in all mailboxesYes
Channel.CreateDelegatedCreate channelsYes
Channel.ReadBasic.AllDelegatedRead the names and descriptions of channelsNo
Channel.ReadBasic.AllApplicationRead the names and descriptions of all channelsYes
ChannelMessage.Read.AllDelegatedRead user channel messagesYes
ChannelMessage.SendDelegatedSend channel messagesNo
Chat.CreateDelegatedCreate chatsNo
Chat.ReadDelegatedRead user chat messagesNo
Chat.Read.AllApplicationRead all chat messagesYes
Chat.ReadBasicDelegatedRead names and members of user chat threadsNo
Chat.ReadWriteDelegatedRead and write user chat messagesNo
Directory.Read.AllApplicationRead directory dataYes
emailDelegatedShow user email addressNo
Files.ReadWrite.AllDelegatedFull access to all files that the user can accessNo
Group.CreateApplicationCreate groupsYes
Group.ReadWrite.AllApplicationRead and write all groupsYes
GroupMember.Read.AllApplicationRead all group membershipsYes
GroupMember.ReadWrite.AllApplicationRead and write all group membershipsYes
Mail.ReadWrite *DelegatedRead and write access to user emailsNo
Mail.Send *DelegatedSend emails under a different user nameNo

offline_access

(OpenID Permissions)

DelegatedKeep access to data for which you have given accessNo
Presence.ReadDelegatedRead user's presence informationNo
Presence.ReadWrite.All *ApplicationRead and write presence information for all usersYes
ProfileDelegatedShow basic profile of usersNo
Sites.Read.AllDelegatedRead elements in all site collectionsNo
Sites.Read.AllApplicationRead items in all site collectionsYes
Sites.ReadWrite.All *DelegatedEdit or delete elements in all site collectionsNo
Team.CreateDelegatedCreate teamsNo
Team.CreateApplicationCreate teamsYes
Team.ReadBasic.AllDelegatedRead the names and descriptions of teamsNo
Team.ReadBasic.AllApplicationGet a list of all teamsYes
TeamMember.ReadWrite.AllDelegatedAdd and remove members from teamsYes
User.Read.AllApplicationRead all users' full profilesYes

*optional

Specify API permissions in Intrexx

In Connector for Microsoft 365 and Teams, you must enter the authorizations (scope) with which Intrexx users or Intrexx service accounts should access Microsoft 365 under the menu item "Authentication". You can store the permissions individually there. The individual permissions must be separated by a space.

You can also enter "https://graph.microsoft.com/.default" at Connector for Microsoft 365 and Teams. The Intrexx users or Intrexx service accounts then access Microsoft 365 with the permissions that you have granted in Microsoft Azure.

Detailed information on this can be found in section New registration - Authentication.