API permissions for the Connector for Microsoft 365 and Teams

You must set the following API permissions in Microsoft Azure to use the Connector for Microsoft 365 and Teams.

Permission types

The permissions are of the "Delegated" and "Application" types. The actions associated with the permissions of the "Delegated" type are performed by a (personal) Microsoft 365 user. The actions associated with the permissions of the "Application" type are performed by a Microsoft 365 service account.

Often there is the same permission for both the "Delegated" and "Application" types. Depending on the use case, it may be desired for an action to be performed by a personal user or by a service account. Accordingly, you can select in Intrexx whether Intrexx should log in to Microsoft 365 via a (personal) user or via a service account.

For detailed information, see section New registration - static user accounts and New registration - service accounts.

Note that for "Application" permissions, an Entra ID (formerly Azure AD) administrator must give administrator approval.

API permissions

In the input field below, you can enter a term by which the table will then be filtered.

API/Permission name

TYPE

Description

Admin consent

Calendars.ReadDelegatedRead access to user calendarsNo
Calendars.Read.SharedDelegatedRead users and shared calendarsNo
Calendars.ReadWriteDelegatedHas full access to user calendars.No
Calendars.ReadWriteApplicationRead and write calendars in all mailboxesYes
Channel.CreateDelegatedCreate channelsYes
Channel.ReadBasic.AllDelegatedRead the names and descriptions of channelsNo
Channel.ReadBasic.AllApplicationRead the names and descriptions of all channelsYes
ChannelMessage.Read.AllDelegatedRead user channel messagesYes
ChannelMessage.SendDelegatedSend channel messagesNo
Chat.CreateDelegatedCreate chatsNo
Chat.ReadDelegatedRead user chat messagesNo
Chat.Read.AllApplicationRead all chat messagesYes
Chat.ReadBasicDelegatedRead names and members of user chat threadsNo
Chat.ReadWriteDelegatedRead and write user chat messagesNo
Directory.Read.AllApplicationRead directory dataYes
emailDelegatedShow user email addressNo
Files.ReadWrite.AllDelegatedFull access to all files that the user can accessNo
Group.CreateApplicationCreate groupsYes
Group.ReadWrite.AllApplicationRead and write all groupsYes
GroupMember.Read.AllApplication Read all group membershipsYes
GroupMember.ReadWrite.AllApplicationRead and write all group membershipsYes
Mail.ReadWrite *DelegatedRead and write access to user emailsNo
Mail.Send *DelegatedSend emails under a different user nameNo

offline_access

(OpenID Permissions)

DelegatedKeep access to data for which you have given accessNo
Presence.ReadDelegatedRead user's presence informationNo
Presence.ReadWrite.All *ApplicationRead and write presence information for all usersYes
profileDelegatedShow basic profile of usersNo
Sites.Read.AllDelegatedRead elements in all site collectionsNo
Sites.Read.AllApplicationRead items in all site collections Yes
Sites.ReadWrite.All *DelegatedEdit or delete elements in all site collectionsNo
Team.CreateDelegatedCreate teamsNo
Team.CreateApplicationCreate teamsYes
Team.ReadBasic.AllDelegatedRead the names and descriptions of teamsNo
Team.ReadBasic.AllApplicationGet a list of all teamsYes
TeamMember.ReadWrite.AllDelegatedAdd and remove members from teamsYes
User.Read.AllApplicationRead all users' full profilesYes

*optional

Specify API permissions in Intrexx

In the Connector for Microsoft 365 and Teams "Authentication" menu item you must enter the permissions (scope) with which Intrexx users or Intrexx service accounts are to access Microsoft 365. You can store the permissions individually there. The individual permissions must be separated by a space.

You can also store in Connector for Microsoft 365 and Teams "https://graph.microsoft.com/.default". Then the Intrexx users or Intrexx service accounts access Microsoft 365 with the permissions you have granted in Microsoft Azure.

For detailed information, see section New registration - Authentication.