API authorizations for the Connector for Microsoft 365 and Teams
You must set the following API authorizations in Microsoft Azure for the use of Connector for Microsoft 365 and Teams.
Permission types
The authorizations are of the type "Delegated" and "Application". The actions linked to the "Delegated" type authorizations are executed by a (personal) Microsoft 365 user. The actions associated with the "Application" type authorizations are executed by a Microsoft 365 service account.
There is often the same authorization for both the "Delegated" and "Application" type. Depending on the use case, it may be desired for an action to be performed by a personal user or by a service account. Accordingly, you can select in Intrexx whether Intrexx should log in to Microsoft 365 via a (personal) user or via a service account.
Detailed information on this can be found in section New registration - static user accounts and New registration - service accounts.
Please note that an Entra ID (formerly Azure AD) administrator must grant administrator approval for the "Application" type authorizations.
API permissions
In the input field below you can enter a term, by which the table will then be filtered.
API/Permission name | TYPE | Description | Admin consent |
|---|---|---|---|
| Calendars.Read | Delegated | Read access to user calendars | No |
| Calendars.Read.Shared | Delegated | Read users and shared calendars | No |
| Calendars.ReadWrite | Delegated | Has full access to user calendars. | No |
| Calendars.ReadWrite | Application | Read and write calendars in all mailboxes | Yes |
| Channel.Create | Delegated | Create channels | Yes |
| Channel.ReadBasic.All | Delegated | Read the names and descriptions of channels | No |
| Channel.ReadBasic.All | Application | Read the names and descriptions of all channels | Yes |
| ChannelMessage.Read.All | Delegated | Read user channel messages | Yes |
| ChannelMessage.Send | Delegated | Send channel messages | No |
| Chat.Create | Delegated | Create chats | No |
| Chat.Read | Delegated | Read user chat messages | No |
| Chat.Read.All | Application | Read all chat messages | Yes |
| Chat.ReadBasic | Delegated | Read names and members of user chat threads | No |
| Chat.ReadWrite | Delegated | Read and write user chat messages | No |
| Directory.Read.All | Application | Read directory data | Yes |
| Delegated | Show user email address | No | |
| Files.ReadWrite.All | Delegated | Full access to all files that the user can access | No |
| Group.Create | Application | Create groups | Yes |
| Group.ReadWrite.All | Application | Read and write all groups | Yes |
| GroupMember.Read.All | Application | Read all group memberships | Yes |
| GroupMember.ReadWrite.All | Application | Read and write all group memberships | Yes |
| Mail.ReadWrite * | Delegated | Read and write access to user emails | No |
| Mail.Send * | Delegated | Send emails under a different user name | No |
offline_access (OpenID Permissions) | Delegated | Keep access to data for which you have given access | No |
| Presence.Read | Delegated | Read user's presence information | No |
| Presence.ReadWrite.All * | Application | Read and write presence information for all users | Yes |
| Profile | Delegated | Show basic profile of users | No |
| Sites.Read.All | Delegated | Read elements in all site collections | No |
| Sites.Read.All | Application | Read items in all site collections | Yes |
| Sites.ReadWrite.All * | Delegated | Edit or delete elements in all site collections | No |
| Team.Create | Delegated | Create teams | No |
| Team.Create | Application | Create teams | Yes |
| Team.ReadBasic.All | Delegated | Read the names and descriptions of teams | No |
| Team.ReadBasic.All | Application | Get a list of all teams | Yes |
| TeamMember.ReadWrite.All | Delegated | Add and remove members from teams | Yes |
| User.Read.All | Application | Read all users' full profiles | Yes |
*optional
Specify API permissions in Intrexx
In Connector for Microsoft 365 and Teams, you must enter the authorizations (scope) with which Intrexx users or Intrexx service accounts should access Microsoft 365 under the menu item "Authentication". You can store the permissions individually there. The individual permissions must be separated by a space.
You can also enter "https://graph.microsoft.com/.default" at Connector for Microsoft 365 and Teams. The Intrexx users or Intrexx service accounts then access Microsoft 365 with the permissions that you have granted in Microsoft Azure.
Detailed information on this can be found in section New registration - Authentication.
Send us an e-mail