eG Tests Requiring Microsoft Graph App Permissions
Some tests that the eG agent runs require that a Microsoft Graph App be registered with Microsoft Entra ID, with the following permissions. Note that the tests below will not run without the specified permissions.
A. Microsoft Graph API - Application Permissions
|
Permission |
Purpose |
Test |
Component |
|
Calendars.ReadWrite |
Allows app to read and write calendars in all mailboxes |
Calendar Event Operations |
Microsoft Exchange Online |
|
Reports.Read.All
|
Allows app to read all usage reports
|
|
Microsoft Office 365 |
|
Microsoft Exchange Online |
||
|
Microsoft SharePoint Online |
||
|
Microsoft Teams |
||
|
Microsoft OneDrive for Business |
||
|
Microsoft Yammer |
||
|
ServiceHealth.Read.All
|
Allows app to read service health
|
O365 Service Health |
Microsoft Office 365 |
|
Exchange Service Health |
Microsoft Exchange Online |
||
|
SharePoint Service Health |
Microsoft SharePoint Online |
||
|
Teams Service Health |
Microsoft Teams |
||
|
OneDrive Service Health |
Microsoft OneDrive for Business |
||
|
Yammer Service Health |
Microsoft Yammer |
||
|
ServiceMessage.Read.All
|
Allows app to read service messages
|
O365 Message Center Communications |
Microsoft Office 365 |
|
Exchange Message Center Communications |
Microsoft Exchange Online |
||
|
SharePoint Message Center Communications |
Microsoft SharePoint Online |
||
|
Teams Message Center Communications |
Microsoft Teams |
||
|
OneDrive Message Center Communications |
Microsoft OneDrive for Business |
||
|
Yammer Message Center Communications |
Microsoft Yammer |
||
|
User.Read.All |
Allows app to read the full profile of all users |
O365 Users Details |
Microsoft Office 365 |
|
Mail.ReadWrite |
Allows app to read and write mail in all mailboxes |
Mail Flow
|
Microsoft Exchange Online
|
|
Mail.Send |
Allows app to send mail as any user |
||
|
Sites.FullControl.All
|
Allows the application to have full control of all site collections on behalf of the signed-in user. |
|
Microsoft SharePoint Online |
|
Microsoft OneDrive for Business |
B. Microsoft Graph API - Delegated Permissions
|
Permission |
Purpose |
Test |
Component |
|
Channel.Create |
Allows app to create channels |
Channel Operations |
Microsoft Teams |
|
ChannelMember.ReadWrite.All |
Allows app to add and remove channel members |
||
|
ChannelMessage.Read.All |
Allows app to read user channel messages |
||
|
ChannelMessage.Send |
Allows app to send channel messages |
||
|
ChannelSettings.ReadWrite.All |
Allows app to read and write the names, descriptions, and settings of all channels, on behalf of the signed-in user. |
||
|
Chat.Create |
Allows app to create chats |
Chat Operations |
Microsoft Teams |
|
Chat.ReadWrite |
Allows app to read and write user chat messages |
||
|
ChatMember.ReadWrite |
Allows app to add and remove chat members |
||
|
ChatMessage.Send |
Allows app to send user chat messages |
||
|
Directory.ReadWrite.All |
Allows app to read and write data in your organization's directory, such as users, and groups |
|
Microsoft Teams |
|
Team.Create |
Allows app to create teams |
Team Operations |
Microsoft Teams |
|
TeamMember.ReadWrite.All |
Allows app to add and remove members from teams, on behalf of the signed-in user. |
||
|
TeamSettings.ReadWrite.All |
Allows app to read and change all teams' settings, on behalf of the signed-in user. |
||
|
CallRecords.Read.All |
Allows the app to read call records for all calls and online meetings without a signed-in user |
|
Microsoft Teams |
C. Microsoft Yammer API - Delegated Permissions
|
Permission |
Purpose |
Test |
Component |
|
user_impersonation
|
Allows app to read/write to the Yammer platform |
|
Microsoft Yammer |
