Registering Microsoft Graph applications using the Azure Portal and assigning API Permissions is trivial. When you are automating that process though rather than choosing API permissions using the Azure Portal Application Registration UI, you need to know the Microsoft Graph Permission Scope IDs.
Obtaining Scope Details
Using a PowerShell Azure Cloud Shell CLI I retrieved a list of the Service Principals, selected the Microsoft Graph Service Principal and enumerated the oAuth Scopes.
Note: The appID for Microsoft Graph is ‘00000003-0000-0000-c000-000000000000‘. In this post I list a bunch of the well-known App IDs.
Below is the PowerShell script I put together to enumerate and sort the Application and Delegated Microsoft Graph Permission Scope IDs using an Azure PowerShell Cloud Shell.
List of Application Scope IDs
Here is the output from the above script for the Microsoft Graph oAuth application based permissions. Delegated permissions are listed after the application permissions further below.
id : ebfcd32b-babb-40f4-a14b-42706e83bd28
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.
adminConsentDisplayName : Read all access reviews that user can access
value : AccessReview.Read.All
id : e4aa47b9-9a69-4109-82ed-36ec70d85ff1
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.
adminConsentDisplayName : Manage all access reviews that user can access
value : AccessReview.ReadWrite.All
id : 5af8c3f5-baca-439a-97b0-ea58a435e269
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to
in the organization.
adminConsentDisplayName : Manage access reviews for group and app memberships
value : AccessReview.ReadWrite.Membership
id : 3361d15d-be43-4de6-b441-3c746d05163d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read administrative units and administrative unit membership on behalf of the signed-in user.
adminConsentDisplayName : Read administrative units
value : AdministrativeUnit.Read.All
id : 7b8a2d34-6b3f-4542-a343-54651608ad81
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create, read, update, and delete administrative units and manage administrative unit membership on behalf of the signed-in user.
adminConsentDisplayName : Read and write administrative units
value : AdministrativeUnit.ReadWrite.All
id : af2819c9-df71-4dd3-ade7-4d7c9dc653b7
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read terms of use agreements on behalf of the signed-in user.
adminConsentDisplayName : Read all terms of use agreements
value : Agreement.Read.All
id : ef4b5d93-3104-4664-9053-a5c49ab44218
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write terms of use agreements on behalf of the signed-in user.
adminConsentDisplayName : Read and write all terms of use agreements
value : Agreement.ReadWrite.All
id : 0b7643bb-5336-476f-80b5-18fbfbc91806
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read terms of use acceptance statuses on behalf of the signed-in user.
adminConsentDisplayName : Read user terms of use acceptance statuses
value : AgreementAcceptance.Read
id : a66a5341-e66e-4897-9d52-c2df58c2bfb9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read terms of use acceptance statuses on behalf of the signed-in user.
adminConsentDisplayName : Read terms of use acceptance statuses that user can access
value : AgreementAcceptance.Read.All
id : 1b6ff35f-31df-4332-8571-d31ea5a4893f
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the API connectors used in user authentication flows, on behalf of the signed-in user.
adminConsentDisplayName : Read API connectors for authentication flows
value : APIConnectors.Read.All
id : c67b52c5-7c69-48b6-9d48-7b3af3ded914
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, create and manage the API connectors used in user authentication flows, on behalf of the signed-in user.
adminConsentDisplayName : Read and write API connectors for authentication flows
value : APIConnectors.ReadWrite.All
id : 1ca167d5-1655-44a1-8adf-1414072e1ef9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create, read, update, and delete apps in the app catalogs.
adminConsentDisplayName : Read and write to all app catalogs
value : AppCatalog.ReadWrite.All
id : c79f8feb-a9db-4090-85f9-90d820caa0eb
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read applications and service principals on behalf of the signed-in user.
adminConsentDisplayName : Read applications
value : Application.Read.All
id : bdfbf15f-ee85-4955-8675-146e8e5296b5
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants.
adminConsentDisplayName : Read and write all applications
value : Application.ReadWrite.All
id : 84bccea3-f856-4a8a-967b-dbe0a3d53a64
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user.
adminConsentDisplayName : Manage app permission grants and app role assignments
value : AppRoleAssignment.ReadWrite.All
id : 1196552e-b226-4363-b01e-b8901fe10a11
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read approvals on behalf of the signed-in user.
adminConsentDisplayName : Read approvals
value : Approval.Read.All
id : 1d3d0bc7-4b3a-427a-ae9f-6de4e1edc95f
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write approvals on behalf of the signed-in user.
adminConsentDisplayName : Read and write approvals
value : Approval.ReadWrite.All
id : e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and query your audit log activities, on behalf of the signed-in user.
adminConsentDisplayName : Read audit log data
value : AuditLog.Read.All
id : b27a61ec-b99c-4d6a-b126-c4375d08ae30
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read BitLocker keys on behalf of the signed-in user, for their owned devices. Allows read of the recovery key.
adminConsentDisplayName : Read BitLocker keys
value : BitlockerKey.Read.All
id : 5a107bfc-4f00-4e1a-b67e-66451267bc68
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read basic BitLocker key properties on behalf of the signed-in user, for their owned devices. Does not allow read of the recovery key itself.
adminConsentDisplayName : Read BitLocker keys basic information
value : BitlockerKey.ReadBasic.All
id : 101147cf-4178-4455-9d58-02b5c164e759
isEnabled : True
type : Admin
adminConsentDescription : Create channels in any team, on behalf of the signed-in user.
adminConsentDisplayName : Create channels
value : Channel.Create
id : cc83893a-e232-4723-b5af-bd0b01bcfe65
isEnabled : True
type : Admin
adminConsentDescription : Delete channels in any team, on behalf of the signed-in user.
adminConsentDisplayName : Delete channels
value : Channel.Delete.All
id : 2eadaff8-0bce-4198-a6b9-2cfc35a30075
isEnabled : True
type : Admin
adminConsentDescription : Read the members of channels, on behalf of the signed-in user.
adminConsentDisplayName : Read the members of channels
value : ChannelMember.Read.All
id : 0c3e411a-ce45-4cd1-8f30-f99a3efa7b11
isEnabled : True
type : Admin
adminConsentDescription : Add and remove members from channels, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner.
adminConsentDisplayName : Add and remove members from channels
value : ChannelMember.ReadWrite.All
id : 767156cb-16ae-4d10-8f8b-41b657c8c8c8
isEnabled : True
type : Admin
adminConsentDescription : Allows an app to read a channel's messages in Microsoft Teams, on behalf of the signed-in user.
adminConsentDisplayName : Read user channel messages
value : ChannelMessage.Read.All
id : 233e0cf1-dd62-48bc-b65b-b38fe87fcf8e
isEnabled : True
type : Admin
adminConsentDescription : Read all channel names, channel descriptions, and channel settings, on behalf of the signed-in user.
adminConsentDisplayName : Read the names, descriptions, and settings of channels
value : ChannelSettings.Read.All
id : d649fb7c-72b4-4eec-b2b4-b15acf79e378
isEnabled : True
type : Admin
adminConsentDescription : Read and write the names, descriptions, and settings of all channels, on behalf of the signed-in user.
adminConsentDisplayName : Read and write the names, descriptions, and settings of channels
value : ChannelSettings.ReadWrite.All
id : c5a9e2b1-faf6-41d4-8875-d381aa549b24
isEnabled : True
type : Admin
adminConsentDescription : Read the members of chats, on behalf of the signed-in user.
adminConsentDisplayName : Read the members of chats
value : ChatMember.Read
id : dea13482-7ea6-488f-8b98-eb5bbecf033d
isEnabled : True
type : Admin
adminConsentDescription : Add and remove members from chats, on behalf of the signed-in user.
adminConsentDisplayName : Add and remove members from chats
value : ChatMember.ReadWrite
id : 9d77138f-f0e2-47ba-ab33-cd246c8b79d1
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user.
adminConsentDisplayName : Read and write Cloud PCs
value : CloudPC.ReadWrite.All
id : f3bfad56-966e-4590-a536-82ecf548ac1e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read consent requests and approvals on behalf of the signed-in user.
adminConsentDisplayName : Read consent requests
value : ConsentRequest.Read.All
id : 497d9dfa-3bd1-481a-baab-90895e54568c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read app consent requests and approvals, and deny or approve those requests on behalf of the signed-in user.
adminConsentDisplayName : Read and write consent requests
value : ConsentRequest.ReadWrite.All
id : ca46335e-8453-47cd-a001-8459884efeae
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write custom security attribute assignments for all principals in the tenant on behalf of a signed in user.
adminConsentDisplayName : Read and write custom security attribute assignments
value : CustomSecAttributeAssignment.ReadWrite.All
id : 8b0160d4-5743-482b-bb27-efc0a485ca4a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write custom security attribute definitions for the tenant on behalf of a signed in user.
adminConsentDisplayName : Read and write custom security attribute definitions
value : CustomSecAttributeDefinition.ReadWrite.All
id : 41ce6ca6-6826-4807-84f1-1c82854f7ee5
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage permission grants for delegated permissions exposed by any API (including Microsoft Graph), on behalf of the signed in user.
adminConsentDisplayName : Manage all delegated permission grants
value : DelegatedPermissionGrant.ReadWrite.All
id : 951183d1-1a61-466f-a6d1-1fde911bfd95
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization's devices' configuration information on behalf of the signed-in user.
adminConsentDisplayName : Read all devices
value : Device.Read.All
id : 4edf5f54-4666-44af-9de9-0144fb4b6e8c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.
adminConsentDisplayName : Read Microsoft Intune apps
value : DeviceManagementApps.Read.All
id : 7b3f05d5-f68c-4b8d-8c59-a2ecd12f24af
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.
adminConsentDisplayName : Read and write Microsoft Intune apps
value : DeviceManagementApps.ReadWrite.All
id : f1493658-876a-4c87-8fa7-edb559b3476a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
adminConsentDisplayName : Read Microsoft Intune Device Configuration and Policies
value : DeviceManagementConfiguration.Read.All
id : 0883f392-0a7a-443d-8c76-16a6d39c7b63
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
adminConsentDisplayName : Read and write Microsoft Intune Device Configuration and Policies
value : DeviceManagementConfiguration.ReadWrite.All
id : 3404d2bf-2b13-457e-a330-c24615765193
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
adminConsentDisplayName : Perform user-impacting remote actions on Microsoft Intune devices
value : DeviceManagementManagedDevices.PrivilegedOperations.All
id : 314874da-47d6-4978-88dc-cf0d37f0bb82
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the properties of devices managed by Microsoft Intune.
adminConsentDisplayName : Read Microsoft Intune devices
value : DeviceManagementManagedDevices.Read.All
id : 44642bfe-8385-4adc-8fc6-fe3cb2c375c3
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device?s owner.
adminConsentDisplayName : Read and write Microsoft Intune devices
value : DeviceManagementManagedDevices.ReadWrite.All
id : 49f0cc30-024c-4dfd-ab3e-82e137ee5431
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
adminConsentDisplayName : Read Microsoft Intune RBAC settings
value : DeviceManagementRBAC.Read.All
id : 0c5e8a55-87a6-4556-93ab-adc52c4d862d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.
adminConsentDisplayName : Read and write Microsoft Intune RBAC settings
value : DeviceManagementRBAC.ReadWrite.All
id : 8696daa5-bce5-4b2e-83f9-51b6defc4e1e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration.
adminConsentDisplayName : Read Microsoft Intune configuration
value : DeviceManagementServiceConfig.Read.All
id : 662ed50a-ac44-4eef-ad86-62eed9be2a29
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration.
adminConsentDisplayName : Read and write Microsoft Intune configuration
value : DeviceManagementServiceConfig.ReadWrite.All
id : 0e263e50-5827-48a4-b97c-d940288653c7
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to have the same access to information in the directory as the signed-in user.
adminConsentDisplayName : Access directory as the signed in user
value : Directory.AccessAsUser.All
id : 06da0dbc-49e2-44d2-8312-53f166ab848a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read data in your organization's directory, such as users, groups and apps.
adminConsentDisplayName : Read directory data
value : Directory.Read.All
id : c5366453-9fb0-48a5-a156-24f0c49a4b84
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords.
adminConsentDisplayName : Read and write directory data
value : Directory.ReadWrite.All
id : 2f9ee017-59c1-4f1d-9472-bd5529a7b311
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read all domain properties on behalf of the signed-in user.
adminConsentDisplayName : Read domains.
value : Domain.Read.All
id : 0b5d694c-a244-4bde-86e6-eb5cd07730fe
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write all domain properties on behalf of the signed-in user. Also allows the app to add, verify and remove domains.
adminConsentDisplayName : Read and write domains
value : Domain.ReadWrite.All
id : 99201db3-7652-4d5a-809a-bdb94f85fe3c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read eDiscovery objects such as cases, custodians, review sets and other
related objects on behalf of the signed-in user.
adminConsentDisplayName : Read all eDiscovery objects
value : eDiscovery.Read.All
id : acb8f680-0834-4146-b69e-4ab1b39745ad
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write eDiscovery objects such as cases, custodians, review sets
and other related objects on behalf of the signed-in user.
adminConsentDisplayName : Read and write all eDiscovery objects
value : eDiscovery.ReadWrite.All
id : 8523895c-6081-45bf-8a5d-f062a2f12c9f
isEnabled : True
type : Admin
adminConsentDescription : Read the state and settings of all Microsoft education apps on behalf of the user.
adminConsentDisplayName : Read education app settings
value : EduAdministration.Read
id : 63589852-04e3-46b4-bae9-15d5b1050748
isEnabled : True
type : Admin
adminConsentDescription : Manage the state and settings of all Microsoft education apps on behalf of the user.
adminConsentDisplayName : Manage education app settings
value : EduAdministration.ReadWrite
id : 091460c9-9c4a-49b2-81ef-1f3d852acce2
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read assignments and their grades on behalf of the user.
adminConsentDisplayName : Read users' class assignments and their grades
value : EduAssignments.Read
id : c0b0103b-c053-4b2e-9973-9f3a544ec9b8
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read assignments without grades on behalf of the user.
adminConsentDisplayName : Read users' class assignments without grades
value : EduAssignments.ReadBasic
id : 2f233e90-164b-4501-8bce-31af2559a2d3
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write assignments and their grades on behalf of the user.
adminConsentDisplayName : Read and write users' class assignments and their grades
value : EduAssignments.ReadWrite
id : 2ef770a1-622a-47c4-93ee-28d6adbed3a0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write assignments without grades on behalf of the user.
adminConsentDisplayName : Read and write users' class assignments without grades
value : EduAssignments.ReadWriteBasic
id : a4389601-22d9-4096-ac18-36a927199112
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the structure of schools and classes in an organization's roster and education-specific information about users to be read on behalf of the user.
adminConsentDisplayName : Read users' view of the roster
value : EduRoster.Read
id : 5d186531-d1bf-4f07-8cea-7c42119e1bd9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read a limited subset of the properties from the structure of schools and classes in an organization's roster and a limited subset of properties about users to be read on behalf of the user.Includes name, status, education role, email address and photo.
adminConsentDisplayName : Read a limited subset of users' view of the roster
value : EduRoster.ReadBasic
id : 359e19a6-e3fa-4d7f-bcab-d28ec592b51e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the structure of schools and classes in an organization's roster and education-specific information about users to be read and written on behalf of
the user.
adminConsentDisplayName : Read and write users' view of the roster
value : EduRoster.ReadWrite
id : 5449aa12-1393-4ea2-a7c7-d0e06c1a56b2
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read access packages and related entitlement management resources on behalf of the signed-in user.
adminConsentDisplayName : Read all entitlement management resources
value : EntitlementManagement.Read.All
id : ae7a573d-81d7-432b-ad44-4ed5c9d89038
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to request access to and management of access packages and related entitlement management resources on behalf of the signed-in user.
adminConsentDisplayName : Read and write entitlement management resources
value : EntitlementManagement.ReadWrite.All
id : 922f9392-b1b7-483c-a4be-0089be7704fb
isEnabled : True
type : Admin
adminConsentDescription : Allow the app to read external datasets and content, on behalf of the signed-in user.
adminConsentDisplayName : Read items in external datasets
value : ExternalItem.Read.All
id : 5f8c59db-677d-491f-a6b8-5f174b11ec1d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.
adminConsentDisplayName : Read all groups
value : Group.Read.All
id : 4e46008b-f24c-477d-8fff-7bb4ec7aafe0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content.
adminConsentDisplayName : Read and write all groups
value : Group.ReadWrite.All
id : bc024368-1153-4739-b217-4326f2e966d0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to list groups, read basic group properties and read membership of all groups the signed-in user has access to.
adminConsentDisplayName : Read group memberships
value : GroupMember.Read.All
id : f81125ac-d3b7-4573-a3b2-7099cc39df9e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to list groups, read basic properties, read and update the membership of the groups the signed-in user has access to. Group properties and owners cannot be updated and groups cannot be deleted.
adminConsentDisplayName : Read and write group memberships
value : GroupMember.ReadWrite.All
id : 43781733-b5a7-4d1b-98f4-e8edff23e1a9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization?s identity (authentication) providers? properties on behalf of the user.
adminConsentDisplayName : Read identity providers
value : IdentityProvider.Read.All
id : f13ce604-1677-429f-90bd-8a10b9f01325
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization?s identity (authentication) providers? properties on behalf of the user.
adminConsentDisplayName : Read and write identity providers
value : IdentityProvider.ReadWrite.All
id : 8f6a01e7-0391-4ee5-aa22-a3af122cef27
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read identity risk event information for all users in your organization on behalf of the signed-in user.
adminConsentDisplayName : Read identity risk event information
value : IdentityRiskEvent.Read.All
id : 9e4862a5-b68f-479e-848a-4e07e25c9916
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and update identity risk event information for all users in your organization on behalf of the signed-in user.Update operations include confirming risk event detections.
adminConsentDisplayName : Read and write risk event information
value : IdentityRiskEvent.ReadWrite.All
id : ea5c4ab0-5a73-4f35-8272-5d5337884e5d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read all risky service principal information for your organization, on behalf of the signed-in user.
adminConsentDisplayName : Read all identity risky service principal information
value : IdentityRiskyServicePrincipal.Read.All
id : bb6f654c-d7fd-4ae3-85c3-fc380934f515
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and update identity risky service principal information for all service principals in your organization, on behalf of the signed-in user. Update operations include dismissing risky service principals.
adminConsentDisplayName : Read and write all risky service principal information
value : IdentityRiskyServicePrincipal.ReadWrite.All
id : d04bb851-cb7c-4146-97c7-ca3e71baf56c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user.
adminConsentDisplayName : Read identity risky user information
value : IdentityRiskyUser.Read.All
id : e0a7cdbb-08b0-4697-8264-0069786e9674
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and update identity risky user information for all users in your organization on behalf of the signed-in user.Update operations include dismissing risky users.
adminConsentDisplayName : Read and write risky user information
value : IdentityRiskyUser.ReadWrite.All
id : 2903d63d-4611-4d43-99ce-a33f3f52e343
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization's user flows, on behalf of the signed-in user.
adminConsentDisplayName : Read all identity user flows
value : IdentityUserFlow.Read.All
id : 281892cc-4dbf-4e3a-b6cc-b21029bb4e82
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read or write your organization's user flows, on behalf of the signed-in user.
adminConsentDisplayName : Read and write all identity user flows
value : IdentityUserFlow.ReadWrite.All
id : f6a3db3e-f7e8-4ed2-a414-557c8c9830be
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the memberships of hidden groups and administrative units on behalf of the signed-in user, for those hidden groups and administrative units that the signed-in user has access to.
adminConsentDisplayName : Read hidden memberships
value : Member.Read.Hidden
id : 8c4d5184-71c2-4bf8-bb9d-bc3378c9ad42
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage hybrid identity service configuration by creating, viewing, updating and deleting on-premises published resources, on-premises agents and agent groups, on behalf of the signed-in user.
adminConsentDisplayName : Manage on-premises published resources
value : OnPremisesPublishingProfiles.ReadWrite.All
id : 4908d5b9-3fb2-4b1e-9336-1888b7937185
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the organization and related resources, on behalf of the signed-in user.Related resources include things like subscribed skus and tenant branding information.
adminConsentDisplayName : Read organization information
value : Organization.Read.All
id : 46ca0847-7e6b-426e-9775-ea810a948356
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the organization and related resources, on behalf of the signed-in user.Related resources include things like subscribed skus and tenant branding information.
adminConsentDisplayName : Read and write organization information
value : Organization.ReadWrite.All
id : 08432d1b-5911-483c-86df-7980af5cdee0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read all organizational contacts on behalf of the signed-in user. These contacts are managed by the organization and are different from a user's personal contacts.
adminConsentDisplayName : Read organizational contacts
value : OrgContact.Read.All
id : b89f9189-71a5-4e70-b041-9887f0bc7e4a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read a scored list of relevant people of the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications
(such as email and Skype).
adminConsentDisplayName : Read all users' relevant people lists
value : People.Read.All
id : cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
adminConsentDisplayName : Read all company places
value : Place.Read.All
id : 4c06a06a-098a-4063-868e-5dfee3827264
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage organization places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
adminConsentDisplayName : Read and write organization places
value : Place.ReadWrite.All
id : 572fea84-0151-49b2-9301-11cb16974376
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization's policies on behalf of the signed-in user.
adminConsentDisplayName : Read your organization's policies
value : Policy.Read.All
id : 414de6ea-2d92-462f-b120-6e2a809a6d01
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user.
adminConsentDisplayName : Read consent and permission grant policies
value : Policy.Read.PermissionGrant
id : b27add92-efb2-4f16-84f5-8108ba77985c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's application configuration policies on behalf of the signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.
adminConsentDisplayName : Read and write your organization's application configuration policies
value : Policy.ReadWrite.ApplicationConfiguration
id : edb72de9-4252-4d03-a925-451deef99db7
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the authentication flow policies, on behalf of the signed-in user.
adminConsentDisplayName : Read and write authentication flow policies
value : Policy.ReadWrite.AuthenticationFlows
id : 7e823077-d88e-468f-a337-e18f1f0e6c7c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the authentication method policies, on behalf of the signed-in user.
adminConsentDisplayName : Read and write authentication method policies
value : Policy.ReadWrite.AuthenticationMethod
id : edd3c878-b384-41fd-95ad-e7407dd775be
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default.
adminConsentDisplayName : Read and write your organization's authorization policy
value : Policy.ReadWrite.Authorization
id : ad902697-1014-4ef5-81ef-2b4301988e8c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's conditional access policies on behalf of the signed-in user.
adminConsentDisplayName : Read and write your organization's conditional access policies
value : Policy.ReadWrite.ConditionalAccess
id : 4d135e65-66b8-41a8-9f8b-081452c91774
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's consent requests policy on behalf of the signed-in user.
adminConsentDisplayName : Read and write consent request policy
value : Policy.ReadWrite.ConsentRequest
id : 40b534c3-9552-4550-901b-23879c90bcf9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's device configuration policies on behalf of the signed-in user. For example, device registration policy can limit initial provisioning controls using quota restrictions, additional authentication and authorization checks.
adminConsentDisplayName : Read and write your organization's device configuration policies
value : Policy.ReadWrite.DeviceConfiguration
id : 92a38652-f13b-4875-bc77-6e1dbb63e1b2
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's feature rollout policies on behalf of the signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature.
adminConsentDisplayName : Read and write your organization's feature rollout policies
value : Policy.ReadWrite.FeatureRollout
id : a8ead177-1889-4546-9387-f25e658e2a79
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's mobility management policies on behalf of the signed-in user. For example, a mobility management policy can set the enrollment scope for a given mobility management application.
adminConsentDisplayName : Read and write your organization's mobility management policies
value : Policy.ReadWrite.MobilityManagement
id : 2672f8bb-fd5e-42e0-85e1-ec764dd2614e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage policies related to consent and permission grants for applications, on behalf of the signed-in user.
adminConsentDisplayName : Manage consent and permission grant policies
value : Policy.ReadWrite.PermissionGrant
id : cefba324-1a70-4a6e-9c1d-fd670b7ae392
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write your organization's trust framework policies on behalf of the signed-in user.
adminConsentDisplayName : Read and write your organization's trust framework policies
value : Policy.ReadWrite.TrustFramework
id : d69c2d6d-4f72-4f99-a6b9-663e32f8cf68
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read print connectors on behalf of the signed-in user.
adminConsentDisplayName : Read print connectors
value : PrintConnector.Read.All
id : 79ef9967-7d59-4213-9c64-4b10687637d8
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and write print connectors on behalf of the signed-in user.
adminConsentDisplayName : Read and write print connectors
value : PrintConnector.ReadWrite.All
id : 90c30bed-6fd1-4279-bf39-714069619721
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to create (register) printers on behalf of the signed-in user.?
adminConsentDisplayName : Register printers??
value : Printer.Create
id : 93dae4bd-43a1-4a23-9a1a-92957e1d9121
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to create (register), read, update, and delete (unregister) printers on behalf of the signed-in user.
adminConsentDisplayName : Register, read, update, and unregister printers
value : Printer.FullControl.All
id : 3a736c8a-018e-460a-b60c-863b2683e8bf
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read printers on behalf of the signed-in user.?
adminConsentDisplayName : Read printers
value : Printer.Read.All
id : 89f66824-725f-4b8f-928e-e1c5258dc565
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and update printers on behalf of the signed-in user. Does not allow creating (registering) or deleting (unregistering) printers.
adminConsentDisplayName : Read and update printers
value : Printer.ReadWrite.All
id : 06ceea37-85e2-40d7-bec3-91337a46038f
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and update printer shares on behalf of the signed-in user.?
adminConsentDisplayName : Read and write printer shares
value : PrinterShare.ReadWrite.All
id : afdd6933-a0d8-40f7-bd1a-b5d778e8624b
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read the metadata and document content of print jobs on behalf of the signed-in user.
adminConsentDisplayName : Read print jobs
value : PrintJob.Read.All
id : 04ce8d60-72ce-4867-85cf-6d82f36922f3
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content.
adminConsentDisplayName : Read basic information of print jobs
value : PrintJob.ReadBasic.All
id : 036b9544-e8c5-46ef-900a-0646cc42b271
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and update the metadata and document content of print jobs on behalf of the signed-in user.
adminConsentDisplayName : Read and write print jobs
value : PrintJob.ReadWrite.All
id : 3a0db2f6-0d2a-4c19-971b-49109b19ad3d
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and update the metadata of print jobs on behalf of the signed-in user.Does not allow access to print job document content.
adminConsentDisplayName : Read and write basic information of print jobs
value : PrintJob.ReadWriteBasic.All
id : 490f32fd-d90f-4dd7-a601-ff6cdc1a3f6c
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read tenant-wide print settings on behalf of the signed-in user.
adminConsentDisplayName : Read tenant-wide print settings
value : PrintSettings.Read.All
id : 9ccc526a-c51c-4e5c-a1fd-74726ef50b8f
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to read and write tenant-wide print settings on behalf of the signed-in user.
adminConsentDisplayName : Read and write tenant-wide print settings
value : PrintSettings.ReadWrite.All
id : b3a539c9-59cb-4ad5-825a-041ddbdc2bdb
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles, on behalf of the signed-in user.
adminConsentDisplayName : Read privileged access to Azure AD
value : PrivilegedAccess.Read.AzureAD
id : d329c81c-20ad-4772-abf9-3f6fdb7e5988
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.
adminConsentDisplayName : Read privileged access to Azure AD groups
value : PrivilegedAccess.Read.AzureADGroup
id : 1d89d70c-dcac-4248-b214-903c457af83a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) on behalf of the signed-in user.
adminConsentDisplayName : Read privileged access to Azure resources
value : PrivilegedAccess.Read.AzureResources
id : 3c3c74f5-cdaa-4a97-b7e0-4e788bfcfb37
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to request and manage just in time elevation (including scheduled elevation) of users to Azure AD built-in administrative roles, on behalf of signed-in users.
adminConsentDisplayName : Read and write privileged access to Azure AD
value : PrivilegedAccess.ReadWrite.AzureAD
id : 32531c59-1f32-461f-b8df-6f8a3b89f73b
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.
adminConsentDisplayName : Read and write privileged access to Azure AD groups
value : PrivilegedAccess.ReadWrite.AzureADGroup
id : a84a9652-ffd3-496e-a991-22ba5529156a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to request and manage time-based assignment and just-in-time elevation of user privileges to manage Azure resources (like subscriptions, resource groups, storage, compute) on behalf of the signed-in users.
adminConsentDisplayName : Read and write privileged access to Azure resources
value : PrivilegedAccess.ReadWrite.AzureResources
id : c492a2e1-2f8f-4caa-b076-99bbf6e40fe4
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read programs and program controls that the signed-in user has access to in the organization.
adminConsentDisplayName : Read all programs that user can access
value : ProgramControl.Read.All
id : 50fd364f-9d93-4ae1-b170-300e87cccf84
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, update, delete and perform actions on programs and program controls that the signed-in user has access to in the organization.
adminConsentDisplayName : Manage all programs that user can access
value : ProgramControl.ReadWrite.All
id : 02e97553-ed7b-43d0-ab3c-f8bace0d040c
isEnabled : True
type : Admin
adminConsentDescription : Allows an app to read all service usage reports on behalf of the signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.
adminConsentDisplayName : Read all usage reports
value : Reports.Read.All
id : 344a729c-0285-42c6-9014-f12b9b8d6129
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles.
adminConsentDisplayName : Read all active role assignments for your company's directory
value : RoleAssignmentSchedule.Read.Directory
id : 8c026be3-8e26-4774-9372-8d5d6f21daff
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and manage the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing active directory role membership, and reading directory role templates, directory roles and active memberships.
adminConsentDisplayName : Read, update, and delete all active role assignments for your company's directory
value : RoleAssignmentSchedule.ReadWrite.Directory
id : eb0788c2-6d4e-4658-8c9e-c0fb8053f03d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles.
adminConsentDisplayName : Read all eligible role assignments for your company's directory
value : RoleEligibilitySchedule.Read.Directory
id : 62ade113-f8e0-4bf9-a6ba-5acb31db32fd
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and manage the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles
and eligible memberships.
adminConsentDisplayName : Read, update, and delete all eligible role assignments for your company's directory
value : RoleEligibilitySchedule.ReadWrite.Directory
id : 48fec646-b2ba-4019-8681-8eb31435aded
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the role-based access control (RBAC) settings for all RBAC providers, on behalf of the signed-in user. This includes reading role definitions and role assignments.
adminConsentDisplayName : Read role management data for all RBAC providers
value : RoleManagement.Read.All
id : 741c54c3-0c1e-44a1-818b-3f97ab4e8c83
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the role-based
access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading directory role templates,
directory roles and memberships.
adminConsentDisplayName : Read directory RBAC settings
value : RoleManagement.Read.Directory
id : d01b97e9-cbc0-49fe-810a-750afd5527a3
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes instantiating directory
roles and managing directory role membership, and reading directory role templates,
directory roles and memberships.
adminConsentDisplayName : Read and write directory RBAC settings
value : RoleManagement.ReadWrite.Directory
id : 3de2cdbe-0ff5-47d5-bdee-7f45b4749ead
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, on behalf of the signed-in user.
adminConsentDisplayName : Read all policies for privileged role assignments of your company's directory
value : RoleManagementPolicy.Read.Directory
id : 1ff1be21-34eb-448c-9ac9-ce1f506b2a68
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, on behalf of the signed-in user.
adminConsentDisplayName : Read, update, and delete all policies for privileged role assignments of your company's
directory
value : RoleManagementPolicy.ReadWrite.Directory
id : fccf6dd8-5706-49fa-811f-69e2e1b585d0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read schedule, schedule groups, shifts and associated entities in the Teams or Shifts application on behalf of the signed-in user.
adminConsentDisplayName : Read user schedule items
value : Schedule.Read.All
id : 63f27281-c9d9-4f29-94dd-6942f7f1feb0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage schedule, schedule groups, shifts and associated entities in the Teams or Shifts application on behalf of the signed-in user.
adminConsentDisplayName : Read and write user schedule items
value : Schedule.ReadWrite.All
id : 7d307522-aa38-4cd0-bd60-90c6f0ac50bd
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read search configuration, on behalf of the signed-in user.
adminConsentDisplayName : Read your organization's search configuration
value : SearchConfiguration.Read.All
id : b1a7d408-cab0-47d2-a2a5-a74a3733600d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write search configuration, on behalf of the signed-in user.
adminConsentDisplayName : Read and write your organization's search configuration
value : SearchConfiguration.ReadWrite.All
id : 1638cddf-07a4-4de2-8645-69c96cacad73
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read security actions, on behalf of the signed-in user.
adminConsentDisplayName : Read your organization's security actions
value : SecurityActions.Read.All
id : dc38509c-b87d-4da0-bd92-6bec988bac4a
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read or update security actions, on behalf of the signed-in user.
adminConsentDisplayName : Read and update your organization's security actions
value : SecurityActions.ReadWrite.All
id : 64733abd-851e-478a-bffb-e47a14b18235
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization?s security events on behalf of the signed-in user.
adminConsentDisplayName : Read your organization?s security events
value : SecurityEvents.Read.All
id : 6aedf524-7e1c-45a7-bd76-ded8cab8d0fc
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your organization?s security events on behalf of the signed-in user.
Also allows the app to update editable properties in security events on behalf of the
signed-in user.
adminConsentDisplayName : Read and update your organization?s security events
value : SecurityEvents.ReadWrite.All
id : 55896846-df78-47a7-aa94-8d3d4442ca7f
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your tenant's service health information on behalf of the signed-in user. Health information may include service issues or service health overviews.
adminConsentDisplayName : Read service health
value : ServiceHealth.Read.All
id : eda39fa6-f8cf-4c3c-a909-432c683e4c9b
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read your tenant's service announcement messages on behalf of the signed-in user. Messages may include information about new or changed features.
adminConsentDisplayName : Read service announcement messages
value : ServiceMessage.Read.All
id : 9f9ce928-e038-4e3b-8faf-7b59049a8ddc
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read service principal endpoints
adminConsentDisplayName : Read service principal endpoints
value : ServicePrincipalEndpoint.Read.All
id : 7297d82c-9546-4aed-91df-3d4f0a9b3ff0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to update service principal endpoints
adminConsentDisplayName : Read and update service principal endpoints
value : ServicePrincipalEndpoint.ReadWrite.All
id : 5a54b8b3-347c-476d-8f8e-42d5c7424d29
isEnabled : True
type : Admin
adminConsentDescription : Allows the application to have full control of all site collections on behalf of the signed-in user.
adminConsentDisplayName : Have full control of all site collections
value : Sites.FullControl.All
id : 5f88184c-80bb-4d52-9ff2-757288b2e9b7
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read all webhook subscriptions on behalf of the signed-in user.
adminConsentDisplayName : Read all webhook subscriptions
value : Subscription.Read.All
id : 2497278c-d82d-46a2-b1ce-39d4cdde5570
isEnabled : True
type : Admin
adminConsentDescription : Read the members of teams, on behalf of the signed-in user.
adminConsentDisplayName : Read the members of teams
value : TeamMember.Read.All
id : 4a06efd2-f825-4e34-813e-82a57b03d1ee
isEnabled : True
type : Admin
adminConsentDescription : Add and remove members from teams, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner.
adminConsentDisplayName : Add and remove members from teams
value : TeamMember.ReadWrite.All
id : 2104a4db-3a2f-4ea0-9dba-143d457dc666
isEnabled : True
type : Admin
adminConsentDescription : Add and remove members from all teams, on behalf of the signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role.
adminConsentDisplayName : Add and remove members with non-owner role for all teams
value : TeamMember.ReadWriteNonOwnerRole.All
id : 9127ba42-f79f-43b1-be80-f23ecd42377e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the Teams apps that are installed for the signed-in user, and in all teams the user is a member of. Does not give the ability to read application-specific
settings.
adminConsentDisplayName : Read all installed Teams apps
value : TeamsApp.Read.All
id : d3f0af02-b22d-4778-a433-14f7e3f2e1e2
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, install, upgrade, and uninstall Teams apps, on behalf of the signed-in user and also for teams the user is a member of. Does not give the ability to read or write application-specific settings.
adminConsentDisplayName : Manage all Teams apps
value : TeamsApp.ReadWrite.All
id : 5248dcb1-f83b-4ec3-9f4d-a4428a961a72
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the Teams apps that are installed in teams the signed-in user can access. Does not give the ability to read application-specific settings.
adminConsentDisplayName : Read installed Teams apps in teams
value : TeamsAppInstallation.ReadForTeam
id : aa85bf13-d771-4d5d-a9e6-bca04ce44edf
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. Does not give the ability to read application-specific settings.
adminConsentDisplayName : Manage installed Teams apps in chats
value : TeamsAppInstallation.ReadWriteForChat
id : 2e25a044-2580-450d-8859-42eeb6e996c0
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. Does not give the ability to read application-specific settings.
adminConsentDisplayName : Manage installed Teams apps in teams
value : TeamsAppInstallation.ReadWriteForTeam
id : 093f8818-d05f-49b8-95bc-9d2a73e9a43c
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, install, upgrade, and uninstall Teams apps installed for the
signed-in user. Does not give the ability to read application-specific settings.
adminConsentDisplayName : Manage user's installed Teams apps
value : TeamsAppInstallation.ReadWriteForUser
id : 0ce33576-30e8-43b7-99e5-62f8569a4002
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall itself in chats the signed-in user can access.
adminConsentDisplayName : Allow the Teams app to manage itself in chats
value : TeamsAppInstallation.ReadWriteSelfForChat
id : 0f4595f7-64b1-4e13-81bc-11a249df07a9
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.
adminConsentDisplayName : Allow the app to manage itself in teams
value : TeamsAppInstallation.ReadWriteSelfForTeam
id : 48638b3c-ad68-4383-8ac4-e6880ee6ca57
isEnabled : True
type : Admin
adminConsentDescription : Read all teams' settings, on behalf of the signed-in user.
adminConsentDisplayName : Read teams' settings
value : TeamSettings.Read.All
id : 39d65650-9d3e-4223-80db-a335590d027e
isEnabled : True
type : Admin
adminConsentDescription : Read and change all teams' settings, on behalf of the signed-in user.
adminConsentDisplayName : Read and change teams' settings
value : TeamSettings.ReadWrite.All
id : a9ff19c2-f369-4a95-9a25-ba9d460efc8e
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs.
adminConsentDisplayName : Create tabs in Microsoft Teams.
value : TeamsTab.Create
id : 59dacb05-e88d-4c13-a684-59f1afc8cc98
isEnabled : True
type : Admin
adminConsentDescription : Read the names and settings of tabs inside any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs.
adminConsentDisplayName : Read tabs in Microsoft Teams.
value : TeamsTab.Read.All
id : b98bfd41-87c6-45cc-b104-e2de4f0dafb9
isEnabled : True
type : Admin
adminConsentDescription : Read and write tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs.
adminConsentDisplayName : Read and write tabs in Microsoft Teams.
value : TeamsTab.ReadWrite.All
id : ee928332-e9c2-4747-b4a0-f8c164b68de6
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall all tabs in chats the signed-in user can access.
adminConsentDisplayName : Allow the Teams app to manage all tabs in chats
value : TeamsTab.ReadWriteForChat
id : c975dd04-a06e-4fbb-9704-62daad77bb49
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall all tabs to teams the signed-in user can access.
adminConsentDisplayName : Allow the Teams app to manage all tabs in teams
value : TeamsTab.ReadWriteForTeam
id : 0c219d04-3abf-47f7-912d-5cca239e90e6
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall its own tabs in chats the signed-in user can access.
adminConsentDisplayName : Allow the Teams app to manage only its own tabs in chats
value : TeamsTab.ReadWriteSelfForChat
id : f266662f-120a-4314-b26a-99b08617c7ef
isEnabled : True
type : Admin
adminConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall its own tabs to teams the signed-in user can access.
adminConsentDisplayName : Allow the Teams app to manage only its own tabs in teams
value : TeamsTab.ReadWriteSelfForTeam
id : 297f747b-0005-475b-8fef-c890f5152b38
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the term store data that the signed-in user has access to. This includes all sets, groups and terms in the term store.
adminConsentDisplayName : Read term store data
value : TermStore.Read.All
id : 6c37c71d-f50f-4bff-8fd3-8a41da390140
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read or modify data that the signed-in user has access to.This includes all sets, groups and terms in the term store.
adminConsentDisplayName : Read and write term store data
value : TermStore.ReadWrite.All
id : cac97e40-6730-457d-ad8d-4852fddab7ad
isEnabled : True
type : Admin
adminConsentDescription : Allows an app to read your organization's threat assessment requests on behalf of the signed-in user. Also allows the app to create new requests to assess threats received by your organization on behalf of the signed-in user.
adminConsentDisplayName : Read and write threat assessment requests
value : ThreatAssessment.ReadWrite.All
id : 9cc427b4-2004-41c5-aa22-757b755e9796
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read all the indicators for your organization, on behalf of the signed-in user.
adminConsentDisplayName : Read all threat indicators
value : ThreatIndicators.Read.All
id : 91e7d36d-022a-490f-a748-f8e011357b42
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), on behalf of the signed-in user. It cannot update any threat indicators it does not own.
adminConsentDisplayName : Manage threat indicators this app creates or owns
value : ThreatIndicators.ReadWrite.OwnedBy
id : 7ad34336-f5b1-44ce-8682-31d7dfcd9ab9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read trust framework key set properties on behalf of the signed-in user.
adminConsentDisplayName : Read trust framework key sets
value : TrustFrameworkKeySet.Read.All
id : 39244520-1e7d-4b4a-aee0-57c65826e427
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write trust framework key set properties on behalf of the signed-in user.
adminConsentDisplayName : Read and write trust framework key sets
value : TrustFrameworkKeySet.ReadWrite.All
id : 73e75199-7c3e-41bb-9357-167164dbb415
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read basic unified group properties, memberships and owners of the group the signed-in guest is a member of.
adminConsentDisplayName : Read unified group memberships as guest
value : UnifiedGroupMember.Read.AsGuest
id : 405a51b5-8d8d-430b-9842-8be4b0e9f324
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator).
adminConsentDisplayName : Export user's data
value : User.Export.All
id : 63dd7cd9-b489-4adf-a28c-ac38b9a0f962
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to invite guest users to the organization, on behalf of the signed-in user.
adminConsentDisplayName : Invite guest users to the organization
value : User.Invite.All
id : 637d7bec-b31e-4deb-acc9-24275642a2c9
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read, update and delete identities that are associated with a user's account that the signed-in user has access to. This controls the identities users can sign-in with.
adminConsentDisplayName : Manage user identities
value : User.ManageIdentities.All
id : a154be20-db9c-4678-8ab7-66f6cc099a59
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
adminConsentDisplayName : Read all users' full profiles
value : User.Read.All
id : 204e0828-b5ca-4ad8-b9f3-f32a958e7cc4
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
adminConsentDisplayName : Read and write all users' full profiles
value : User.ReadWrite.All
id : 1f6b61c5-2f65-4135-9c9f-31c0f8d32b52
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
adminConsentDisplayName : Read user authentication methods.
value : UserAuthenticationMethod.Read
id : aec28ec7-4d02-4e8c-b864-50163aea77eb
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user?s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
adminConsentDisplayName : Read all users' authentication methods
value : UserAuthenticationMethod.Read.All
id : 48971fc1-70d7-4245-af77-0beb29b53ee2
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
adminConsentDisplayName : Read and write user authentication methods
value : UserAuthenticationMethod.ReadWrite
id : b7887744-6746-4312-813d-72daeaee7e2d
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user?s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise
use the authentication methods.
adminConsentDisplayName : Read and write all users' authentication methods.
value : UserAuthenticationMethod.ReadWrite.All
id : 11776c0c-6138-4db3-a668-ee621bea2555
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read and write all Windows update deployment settings for the organization on behalf of the signed-in user.
adminConsentDisplayName : Read and write all Windows update deployment settings
value : WindowsUpdates.ReadWrite.All
id : f1ccd5a7-6383-466a-8db8-1a656f7d06fa
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to read workforce integrations, to synchronize data from Microsoft Teams
Shifts, on behalf of the signed-in user.
adminConsentDisplayName : Read workforce integrations
value : WorkforceIntegration.Read.All
id : 08c4b377-0d23-4a8b-be2a-23c1c1d88545
isEnabled : True
type : Admin
adminConsentDescription : Allows the app to manage workforce integrations, to synchronize data from Microsoft Teams Shifts, on behalf of the signed-in user.
adminConsentDisplayName : Read and write workforce integrations
value : WorkforceIntegration.ReadWrite.All
List of Delegated Scope IDs
Here is the output from the above script for the Microsoft Graph oAuth delegated permissions.
id : e03cf23f-8056-446a-8994-7d93dfc8b50e
isEnabled : True
type : User
userConsentDescription : Allows the app to read your activity statistics, such as how much time you've spent on emails, in meetings, or in chat sessions.
userConsentDisplayName : Read your activity statistics
value : Analytics.Read
id : 88e58d74-d3df-44f3-ad47-e89edf4472e4
isEnabled : True
type : User
userConsentDescription : Allows the app to read apps in the app catalogs.
userConsentDisplayName : Read all app catalogs
value : AppCatalog.Read.All
id : 3db89e36-7fa6-4012-b281-85f3d9d9fd2e
isEnabled : True
type : User
userConsentDescription : Allows the app to submit application packages to the catalog and cancel submissions that are pending review on your behalf.
userConsentDisplayName : Submit application packages to your organization's catalog and cancel pending submissions
value : AppCatalog.Submit
id : 7f36b48e-542f-4d3b-9bcb-8406f0ab9fdb
isEnabled : True
type : User
userConsentDescription : Allows an app to read, write and manage bookings appointments, businesses, customers, services, and staff on your behalf.
userConsentDisplayName : Manage bookings information
value : Bookings.Manage.All
id : 33b1df99-4b29-4548-9339-7a7b83eaeebc
isEnabled : True
type : User
userConsentDescription : Allows an app to read bookings appointments, businesses, customers, services, and staff on your behalf.
userConsentDisplayName : Read bookings information
value : Bookings.Read.All
id : 948eb538-f19d-4ec5-9ccc-f059e1ea4c72
isEnabled : True
type : User
userConsentDescription : Allows an app to read and write Bookings appointments, businesses, customers, services, and staff on your behalf. Does not allow create, delete and publish of booking businesses.
userConsentDisplayName : Read and write bookings information
value : Bookings.ReadWrite.All
id : 02a5a114-36a6-46ff-a102-954d89d9ab02
isEnabled : True
type : User
userConsentDescription : Allows an app to read and write bookings appointments and customers, and additionally allows read businesses information, services, and staff on your behalf.
userConsentDisplayName : Read and write booking appointments
value : BookingsAppointment.ReadWrite.All
id : 465a38f9-76ea-45b9-9f34-9e8b0d4b0b42
isEnabled : True
type : User
userConsentDescription : Allows the app to read events in your calendars.
userConsentDisplayName : Read your calendars
value : Calendars.Read
id : 2b9c4092-424d-4249-948d-b43879977640
isEnabled : True
type : User
userConsentDescription : Allows the app to read events in all calendars that you can access, including delegate and shared calendars.
userConsentDisplayName : Read calendars?you can access
value : Calendars.Read.Shared
id : 1ec239c2-d7c9-4623-a91a-a9775856bb36
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete events in your calendars.
userConsentDisplayName : Have full access to your calendars
value : Calendars.ReadWrite
id : 12466101-c9b8-439a-8589-dd09ee67e8e9
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete events in all calendars in your organization you have permissions to access. This includes delegate and shared calendars.
userConsentDisplayName : Read and write to your and shared calendars
value : Calendars.ReadWrite.Shared
id : 9d8982ae-4365-4f57-95e9-d6032a4c0b87
isEnabled : True
type : User
userConsentDescription : Read channel names and channel descriptions, on your behalf.
userConsentDisplayName : Read the names and descriptions of channels
value : Channel.ReadBasic.All
id : 32ea53ac-4a89-4cde-bac4-727c6fb9ac29
isEnabled : True
type : User
userConsentDescription : Allows the app to delete channel messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Delete your channel messages
value : ChannelMessage.Delete
id : 2b61aa8a-6d36-4b2f-ac7b-f29867937c53
isEnabled : True
type : User
userConsentDescription : Allows the app to edit channel messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Edit your channel messages
value : ChannelMessage.Edit
id : ebf0f66e-9fb1-49e4-a278-222f76911cf4
isEnabled : True
type : User
userConsentDescription : Allows the app to send channel messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Send channel messages
value : ChannelMessage.Send
id : 38826093-1258-4dea-98f0-00003be2b8d0
isEnabled : True
type : User
userConsentDescription : Allows the app to create chats on your behalf.?
userConsentDisplayName : Create chats
value : Chat.Create
id : f501c180-9344-439a-bca0-6cbf209fd270
isEnabled : True
type : User
userConsentDescription : Allows an app to read your 1 on 1 or group chat messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Read your chat messages
value : Chat.Read
id : 9547fcb5-d03f-419d-9948-5928bbf71b0f
isEnabled : True
type : User
userConsentDescription : Allows an app to read the members and descriptions of one-to-one and group chat threads, on your behalf.
userConsentDisplayName : Read names and members of your chat threads
value : Chat.ReadBasic
id : 9ff7295e-131b-4d94-90e1-69fde507ac11
isEnabled : True
type : User
userConsentDescription : Allows an app to read and write your 1 on 1 or group chat messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Read and write your chat messages
value : Chat.ReadWrite
id : cdcdac3a-fd45-410d-83ef-554db620e5c7
isEnabled : True
type : User
userConsentDescription : Allows an app to read one-to-one or group chat messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Read user chat messages
value : ChatMessage.Read
id : 116b7235-7cc6-461e-b163-8e55691d839e
isEnabled : True
type : User
userConsentDescription : Allows an app to send one-to-one and group chat messages in Microsoft Teams, on your behalf.
userConsentDisplayName : Send chat messages
value : ChatMessage.Send
id : 5252ec4e-fd40-4d92-8c68-89dd1d3c6110
isEnabled : True
type : User
userConsentDescription : Allows the app to read the properties of Cloud PCs, on your behalf.
userConsentDisplayName : Read Cloud PCs
value : CloudPC.Read.All
id : ff74d97f-43af-4b68-9f2a-b77ee6968c5d
isEnabled : True
type : User
userConsentDescription : Allows the app to read contacts in your contact folders.
userConsentDisplayName : Read your contacts
value : Contacts.Read
id : 242b9d9e-ed24-4d09-9a52-f43769beb9d4
isEnabled : True
type : User
userConsentDescription : Allows the app to read contacts you have permissions to access, including your own and shared contacts.
userConsentDisplayName : Read your and shared contacts
value : Contacts.Read.Shared
id : d56682ec-c09e-4743-aaf4-1a3aac4caa21
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete contacts in your contact folders.
userConsentDisplayName : Have full access of your contacts
value : Contacts.ReadWrite
id : afb6c84b-06be-49af-80bb-8f3f77004eab
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create, and delete contacts you have permissions to access, including your own and shared contacts.
userConsentDisplayName : Read and write to your and shared contacts
value : Contacts.ReadWrite.Shared
id : bac3b9c2-b516-4ef4-bd3b-c2ef73d8d804
isEnabled : True
type : User
userConsentDescription : Allows the app to launch another app or communicate with another app on a device that you own.
userConsentDisplayName : Communicate with your other devices
value : Device.Command
id : 11d4cd79-5ba5-460f-803f-e22c8ab85ccd
isEnabled : True
type : User
userConsentDescription : Allows the app to see your list of devices.
userConsentDisplayName : View your list of devices
value : Device.Read
id : ff91d191-45a0-43fd-b837-bd682c4a0b0f
isEnabled : True
type : User
userConsentDescription : Allows the app full access to your mailboxes on your behalf.
userConsentDisplayName : Access your mailboxes
value : EAS.AccessAsUser.All
id : 64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0
isEnabled : True
type : User
userConsentDescription : Allows the app to read your primary email address
userConsentDisplayName : View your email address
value : email
id : 9769c687-087d-48ac-9cb3-c37dde652038
isEnabled : True
type : User
userConsentDescription : Allows the app full access to your mailboxes on your behalf.
userConsentDisplayName : Access your mailboxes
value : EWS.AccessAsUser.All
id : 3a1e4806-a744-4c70-80fc-223bf8582c46
isEnabled : True
type : User
userConsentDescription : Allows the app to read your family information, members and their basic profile.
userConsentDisplayName : Read your family info
value : Family.Read
id : 10465720-29dd-4523-a11a-6a75c743c9d9
isEnabled : True
type : User
userConsentDescription : Allows the app to read your files.
userConsentDisplayName : Read your files
value : Files.Read
id : df85f4d6-205c-4ac5-a5ea-6bf408dba283
isEnabled : True
type : User
userConsentDescription : Allows the app to read all files you can access.
userConsentDisplayName : Read all files that you have access to
value : Files.Read.All
id : 5447fe39-cb82-4c1a-b977-520e67e724eb
isEnabled : True
type : User
userConsentDescription : (Preview) Allows the app to read files that you select. After you select a file, the app has access to the file for several hours.
userConsentDisplayName : Read selected files
value : Files.Read.Selected
id : 5c28f0bf-8a70-41f1-8ab2-9032436ddb65
isEnabled : True
type : User
userConsentDescription : Allows the app to read, create, update, and delete your files.
userConsentDisplayName : Have full access to your files
value : Files.ReadWrite
id : 863451e7-0667-486c-a5d6-d135439485f0
isEnabled : True
type : User
userConsentDescription : Allows the app to read, create, update and delete all files that you can access.
userConsentDisplayName : Have full access to all files you have access to
value : Files.ReadWrite.All
id : 8019c312-3263-48e6-825e-2b833497195b
isEnabled : True
type : User
userConsentDescription : (Preview) Allows the app to read, create, update and delete files in the application's folder.
userConsentDisplayName : Have full access to the application's folder
value : Files.ReadWrite.AppFolder
id : 17dde5bd-8c17-420f-a486-969730c1b827
isEnabled : True
type : User
userConsentDescription : (Preview) Allows the app to read and write files that you select. After you select a file, the app has access to the file for several hours.
userConsentDisplayName : Read and write selected files
value : Files.ReadWrite.Selected
id : f534bf13-55d4-45a9-8f3c-c92fe64d6131
isEnabled : True
type : User
userConsentDescription : Allows the app to read and write financials data on your behalf.
userConsentDisplayName : Read and write financials data
value : Financials.ReadWrite.All
id : 652390e4-393a-48de-9484-05f9b1212954
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete email in your mailbox. Does not include permission to send mail.
userConsentDisplayName : Read and write access to your mail.
value : IMAP.AccessAsUser.All
id : 4ad84827-5578-4e18-ad7a-86530b12f884
isEnabled : True
type : User
userConsentDescription : Allows an app to read information protection sensitivity labels and label policy settings, on
behalf of the signed-in user.
userConsentDisplayName : Read user sensitivity labels and label policies.
value : InformationProtectionPolicy.Read
id : 570282fd-fa5c-430d-a7fd-fc8dc98a9dca
isEnabled : True
type : User
userConsentDescription : Allows the app to read email in your mailbox.
userConsentDisplayName : Read your mail
value : Mail.Read
id : 7b9103a5-4610-446b-9670-80643382c1fa
isEnabled : True
type : User
userConsentDescription : Allows the app to read mail you can access, including shared mail.
userConsentDisplayName : Read mail you can access
value : Mail.Read.Shared
id : a4b8392a-d8d1-4954-a029-8e668a39a170
isEnabled : True
type : User
userConsentDescription : Allows the app to read email in the signed-in user's mailbox except body, previewBody, attachments and any extended properties.
userConsentDisplayName : Read user basic mail
value : Mail.ReadBasic
id : 024d486e-b451-40bb-833d-3e66d98c5c73
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete email in your mailbox. Does not include
permission to send mail.
userConsentDisplayName : Read and write access to your mail
value : Mail.ReadWrite
id : 5df07973-7d5d-46ed-9847-1271055cbd51
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create, and delete mail you have permission to access, including your own and shared mail. Does not allow the app to send mail on your behalf.
userConsentDisplayName : Read and write mail?you can access
value : Mail.ReadWrite.Shared
id : e383f46e-2787-4529-855e-0e479a3ffac0
isEnabled : True
type : User
userConsentDescription : Allows the app to send mail as you.
userConsentDisplayName : Send mail as you
value : Mail.Send
id : a367ab51-6b49-43bf-a716-a1fb06d2a174
isEnabled : True
type : User
userConsentDescription : Allows the app to send mail as you or on-behalf of someone else.
userConsentDisplayName : Send mail on behalf of others or yourself
value : Mail.Send.Shared
id : 87f447af-9fa4-4c32-9dfa-4a57a73d18ce
isEnabled : True
type : User
userConsentDescription : Allows the app to read your mailbox settings.
userConsentDisplayName : Read your mailbox settings
value : MailboxSettings.Read
id : 818c620a-27a9-40bd-a6a5-d96f7d610b4b
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create, and delete your mailbox settings.
userConsentDisplayName : Read and write to your mailbox settings
value : MailboxSettings.ReadWrite
id : 9d822255-d64d-4b7a-afdb-833b9a97ed02
isEnabled : True
type : User
userConsentDescription : Allows the app to view the titles of your OneNote notebooks and sections and to create new pages, notebooks, and sections on your behalf.
userConsentDisplayName : Create your OneNote notebooks
value : Notes.Create
id : 371361e4-b9e2-4a3f-8315-2a301a3b0a3d
isEnabled : True
type : User
userConsentDescription : Allows the app to read OneNote notebooks on your behalf.
userConsentDisplayName : Read your OneNote notebooks
value : Notes.Read
id : dfabfca6-ee36-4db2-8208-7a28381419b3
isEnabled : True
type : User
userConsentDescription : Allows the app to read all the OneNote notebooks that you have access to.
userConsentDisplayName : Read all OneNote notebooks that you can access
value : Notes.Read.All
id : 615e26af-c38a-4150-ae3e-c3b0d4cb1d6a
isEnabled : True
type : User
userConsentDescription : Allows the app to read, share, and modify OneNote notebooks on your behalf.
userConsentDisplayName : Read and write your OneNote notebooks
value : Notes.ReadWrite
id : 64ac0503-b4fa-45d9-b544-71a463f05da0
isEnabled : True
type : User
userConsentDescription : Allows the app to read, share, and modify all the OneNote notebooks that you have access to.
userConsentDisplayName : Read and write all OneNote notebooks that you can access
value : Notes.ReadWrite.All
id : ed68249d-017c-4df5-9113-e684c7f8760b
isEnabled : True
type : User
userConsentDescription : This permission no longer has any effect. You can safely consent to it. No additional
privileges will be granted to the app.
userConsentDisplayName : Limited access to your OneNote notebooks for this app (preview)
value : Notes.ReadWrite.CreatedByApp
id : 89497502-6e42-46a2-8cb2-427fd3df970a
isEnabled : True
type : User
userConsentDescription : Allows the app to deliver its notifications, on your behalf. Also allows the app to read, update, and delete your notification items for this app.
userConsentDisplayName : Deliver and manage your notifications for this app
value : Notifications.ReadWrite.CreatedByApp
id : 7427e0e9-2fba-42fe-b0c0-848c9e6a8182
isEnabled : True
type : User
userConsentDescription : Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.
userConsentDisplayName : Maintain access to data you have given it access to
value : offline_access
id : 110e5abb-a10c-4b59-8b55-9b4daa4ef743
isEnabled : True
type : User
userConsentDescription : Allows the app to read online meeting artifacts on your behalf.
userConsentDisplayName : Read user's online meeting artifacts
value : OnlineMeetingArtifact.Read.All
id : 9be106e1-f4e3-4df5-bdff-e4bc531cbe43
isEnabled : True
type : User
userConsentDescription : Allows the app to read online meeting details on your behalf.
userConsentDisplayName : Read your online meetings
value : OnlineMeetings.Read
id : a65f2972-a4f8-4f5e-afd7-69ccb046d5dc
isEnabled : True
type : User
userConsentDescription : Allows the app to read and create online meetings on your behalf.
userConsentDisplayName : Read and create your online meetings
value : OnlineMeetings.ReadWrite
id : 37f7f235-527c-4136-accd-4a02d197296e
isEnabled : True
type : User
userConsentDescription : Allows you to sign in to the app with your work or school account and allows the app to read your basic profile information.
userConsentDisplayName : Sign in as you
value : openid
id : ba47897c-39ec-4d83-8086-ee8256fa737d
isEnabled : True
type : User
userConsentDescription : Allows the app to read a list of people in the order that's most relevant to you. This includes your local contacts, your contacts from social networking, people listed in your organization's directory, and people from recent communications.
userConsentDisplayName : Read your relevant people list
value : People.Read
id : 40f6bacc-b201-40da-90a5-09775cc4a863
isEnabled : True
type : User
userConsentDescription : Allows the app to read your personal places.
userConsentDisplayName : Read your places
value : Place.Read
id : 0b3f56bc-fecd-4036-8930-660fc672e342
isEnabled : True
type : User
userConsentDescription : Allows the app to read your personal places and other users? personal places that you have
delegate access to.
userConsentDisplayName : Read user delegate places
value : Place.Read.Shared
id : 012ba4a5-ca82-4a76-95ba-6c27f44364c3
isEnabled : True
type : User
userConsentDescription : Allows the app to create, read, and update personal places on your behalf.
userConsentDisplayName : Read and write your places
value : Place.ReadWrite
id : 633e0fce-8c58-4cfb-9495-12bbd5a24f7c
isEnabled : True
type : User
userConsentDescription : Allows the app to read your organization's conditional access policies on your behalf.
userConsentDisplayName : Read your organization's conditional access policies
value : Policy.Read.ConditionalAccess
id : d7b7f2d9-0f45-4ea1-9d42-e50810c06991
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create and delete email in your mailbox. Does not include permission to send mail.
userConsentDisplayName : Read and write access to your mail.
value : POP.AccessAsUser.All
id : 76bc735e-aecd-4a1d-8b4c-2b915deabb79
isEnabled : True
type : User
userConsentDescription : Allows the app to read your presence information on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
userConsentDisplayName : Read your presence information
value : Presence.Read
id : 9c7a330d-35b3-4aa1-963d-cb2b9f927841
isEnabled : True
type : User
userConsentDescription : Allows the app to read presence information of all users in the directory on your behalf. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
userConsentDisplayName : Read presence information of all users in your organization
value : Presence.Read.All
id : 8d3c54a7-cf58-4773-bf81-c0cd6ad522bb
isEnabled : True
type : User
userConsentDescription : Allows the app to read the presence information and write activity and availability on-behalf-of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
userConsentDisplayName : Read and write your presence information
value : Presence.ReadWrite
id : ed11134d-2f3f-440d-a2e1-411efada2502
isEnabled : True
type : User
userConsentDescription : Allows the application to read printer shares on your behalf.?
userConsentDisplayName : Read printer shares
value : PrinterShare.Read.All
id : 5fa075e9-b951-4165-947b-c63396ff0a37
isEnabled : True
type : User
userConsentDescription : Allows the application to read basic information about printer shares on your behalf.
userConsentDisplayName : Read basic information about printer shares
value : PrinterShare.ReadBasic.All
id : 21f0d9c0-9f13-48b3-94e0-b6b231c7d320
isEnabled : True
type : User
userConsentDescription : Allows the application to create print jobs on your behalf and upload document content to print jobs that you created.
userConsentDisplayName : Create your print jobs
value : PrintJob.Create
id : 248f5528-65c0-4c88-8326-876c7236df5e
isEnabled : True
type : User
userConsentDescription : Allows the application to read the metadata and document content of print jobs that you created.
userConsentDisplayName : Read your print jobs
value : PrintJob.Read
id : 6a71a747-280f-4670-9ca0-a9cbf882b274
isEnabled : True
type : User
userConsentDescription : Allows the application to read the metadata of print jobs that you created. Does not allow access to print job document content.
userConsentDisplayName : Read basic information of your print jobs
value : PrintJob.ReadBasic
id : b81dd597-8abb-4b3f-a07a-820b0316ed04
isEnabled : True
type : User
userConsentDescription : Allows the application to read and update the metadata and document content of print jobs that you created.
userConsentDisplayName : Read and update your print jobs
value : PrintJob.ReadWrite
id : 6f2d22f2-1cb6-412c-a17c-3336817eaa82
isEnabled : True
type : User
userConsentDescription : Allows the application to read and update the metadata of print jobs that you created. Does not allow access to print job document content.
userConsentDisplayName : Read and write basic information of your print jobs
value : PrintJob.ReadWriteBasic
id : 14dad69e-099b-42c9-810b-d002981feec1
isEnabled : True
type : User
userConsentDescription : Allows the app to see your basic profile (name, picture, user name)
userConsentDisplayName : View your basic profile
value : profile
id : 50f66e47-eb56-45b7-aaa2-75057d9afe08
isEnabled : True
type : User
userConsentDescription : Allows the app to read your short notes.
userConsentDisplayName : Read your short notes
value : ShortNotes.Read
id : 328438b7-4c01-4c07-a840-e625a749bb89
isEnabled : True
type : User
userConsentDescription : Allows the app to read, create, edit, and delete your short notes.
userConsentDisplayName : Read, create, edit, and delete your short notes
value : ShortNotes.ReadWrite
id : 65e50fdc-43b7-4915-933e-e8138f11f40a
isEnabled : True
type : User
userConsentDescription : Allow the application to create or delete document libraries and lists in all site collections on your behalf.
userConsentDisplayName : Create, edit, and delete items and lists in all your site collections
value : Sites.Manage.All
id : 205e70e5-aba6-4c52-a976-6d2d46c48043
isEnabled : True
type : User
userConsentDescription : Allow the application to read documents and list items in all site collections on your behalf
userConsentDisplayName : Read items in all site collections
value : Sites.Read.All
id : 89fe6a52-be36-487e-b7d8-d061c450a026
isEnabled : True
type : User
userConsentDescription : Allow the application to edit or delete documents and list items in all site collections on your behalf.
userConsentDisplayName : Edit or delete items in all site collections
value : Sites.ReadWrite.All
id : 258f6531-6087-4cc4-bb90-092c5fb3ed3f
isEnabled : True
type : User
userConsentDescription : Allows the app to send emails on your behalf from your mailbox.
userConsentDisplayName : Access to sending emails from your mailbox.
value : SMTP.Send
id : f45671fb-e0fe-4b4b-be20-3d3ce43f1bcb
isEnabled : True
type : User
userConsentDescription : Allows the app to read your tasks and task lists, including any shared with you. Doesn't include permission to create, delete, or update anything.
userConsentDisplayName : Read your tasks and task lists
value : Tasks.Read
id : 88d21fd4-8e5a-4c32-b5e2-4a1c95f34f72
isEnabled : True
type : User
userConsentDescription : Allows the app to read tasks you have permissions to access, including your own and shared tasks.
userConsentDisplayName : Read your and shared tasks
value : Tasks.Read.Shared
id : 2219042f-cab5-40cc-b0d2-16b1540b4c5f
isEnabled : True
type : User
userConsentDescription : Allows the app to create, read, update, and delete your tasks and task lists, including any shared with you.
userConsentDisplayName : Create, read, update, and delete your tasks and task lists
value : Tasks.ReadWrite
id : c5ddf11b-c114-4886-8558-8a4e557cd52b
isEnabled : True
type : User
userConsentDescription : Allows the app to read, update, create, and delete tasks you have permissions to access, including your own and shared tasks.
userConsentDisplayName : Read and write to your and shared tasks
value : Tasks.ReadWrite.Shared
id : 7825d5d6-6049-4ce7-bdf6-3b8d53f4bcd0
isEnabled : True
type : User
userConsentDescription : Allows the app to create teams on your behalf.?
userConsentDisplayName : Create teams
value : Team.Create
id : 485be79e-c497-4b35-9400-0e3fa7f2a5d4
isEnabled : True
type : User
userConsentDescription : Read the names and descriptions of teams, on your behalf.
userConsentDisplayName : Read the names and descriptions of teams
value : Team.ReadBasic.All
id : 0e755559-83fb-4b44-91d0-4cc721b9323e
isEnabled : True
type : User
userConsentDescription : Allows the app to read your teamwork activity feed.
userConsentDisplayName : Read your teamwork activity feed
value : TeamsActivity.Read
id : 7ab1d787-bae7-4d5d-8db6-37ea32df9186
isEnabled : True
type : User
userConsentDescription : Allows the app to create new activities in your teamwork activity feed, and send new activities to other users' activity feed, on your behalf.
userConsentDisplayName : Send a teamwork activity
value : TeamsActivity.Send
id : daef10fc-047a-48b0-b1a5-da4b5e72fabc
isEnabled : True
type : User
userConsentDescription : Allows the app to read the Teams apps that are installed for you. Does not give the ability to read application-specific settings.
userConsentDisplayName : Read your installed Teams apps
value : TeamsApp.Read
id : 2a5addc2-4d9e-4d7d-8527-5215aec410f3
isEnabled : True
type : User
userConsentDescription : Allows the app to read, install, upgrade, and uninstall Teams apps, on your behalf. Does not give the ability to read or write application-specific settings.
userConsentDisplayName : Manage your Teams apps
value : TeamsApp.ReadWrite
id : bf3fbf03-f35f-4e93-963e-47e4d874c37a
isEnabled : True
type : User
userConsentDescription : Allows the app to read the Teams apps that are installed in chats that you can access. Does not give the ability to read application-specific settings.
userConsentDisplayName : Read installed Teams apps in chats
value : TeamsAppInstallation.ReadForChat
id : c395395c-ff9a-4dba-bc1f-8372ba9dca84
isEnabled : True
type : User
userConsentDescription : Allows the app to read the Teams apps that are installed for you. Does not give the ability to read application-specific settings.
userConsentDisplayName : Read your installed Teams apps
value : TeamsAppInstallation.ReadForUser
id : 207e0cb1-3ce7-4922-b991-5a760c346ebc
isEnabled : True
type : User
userConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall itself for you.
userConsentDisplayName : Allow the Teams app to manage itself for you
value : TeamsAppInstallation.ReadWriteSelfForUser
id : c37c9b61-7762-4bff-a156-afc0005847a0
isEnabled : True
type : User
userConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall all tabs for you.
userConsentDisplayName : Allow the Teams app to manage all tabs for you
value : TeamsTab.ReadWriteForUser
id : 395dfec1-a0b9-465f-a783-8250a430cb8c
isEnabled : True
type : User
userConsentDescription : Allows a Teams app to read, install, upgrade, and uninstall its own tabs for you.
userConsentDisplayName : Allow the Teams app to manage only its own tabs for you
value : TeamsTab.ReadWriteSelfForUser
id : e1fe6dd8-ba31-4d61-89e7-88639da4683d
isEnabled : True
type : User
userConsentDescription : Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.
userConsentDisplayName : Sign you in and read your profile
value : User.Read
id : b340eb25-3456-403f-be2f-af7a0d370277
isEnabled : True
type : User
userConsentDescription : Allows the app to read a basic set of profile properties of other users in your organization on your behalf. Includes display name, first and last name, email address and photo.
userConsentDisplayName : Read all users' basic profiles
value : User.ReadBasic.All
id : b4e74841-8e56-480b-be8b-910348b18b4c
isEnabled : True
type : User
userConsentDescription : Allows the app to read your profile, and discover your group membership, reports and manager. It also allows the app to update your profile information on your behalf.
userConsentDisplayName : Read and update your profile
value : User.ReadWrite
id : 47607519-5fb1-47d9-99c7-da4b48f369b1
isEnabled : True
type : User
userConsentDescription : Allows the app to read and report your activity in the app.
userConsentDisplayName : Read and write app activity to your activity feed
value : UserActivity.ReadWrite.CreatedByApp
id : 26e2f3e8-b2a1-47fc-9620-89bb5b042024
isEnabled : True
type : User
userConsentDescription : Allows the app to send, read, update and delete your app-specific notifications.
userConsentDisplayName : Deliver and manage your notifications
value : UserNotification.ReadWrite.CreatedByApp
id : 367492fc-594d-4972-a9b5-0d58c622c91c
isEnabled : True
type : User
userConsentDescription : Allows the app to report your app activity information to Microsoft Timeline.
userConsentDisplayName : Write app activity to your timeline
value : UserTimelineActivity.Write.CreatedByApp
Summary
Here is a list of MS Graph Permission Scope IDs. New APIs and scopes are being added all the time but the quick command line method to obtain the full list is also in this post. Also refer to Merill’s fantastic Microsoft Graph Permissions Explorer which I utilise a lot.