Required Permissions
Avanan requires these permissions to protect Office 365 SharePoint.
All these permissions are required to access your data in the portal .
Permissions required from Microsoft |
Functions performed by Avanan |
|---|---|
Manage all access reviews |
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions, and settings in the organization without a signed-in user. |
Read and write all applications |
Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. |
Read and write contacts in all mail boxes |
Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user. |
Read and write directory data |
Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. |
Read and write domains |
Allows the app to read and write all domain properties without a signed-in user. Also allows the app to add, verify and remove domains. |
Read and write files in all site connections |
Allows the app to read, create, update and delete all files in all site collections without a signed-in user. |
Read and write all groups |
Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write group calendar and conversations. All of these operations can be performed by the app without a signed-in user. |
Read and write all user mailbox settings |
Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail. |
Read and write mail in all mailboxes |
Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail. |
Send mail as any user |
Allows the app to send mail as any user without a signed-in user. |
Read all usage reports |
Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Microsoft 365 and Microsoft Entra ID (formerly Azure AD). |
Read and update your organization's security events |
Allows the app to read your organization's security events without a signed-in user. Also allows the app to update editable properties in security events. |
Read and write items in all site collections |
Allows the app to create, read, update, and delete documents and list items in all site collections without a signed-in user. |
Read and write all users' full profiles |
Allows the app to read and update user profiles without a signed-in user. |
Sign in and read user profile |
Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |