Required Permissions

Avanan requires these permissions to protect Microsoft Teams.

Note:

All these permissions are required to access your data in the Avanan Administrator Portal.

Permissions required from Microsoft

Functions performed by Avanan

Send channel messages

Allows an app to send channel messages in Microsoft Teams on behalf of the signed-in user.

Sign in and read user profile

Allows users to sign in to the app and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

Read domains

Allows the app to read all domain properties without a signed-in user.

Read and write tabs in Microsoft Teams

Read and write tabs in any team in Microsoft Teams without a signed-in user. This does not give access to the content inside the tabs.

Read tabs in Microsoft Teams

Read the names and settings of tabs inside any team in Microsoft Teams without a signed-in user. This does not give access to the content inside the tabs.

Read and write all group memberships

Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be updated, and groups cannot be deleted.

Read all group messages

Allows the app to read memberships and basic group properties for all groups without a signed-in user.

Manage all users' Teams apps

Allows the app to read, install, upgrade, and uninstall Teams apps for any user without a signed-in user. It does not give the ability to read or write application-specific settings.

Read all users' installed Teams app

Allows the app to read the Teams apps that are installed for any user without a signed-in user. It does not give the ability to read application-specific settings.

Read all users' teamwork activity feed

Allows the app to read all users' teamwork activity feed without a signed-in user.

Read directory data

Allows the app to read data in your organization's directory, such as users, groups, and apps, without a signed-in user.

Read and write all groups

Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write group calendar and conversations. All of these operations can be performed by the app without a signed-in user.

Read all groups

Allows the app to read group properties and memberships, and read the calendar and conversations for all groups, without a signed-in user.

Flag channel messages for violating policy

Allows the app to update Microsoft Teams channel messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing.

Read all channel messages

Allows the app to read all channel messages in Microsoft Teams.

Read all chat messages

Allows the app to read all 1-to-1 or group chat messages in Microsoft Teams.

Flag chat messages for violating policy

Allows the app to update Microsoft Teams 1-to-1 or group chat messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing.

Read all users' full profiles

Allows the app to read user profiles without a signed-in user.

Read files in all site collections

Allows the app to read all files in all site collections without a signed-in user.

Read and write all chat messages

Allows an app to read and write all chat messages in Microsoft Teams without a signed-in user.

Read items in all site collections

Allows the app to read documents and list items in all site collections without a signed-in user.

Read all hidden memberships

Allows the app to read the memberships of hidden groups and administrative units without a signed-in user.