Required Permissions
Avanan requires these permissions to protect Microsoft Teams.
All these permissions are required to access your data in the Avanan Administrator Portal.
Permissions required from Microsoft |
Functions performed by Avanan |
|---|---|
Send channel messages |
Allows an app to send channel messages in Microsoft Teams on behalf of the signed-in user. |
Sign in and read user profile |
Allows users to sign in to the app and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
Read domains |
Allows the app to read all domain properties without a signed-in user. |
Read and write tabs in Microsoft Teams |
Read and write tabs in any team in Microsoft Teams without a signed-in user. This does not give access to the content inside the tabs. |
Read tabs in Microsoft Teams |
Read the names and settings of tabs inside any team in Microsoft Teams without a signed-in user. This does not give access to the content inside the tabs. |
Read and write all group memberships |
Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be updated, and groups cannot be deleted. |
Read all group messages |
Allows the app to read memberships and basic group properties for all groups without a signed-in user. |
Manage all users' Teams apps |
Allows the app to read, install, upgrade, and uninstall Teams apps for any user without a signed-in user. It does not give the ability to read or write application-specific settings. |
Read all users' installed Teams app |
Allows the app to read the Teams apps that are installed for any user without a signed-in user. It does not give the ability to read application-specific settings. |
Read all users' teamwork activity feed |
Allows the app to read all users' teamwork activity feed without a signed-in user. |
Read directory data |
Allows the app to read data in your organization's directory, such as users, groups, and apps, without a signed-in user. |
|
Read and write all groups |
Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write group calendar and conversations. All of these operations can be performed by the app without a signed-in user. |
|
Read all groups |
Allows the app to read group properties and memberships, and read the calendar and conversations for all groups, without a signed-in user. |
|
Flag channel messages for violating policy |
Allows the app to update Microsoft Teams channel messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. |
|
Read all channel messages |
Allows the app to read all channel messages in Microsoft Teams. |
|
Read all chat messages |
Allows the app to read all 1-to-1 or group chat messages in Microsoft Teams. |
|
Flag chat messages for violating policy |
Allows the app to update Microsoft Teams 1-to-1 or group chat messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. |
|
Read all users' full profiles |
Allows the app to read user profiles without a signed-in user. |
|
Read files in all site collections |
Allows the app to read all files in all site collections without a signed-in user. |
|
Read and write all chat messages |
Allows an app to read and write all chat messages in Microsoft Teams without a signed-in user. |
|
Read items in all site collections |
Allows the app to read documents and list items in all site collections without a signed-in user. |
|
Read all hidden memberships |
Allows the app to read the memberships of hidden groups and administrative units without a signed-in user. |