# Microsoft Graph Permissions
# What is Microsoft Graph?
Microsoft Graph is a RESTful web API that enables applications to access digital work and digital life data across the Microsoft 365 cloud ecosystem. It acts as a unified endpoint (https://graph.microsoft.com
), allowing for a streamlined way to access data across various Microsoft services, including Office 365, Windows 10, and Enterprise Mobility + Security.
Key Characteristics:
- Unified API Endpoint: Microsoft Graph consolidates various Microsoft cloud services' APIs under a single RESTful API endpoint.
- Rich Data Access: It provides access to a wealth of resources such as user profiles, emails, calendars, documents, directory, devices, and more.
- Cross-Platform Nature: Designed to work across platforms and devices, enhancing interoperability.
- Real-Time Updates: Offers capabilities like webhooks for real-time notifications on data changes.
# Integrating with Microsoft Graph
Integration with Microsoft Graph typically involves:
- Authentication: Leveraging Azure Active Directory for OAuth 2.0 authentication to ensure secure access.
- API Queries: Making HTTP requests to the Graph endpoint to retrieve or manipulate data.
- Permissions: Managing application permissions and consent levels to comply with organizational and security policies.
# Security Implications
Understanding the security implications of Microsoft Graph is crucial:
- Authentication and Authorization: Utilizes Azure AD for robust authentication and OAuth 2.0 for authorization, ensuring secure access patterns.
- Data Access Control: Implement fine-grained control over data access with extensive permission scopes.
- Compliance and Privacy: Adherence to global compliance standards and privacy laws, making it suitable for various industries.
- Audit and Monitoring: Capabilities to monitor and audit activity, ensuring transparency and aiding in anomaly detection.
# Admin-restricted permissions
Depending on the permission type (Delegated or Application), some high-privilege permissions in the Microsoft ecosystem are set to admin-restricted.
Examples of these kinds of permissions include the following:
- Read all user's full profiles by using
User.Read.All
- Write data to an organization's directory by using
Directory.ReadWrite.All
- Read all groups in an organization's directory by using
Groups.Read.All
For Witivio soliutions to access data in Microsoft Graph, your administrator must grant it the correct permissions via a consent process.
Learn more:
# Required Permissions
For Witivio solutions to work properly and perform some administrative operations, it requires the following permissions.
# OpenId standard scopes
The OpenID scopes represents the basics required for any OAuth authentication:
Scope | Description | Justification | Admin Consent Required |
---|---|---|---|
email | View users' email address. | Microsoft Teams SSO. | No |
offline_access | Maintain access to data you have given it access to. | Microsoft Teams SSO. | No |
openid | Sign users in. | Microsoft Teams SSO. | No |
profile | View users' basic profile. | Microsoft Teams SSO. | No |
# Microsoft Graph Scopes
The Microsoft Graph scopes are specific to the Microsoft platform:
Learn more with Microsoft Graph permissions reference... (opens new window)
Learn more about Authentication and authorization basics for Microsoft Graph... (opens new window)
# Calendar Pro
- Learn more for Calendar Pro...
# Contact Pro
- Learn more for Contact Pro...
# Keepass Pro
- Learn more for Keepass Pro...
# Map Pro
- Learn more for Map Pro...
# Booking Room Pro
- Learn more for Booking Room Pro...
# Parking Pro
- Learn more for Parking Pro...
# Company Communicator Pro
- Learn more for Company Communicator Pro...
# MetaOffice Pro
- Learn more for MetaOffice Pro...
# Green Center
- Learn more for Green Center...
# GPT Pro
- Learn more for GPT Pro...