Skip to content

Instantly share code, notes, and snippets.

@watahani

watahani/approle-permissions.json

Last active June 15, 2022 02:03
Show Gist options
  • Save watahani/5e4fec501d6f519c7d54cad112624609 to your computer and use it in GitHub Desktop.
Save watahani/5e4fec501d6f519c7d54cad112624609 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
approle-permissions.json
[
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows custom authentication extensions associated with the app to receive HTTP requests triggered by an authentication event. The request can include information about a user, client and resource service principals, and other information about the authentication.",
"DisplayName": "Receive custom authentication extension HTTP requests",
"Id": "214e810f-fda8-4fd7-a475-29461495eb00",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomAuthenticationExtension.Receive.Payload",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s directory access review default policy without a signed-in user.",
"DisplayName": "Read and write your organization\u0027s directory access review default policy",
"Id": "77c863fd-06c0-47ce-a7eb-49773e89d319",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.AccessReview",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user.",
"DisplayName": "Read and write all groups",
"Id": "62a82d76-70ea-41e2-9197-370581804d09",
"IsEnabled": true,
"Origin": "Application",
"Value": "Group.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read group properties and memberships, and read?conversations for all groups, without a signed-in user.",
"DisplayName": "Read all groups",
"Id": "5b567255-7703-4780-807c-7be8301ae99b",
"IsEnabled": true,
"Origin": "Application",
"Value": "Group.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s threat submissions and threat submission policies without a signed-in user. Also allows the app to create new threat submissions without a signed-in user.",
"DisplayName": "Read and write all of the organization\u0027s threat submissions",
"Id": "d72bdbf4-a59b-405c-8b04-5995895819ac",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatSubmission.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read Bookings appointments, businesses, customers, services, and staff without a signed-in user. ",
"DisplayName": "Read all Bookings related resources.",
"Id": "6e98f277-b046-4193-a4f2-6bf6a78cd491",
"IsEnabled": true,
"Origin": "Application",
"Value": "Bookings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read and write Bookings appointments and customers, and additionally allows reading businesses, services, and staff without a signed-in user. ",
"DisplayName": "Read and write all Bookings related resources.",
"Id": "9769393e-5a9f-4302-9e3d-7e018ecb64a7",
"IsEnabled": true,
"Origin": "Application",
"Value": "BookingsAppointment.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read any data from Records Management, such as configuration, labels, and policies without the signed in user.",
"DisplayName": "Read Records Management configuration,?labels and policies",
"Id": "ac3a2b8e-03a3-4da9-9ce0-cbe28bf1accd",
"IsEnabled": true,
"Origin": "Application",
"Value": "RecordsManagement.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allow the application to create, update and delete any data from Records Management, such as configuration, labels, and policies without the signed in user.",
"DisplayName": "Read and write Records Management configuration, labels and policies",
"Id": "eb158f57-df43-4751-8b21-b8932adb3d34",
"IsEnabled": true,
"Origin": "Application",
"Value": "RecordsManagement.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups without a signed-in user.",
"DisplayName": "Read Delegated Admin relationships with customers",
"Id": "f6e9e124-4586-492f-adc0-c6f96e4823fd",
"IsEnabled": true,
"Origin": "Application",
"Value": "DelegatedAdminRelationship.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers and role assignments to security groups for active Delegated Admin relationships without a signed-in user.",
"DisplayName": "Manage Delegated Admin relationships with customers",
"Id": "cc13eba4-8cd8-44c6-b4d4-f93237adce58",
"IsEnabled": true,
"Origin": "Application",
"Value": "DelegatedAdminRelationship.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and manage the Cloud PC role-based access control (RBAC) settings, without a signed-in user. This includes reading and managing Cloud PC role definitions and memberships.",
"DisplayName": "Read and write all Cloud PC RBAC settings",
"Id": "274d0592-d1b6-44bd-af1d-26d259bcb43a",
"IsEnabled": true,
"Origin": "Application",
"Value": "RoleManagement.ReadWrite.CloudPC",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the Cloud PC role-based access control (RBAC) settings, without a signed-in user.",
"DisplayName": "Read Cloud PC RBAC settings",
"Id": "031a549a-bb80-49b6-8032-2068448c6a3c",
"IsEnabled": true,
"Origin": "Application",
"Value": "RoleManagement.Read.CloudPC",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read custom security attribute assignments for all principals in the tenant without a signed in user.",
"DisplayName": "Read custom security attribute assignments",
"Id": "3b37c5a4-1226-493d-bec3-5d6c6b866f3f",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomSecAttributeAssignment.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read custom security attribute definitions for the tenant without a signed in user.",
"DisplayName": "Read custom security attribute definitions",
"Id": "b185aa14-d8d2-42c1-a685-0f5596613624",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomSecAttributeDefinition.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all external connections without a signed-in user.",
"DisplayName": "Read all external connections",
"Id": "1914711b-a1cb-4793-b019-c2ce0ed21b8c",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalConnection.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all external connections without a signed-in user.",
"DisplayName": "Read and write all external connections",
"Id": "34c37bc0-2b40-4d5e-85e1-2365cd256d79",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalConnection.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all external items without a signed-in user.",
"DisplayName": "Read all external items",
"Id": "7a7cffad-37d2-4f48-afa4-c6ab129adcc2",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalItem.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s cross tenant access policies without a signed-in user.",
"DisplayName": "Read and write your organization\u0027s cross tenant access policies",
"Id": "338163d7-f101-4c92-94ba-ca46fe52447c",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.CrossTenantAccess",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write custom security attribute definitions for the tenant without a signed in user.",
"DisplayName": "Read and write custom security attribute definitions",
"Id": "12338004-21f4-4896-bf5e-b75dfaf1016d",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomSecAttributeDefinition.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write custom security attribute assignments for all principals in the tenant without a signed in user.",
"DisplayName": "Read and write custom security attribute assignments",
"Id": "de89b5e4-5b8f-48eb-8925-29c2b33bd8bd",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomSecAttributeAssignment.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write to all security incidents, without a signed-in user.",
"DisplayName": "Read and write to all security incidents",
"Id": "34bf0e97-1971-4929-b999-9e2442d941d7",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityIncident.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all security incidents, without a signed-in user.",
"DisplayName": "Read all security incidents",
"Id": "45cc0394-e837-488b-a098-1918f48d186c",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityIncident.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write to all security alerts, without a signed-in user.",
"DisplayName": "Read and write to all security alerts",
"Id": "ed4fca05-be46-441f-9803-1873825f8fdb",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityAlert.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all security alerts, without a signed-in user.",
"DisplayName": "Read all security alerts",
"Id": "472e4a4d-bb4a-4026-98d1-0b0d74cb74a5",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityAlert.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write eDiscovery objects such as cases, custodians, review sets and other related objects without a signed-in user.",
"DisplayName": "Read and write all eDiscovery objects",
"Id": "b2620db1-3bf7-4c5b-9cb9-576d29eac736",
"IsEnabled": true,
"Origin": "Application",
"Value": "eDiscovery.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read eDiscovery objects such as cases, custodians, review sets and other related objects without a signed-in user.",
"DisplayName": "Read all eDiscovery objects",
"Id": "50180013-6191-4d1e-a373-e590ff4e66af",
"IsEnabled": true,
"Origin": "Application",
"Value": "eDiscovery.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to run hunting queries, without a signed-in user.",
"DisplayName": "Run hunting queries",
"Id": "dd98c7f5-2d42-42d3-a0e4-633161547251",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatHunting.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allow the app to read the management data for Teams devices, without a signed-in user.",
"DisplayName": "Read Teams devices",
"Id": "0591bafd-7c1c-4c30-a2a5-2b9aacb1dfe8",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamworkDevice.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allow the app to read and write the management data for Teams devices, without a signed-in user.",
"DisplayName": "Read and write Teams devices",
"Id": "79c02f5b-bd4f-4713-bc2c-a8a4a66e127b",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamworkDevice.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update identity risky service principal for your organization, without a signed-in user.",
"DisplayName": "Read and write all identity risky service principal information",
"Id": "cb8d6980-6bcb-4507-afec-ed6de3a2d798",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskyServicePrincipal.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any user, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage only its own tabs for all users",
"Id": "3c42dec6-49e8-4a0a-b469-36cff0d9da93",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteSelfForUser.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall its own tabs in any team, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage only its own tabs for all teams",
"Id": "91c32b81-0ef0-453f-a5c7-4ce2e562f449",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteSelfForTeam.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any chat, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage only its own tabs for all chats",
"Id": "9f62e4a2-a2d6-4350-b28b-d244728c4f86",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteSelfForChat.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all risky service principal information for your organization, without a signed-in user.",
"DisplayName": "Read all identity risky service principal information",
"Id": "607c7344-0eed-41e5-823a-9695ebe1b7b0",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskyServicePrincipal.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write search configurations, without a signed-in user.",
"DisplayName": "Read and write your organization\u0027s search configuration",
"Id": "0e778b85-fefa-466d-9eec-750569d92122",
"IsEnabled": true,
"Origin": "Application",
"Value": "SearchConfiguration.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read search configurations, without a signed-in user.",
"DisplayName": "Read your organization\u0027s search configuration",
"Id": "ada977a5-b8b1-493b-9a91-66c206d76ecf",
"IsEnabled": true,
"Origin": "Application",
"Value": "SearchConfiguration.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read online meeting artifacts in your organization, without a signed-in user.",
"DisplayName": "Read online meeting artifacts",
"Id": "df01ed3b-eb61-4eca-9965-6b3d789751b2",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnlineMeetingArtifact.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete apps in the app catalogs without a signed-in user.",
"DisplayName": "Read and write to all app catalogs",
"Id": "dc149144-f292-421e-b185-5953f2e98d7f",
"IsEnabled": true,
"Origin": "Application",
"Value": "AppCatalog.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read apps in the app catalogs without a signed-in user.",
"DisplayName": "Read all app catalogs",
"Id": "e12dae10-5a57-4817-b79d-dfbec5348930",
"IsEnabled": true,
"Origin": "Application",
"Value": "AppCatalog.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage workforce integrations to synchronize data from Microsoft Teams Shifts, without a signed-in user.",
"DisplayName": "Read and write workforce integrations",
"Id": "202bf709-e8e6-478e-bcfd-5d63c50b68e3",
"IsEnabled": true,
"Origin": "Application",
"Value": "WorkforceIntegration.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all presence information and write activity and availability of all users in the directory without a signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, time zone and location.",
"DisplayName": "Read and write presence information for all users",
"Id": "83cded22-8297-4ff6-a7fa-e97e9545a259",
"IsEnabled": true,
"Origin": "Application",
"Value": "Presence.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write tags in Teams without a signed-in user.",
"DisplayName": "Read and write tags in Teams",
"Id": "a3371ca5-911d-46d6-901c-42c8c7a937d8",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamworkTag.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read?tags in Teams?without a signed-in user.",
"DisplayName": "Read tags in Teams",
"Id": "b74fd6c4-4bde-488e-9695-eeb100e4907f",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamworkTag.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all Windows update deployment settings for the organization without a signed-in user.",
"DisplayName": "Read and write all Windows update deployment settings",
"Id": "7dd1be58-6e76-4401-bf8d-31d1e8180d5b",
"IsEnabled": true,
"Origin": "Application",
"Value": "WindowsUpdates.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write external connections without a signed-in user. The app can only read and write external connections that it is authorized to, or it can create new external connections. ",
"DisplayName": "Read and write external connections",
"Id": "f431331c-49a6-499f-be1c-62af19c34a9d",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalConnection.ReadWrite.OwnedBy",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write external items without a signed-in user. The app can only read external items of the connection that it is authorized to.",
"DisplayName": "Read and write external items",
"Id": "8116ae0f-55c2-452d-9944-d18420f5b2c8",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalItem.ReadWrite.OwnedBy",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allow the application to access a subset of site collections without a signed in user.??The specific site collections and the permissions granted will be configured in SharePoint Online.",
"DisplayName": "Access selected site collections",
"Id": "883ea226-0bf2-4a8f-9f9d-92c9162a727d",
"IsEnabled": true,
"Origin": "Application",
"Value": "Sites.Selected",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read documents and list items in all site collections without a signed in user.",
"DisplayName": "Read items in all site collections ",
"Id": "332a536c-c7ef-4017-ab91-336970924f0d",
"IsEnabled": true,
"Origin": "Application",
"Value": "Sites.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user.",
"DisplayName": "Read and write items in all site collections",
"Id": "9492366f-7969-46a4-8d15-ed1a20078fff",
"IsEnabled": true,
"Origin": "Application",
"Value": "Sites.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the properties of Cloud PCs, without a signed-in user.",
"DisplayName": "Read and write Cloud PCs",
"Id": "3b4349e1-8cf5-45a3-95b7-69d1751d3e6a",
"IsEnabled": true,
"Origin": "Application",
"Value": "CloudPC.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the properties of Cloud PCs, without a signed-in user.",
"DisplayName": "Read Cloud PCs",
"Id": "a9e09520-8ed4-4cde-838e-4fdea192c227",
"IsEnabled": true,
"Origin": "Application",
"Value": "CloudPC.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to update service principal endpoints",
"DisplayName": "Read and update service principal endpoints",
"Id": "89c8469c-83ad-45f7-8ff2-6e3d4285709e",
"IsEnabled": true,
"Origin": "Application",
"Value": "ServicePrincipalEndpoint.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read service principal endpoints",
"DisplayName": "Read service principal endpoints",
"Id": "5256681e-b7f6-40c0-8447-2d9db68797a0",
"IsEnabled": true,
"Origin": "Application",
"Value": "ServicePrincipalEndpoint.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create new notifications in users\u0027 teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies.",
"DisplayName": "Send a teamwork activity to any user",
"Id": "a267235f-af13-44dc-8385-c1dc93023186",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsActivity.Send",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read terms of use acceptance statuses, without a signed in user.",
"DisplayName": "Read all terms of use acceptance statuses",
"Id": "d8e4ec18-f6c0-4620-8122-c8b1f2bf400e",
"IsEnabled": true,
"Origin": "Application",
"Value": "AgreementAcceptance.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write terms of use agreements, without a signed in user.",
"DisplayName": "Read and write all terms of use agreements",
"Id": "c9090d00-6101-42f0-a729-c41074260d47",
"IsEnabled": true,
"Origin": "Application",
"Value": "Agreement.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read terms of use agreements, without a signed in user.",
"DisplayName": "Read all terms of use agreements",
"Id": "2f3e6f8c-093b-4c57-a58b-ba5ce494a169",
"IsEnabled": true,
"Origin": "Application",
"Value": "Agreement.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read app consent requests and approvals, and deny or approve those requests without a signed-in user.",
"DisplayName": "Read and write all consent requests",
"Id": "9f1b81a7-0223-4428-bfa4-0bcb5535f27d",
"IsEnabled": true,
"Origin": "Application",
"Value": "ConsentRequest.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s consent requests policy without a signed-in user.",
"DisplayName": "Read and write your organization\u0027s consent request policy",
"Id": "999f8c63-0a38-4f1b-91fd-ed1947bdd1a9",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.ConsentRequest",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read consent requests and approvals without a signed-in user.",
"DisplayName": "Read all consent requests",
"Id": "1260ad83-98fb-4785-abbb-d6cc1806fd41",
"IsEnabled": true,
"Origin": "Application",
"Value": "ConsentRequest.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read basic mail properties in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties.",
"DisplayName": "Read basic mail in all mailboxes",
"Id": "693c5e45-0940-467d-9b8a-1022fb9d42ef",
"IsEnabled": true,
"Origin": "Application",
"Value": "Mail.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read basic mail properties in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties.",
"DisplayName": "Read basic mail in all mailboxes",
"Id": "6be147d2-ea4f-4b5a-a3fa-3eab6f3c140a",
"IsEnabled": true,
"Origin": "Application",
"Value": "Mail.ReadBasic",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature.",
"DisplayName": "Read and write feature rollout policies",
"Id": "2044e4f1-e56c-435b-925c-44cd8f6ba89a",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.FeatureRollout",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and manage the role-based access control (RBAC) settings for your company\u0027s directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships.",
"DisplayName": "Read and write all directory RBAC settings",
"Id": "9e3f62cf-ca93-4989-b6ce-bf83c28f9fe8",
"IsEnabled": true,
"Origin": "Application",
"Value": "RoleManagement.ReadWrite.Directory",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the role-based access control (RBAC) settings for your company\u0027s directory, without a signed-in user. This includes reading directory role templates, directory roles and memberships.",
"DisplayName": "Read all directory RBAC settings",
"Id": "483bed4a-2ad3-4361-a73b-c83ccdbdc53c",
"IsEnabled": true,
"Origin": "Application",
"Value": "RoleManagement.Read.Directory",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the organization and related resources, without a signed-in user.?Related resources include things like subscribed skus and tenant branding information.",
"DisplayName": "Read and write organization information",
"Id": "292d869f-3427-49a8-9dab-8c70152b74e9",
"IsEnabled": true,
"Origin": "Application",
"Value": "Organization.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the organization and related resources, without a signed-in user.?Related resources include things like subscribed skus and tenant branding information.",
"DisplayName": "Read organization information",
"Id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"IsEnabled": true,
"Origin": "Application",
"Value": "Organization.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read company places (conference rooms and room lists) for calendar events and other applications, without a signed-in user.",
"DisplayName": "Read all company places",
"Id": "913b9306-0ce1-42b8-9137-6a7df690a760",
"IsEnabled": true,
"Origin": "Application",
"Value": "Place.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the memberships of hidden groups and administrative units without a signed-in user.",
"DisplayName": "Read all hidden memberships",
"Id": "658aa5d8-239f-45c4-aa12-864f4fc7e490",
"IsEnabled": true,
"Origin": "Application",
"Value": "Member.Read.Hidden",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allow the app to read or write items in all external datasets that the app is authorized to access",
"DisplayName": "Read and write items in external datasets",
"Id": "38c3d6ee-69ee-422f-b954-e17819665354",
"IsEnabled": true,
"Origin": "Application",
"Value": "ExternalItem.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user.",
"DisplayName": "Manage access reviews for group and app memberships",
"Id": "18228521-a591-40f1-b215-5fad4488c117",
"IsEnabled": true,
"Origin": "Application",
"Value": "AccessReview.ReadWrite.Membership",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.",
"DisplayName": "Read Microsoft Intune device configuration and policies",
"Id": "dc377aa6-52d8-4e23-b271-2a7ae04cedf3",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementConfiguration.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user.",
"DisplayName": "Read Microsoft Intune apps",
"Id": "7a6ee1e7-141e-4cec-ae74-d9db155731ff",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementApps.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user.",
"DisplayName": "Read Microsoft Intune devices",
"Id": "2f51be20-0bb4-4fed-bf7b-db946066c75e",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementManagedDevices.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.",
"DisplayName": "Read Microsoft Intune RBAC settings",
"Id": "58ca0d9a-1575-47e1-a3cb-007ef2e4583b",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementRBAC.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.",
"DisplayName": "Read Microsoft Intune configuration",
"Id": "06a5fe6d-c49d-46a7-b082-56b1b14103c7",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementServiceConfig.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, view, update and delete on-premises published resources, on-premises agents and agent groups, as part of a hybrid identity configuration, without a signed in user.",
"DisplayName": "Manage on-premises published resources",
"Id": "0b57845e-aa49-4e6f-8109-ce654fffa618",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnPremisesPublishingProfiles.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write trust framework key set properties without a signed-in user.",
"DisplayName": "Read and write trust framework key sets",
"Id": "4a771c9a-1cf2-4609-b88e-3d3e02d539cd",
"IsEnabled": true,
"Origin": "Application",
"Value": "TrustFrameworkKeySet.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read trust framework key set properties without a signed-in user.",
"DisplayName": "Read trust framework key sets",
"Id": "fff194f1-7dce-4428-8301-1badb5518201",
"IsEnabled": true,
"Origin": "Application",
"Value": "TrustFrameworkKeySet.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s trust framework policies without a signed in user.",
"DisplayName": "Read and write your organization\u0027s trust framework policies",
"Id": "79a677f7-b79d-40d0-a36a-3e6f8688dd7a",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.TrustFramework",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all your organization\u0027s policies without a signed in user.",
"DisplayName": "Read your organization\u0027s policies",
"Id": "246dd0d5-5bd0-4def-940b-0421030a5b68",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization?s identity (authentication) providers? properties without a signed in user.",
"DisplayName": "Read and write identity providers",
"Id": "90db2b9a-d928-4d33-a4dd-8442ae3d41e4",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityProvider.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization?s identity (authentication) providers? properties without a signed in user.",
"DisplayName": "Read identity providers",
"Id": "e321f0bb-e7f7-481e-bb28-e3b0b32d4bd0",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityProvider.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete administrative units and manage administrative unit membership without a signed-in user.",
"DisplayName": "Read and write all administrative units",
"Id": "5eb59dd3-1da2-4329-8733-9dabdc435916",
"IsEnabled": true,
"Origin": "Application",
"Value": "AdministrativeUnit.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read administrative units and administrative unit membership without a signed-in user.",
"DisplayName": "Read all administrative units",
"Id": "134fd756-38ce-4afd-ba33-e9623dbe66c2",
"IsEnabled": true,
"Origin": "Application",
"Value": "AdministrativeUnit.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read published sensitivity labels and label policy settings for the entire organization or a specific user, without a signed in user.",
"DisplayName": "Read all published labels and label policies for an organization.",
"Id": "19da66cb-0fb0-4390-b071-ebc76a349482",
"IsEnabled": true,
"Origin": "Application",
"Value": "InformationProtectionPolicy.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all the OneNote notebooks in your organization, without a signed-in user.",
"DisplayName": "Read all OneNote notebooks",
"Id": "3aeca27b-ee3a-4c2b-8ded-80376e2134a4",
"IsEnabled": true,
"Origin": "Application",
"Value": "Notes.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to invite guest users to the organization, without a signed-in user.",
"DisplayName": "Invite guest users to the organization",
"Id": "09850681-111b-4a89-9bed-3f2cae46d706",
"IsEnabled": true,
"Origin": "Application",
"Value": "User.Invite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, create, update and delete all files in all site collections without a signed in user. ",
"DisplayName": "Read and write files in all site collections",
"Id": "75359482-378d-4052-8f01-80520e7db3cd",
"IsEnabled": true,
"Origin": "Application",
"Value": "Files.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user. ?It cannot update any threat indicators it does not own.",
"DisplayName": "Manage threat indicators this app creates or owns",
"Id": "21792b6c-c986-4ffc-85de-df9da54b52fa",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatIndicators.ReadWrite.OwnedBy",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read or update security actions, without a signed-in user.",
"DisplayName": "Read and update your organization\u0027s security actions",
"Id": "f2bf083f-0179-402a-bedb-b2784de8a49b",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityActions.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read security actions, without a signed-in user.",
"DisplayName": "Read your organization\u0027s security actions",
"Id": "5e0edab9-c148-49d0-b423-ac253e121825",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityActions.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization?s security events without a signed-in user. Also allows the app to update editable properties in security events.",
"DisplayName": "Read and update your organization?s security events",
"Id": "d903a879-88e0-4c09-b0c9-82f6a1333f84",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityEvents.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization?s security events without a signed-in user.",
"DisplayName": "Read your organization?s security events",
"Id": "bf394140-e372-4bf9-a898-299cfc7564e5",
"IsEnabled": true,
"Origin": "Application",
"Value": "SecurityEvents.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user.",
"DisplayName": "Read and write all chat messages",
"Id": "294ce7c9-31ba-490a-ad7d-97a7d075e4ed",
"IsEnabled": true,
"Origin": "Application",
"Value": "Chat.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update identity risk detection information for your organization without a signed-in user. Update operations include confirming risk event detections.?",
"DisplayName": "Read and write all risk detection information",
"Id": "db06fb33-1953-4b7b-a2ac-f1e2c854f7ae",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskEvent.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update identity risky user information for your organization without a signed-in user. ?Update operations include dismissing risky users.",
"DisplayName": "Read and write all risky user information",
"Id": "656f6061-f9fe-4807-9708-6a2e0934df76",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskyUser.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all files in all site collections without a signed in user.",
"DisplayName": "Read files in all site collections",
"Id": "01d4889c-1287-42c6-ac1f-5d1e02578ef6",
"IsEnabled": true,
"Origin": "Application",
"Value": "Files.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the identity risk event information for your organization without a signed in user.",
"DisplayName": "Read all identity risk event information",
"Id": "6e472fd1-ad78-48da-a0f0-97ab2c6b769e",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskEvent.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read a limited subset of properties from both the structure of schools and classes in the organization\u0027s roster and education-specific information about all users. Includes name, status, role, email address and photo.",
"DisplayName": "Read a limited subset of the organization\u0027s roster",
"Id": "0d412a8c-a06c-439f-b3ec-8abcf54d2f96",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduRoster.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the structure of schools and classes in the organization\u0027s roster and education-specific information about all users to be read.",
"DisplayName": "Read the organization\u0027s roster",
"Id": "e0ac9e1b-cb65-4fc5-87c5-1a8bc181f648",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduRoster.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the structure of schools and classes in the organization\u0027s roster and education-specific information about all users to be read and written.",
"DisplayName": "Read and write the organization\u0027s roster",
"Id": "d1808e82-ce13-47af-ae0d-f9b254e6d58a",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduRoster.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read assignments without grades for all users.",
"DisplayName": "Read class assignments without grades",
"Id": "6e0a958b-b7fc-4348-b7c4-a6ab9fd3dd0e",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAssignments.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write assignments without grades for all users.",
"DisplayName": "Read and write class assignments without grades",
"Id": "f431cc63-a2de-48c4-8054-a34bc093af84",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAssignments.ReadWriteBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read assignments and their grades for all users.",
"DisplayName": "Read class assignments with grades",
"Id": "4c37e1b6-35a1-43bf-926a-6f30f2cdf585",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAssignments.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write assignments and their grades for all users.",
"DisplayName": "Read and write class assignments with grades",
"Id": "0d22204b-6cad-4dd0-8362-3e3f2ae699d9",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAssignments.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read the state and settings of all Microsoft education apps.",
"DisplayName": "Read Education app settings",
"Id": "7c9db06a-ec2d-4e7b-a592-5a1e30992566",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAdministration.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Manage the state and settings of all Microsoft education apps.",
"DisplayName": "Manage education app settings",
"Id": "9bc431c3-b8bc-4a8d-a219-40f10f92eff6",
"IsEnabled": true,
"Origin": "Application",
"Value": "EduAdministration.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the identity risky user information for your organization without a signed in user.",
"DisplayName": "Read all identity risky user information",
"Id": "dc5007c0-2d7d-4c42-879c-2dab87571379",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityRiskyUser.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update user profiles without a signed in user.",
"DisplayName": "Read and write all users\u0027 full profiles",
"Id": "741f803b-c850-494e-b5df-cde7c675a1ca",
"IsEnabled": true,
"Origin": "Application",
"Value": "User.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read user profiles without a signed in user.",
"DisplayName": "Read all users\u0027 full profiles",
"Id": "df021288-bdef-4463-88db-98f22de89214",
"IsEnabled": true,
"Origin": "Application",
"Value": "User.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and query your audit log activities, without a signed-in user.",
"DisplayName": "Read all audit log data",
"Id": "b0afded3-3588-46d8-8b3d-9842eff778da",
"IsEnabled": true,
"Origin": "Application",
"Value": "AuditLog.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. ?It cannot update any apps that it is not an owner of.",
"DisplayName": "Manage apps that this app creates or owns",
"Id": "18a4783c-866b-4cc7-a460-3d5e5662c884",
"IsEnabled": true,
"Origin": "Application",
"Value": "Application.ReadWrite.OwnedBy",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator).",
"DisplayName": "Export user\u0027s data",
"Id": "405a51b5-8d8d-430b-9842-8be4b0e9f324",
"IsEnabled": true,
"Origin": "Application",
"Value": "User.Export.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, update, delete and perform actions on programs and program controls in the organization, without a signed-in user.",
"DisplayName": "Manage all programs",
"Id": "60a901ed-09f7-4aa5-a16e-7dd3d6f9de36",
"IsEnabled": true,
"Origin": "Application",
"Value": "ProgramControl.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read programs and program controls in the organization, without a signed-in user.",
"DisplayName": "Read all programs",
"Id": "eedb7fdd-7539-4345-a38b-4839e4a84cbd",
"IsEnabled": true,
"Origin": "Application",
"Value": "ProgramControl.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user.",
"DisplayName": "Manage all access reviews",
"Id": "ef5f7d5c-338f-44b0-86c3-351f46c8bb5f",
"IsEnabled": true,
"Origin": "Application",
"Value": "AccessReview.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read access reviews, reviewers, decisions and settings in the organization, without a signed-in user.",
"DisplayName": "Read all access reviews",
"Id": "d07a8cc0-3d51-4b77-b3b0-32704d1f69fa",
"IsEnabled": true,
"Origin": "Application",
"Value": "AccessReview.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory.",
"DisplayName": "Read all usage reports",
"Id": "230c1aed-a721-4c5d-9cb4-a90514e508ef",
"IsEnabled": true,
"Origin": "Application",
"Value": "Reports.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read any user\u0027s scored list of relevant people, without a signed-in user. The list can include local contacts, contacts from social networking, your organization\u0027s directory, and people from recent communications (such as email and Skype).",
"DisplayName": "Read all users\u0027 relevant people lists",
"Id": "b528084d-ad10-4598-8b93-929746b4d7d6",
"IsEnabled": true,
"Origin": "Application",
"Value": "People.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to update Microsoft Teams 1-to-1 or group chat messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing.",
"DisplayName": "Flag chat messages for violating policy",
"Id": "7e847308-e030-4183-9899-5235d7270f58",
"IsEnabled": true,
"Origin": "Application",
"Value": "Chat.UpdatePolicyViolation.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all 1-to-1 or group chat messages in Microsoft Teams.",
"DisplayName": "Read all chat messages",
"Id": "6b7d71aa-70aa-4810-a8d9-5d9fb2830017",
"IsEnabled": true,
"Origin": "Application",
"Value": "Chat.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all channel messages in Microsoft Teams",
"DisplayName": "Read all channel messages",
"Id": "7b2449af-6ccd-4f4d-9f78-e550c193f0d1",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelMessage.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to update Microsoft Teams channel messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing.",
"DisplayName": "Flag channel messages for violating policy",
"Id": "4d02b0cc-d90b-441f-8d82-4fb55c34d6bb",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelMessage.UpdatePolicyViolation.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants.",
"DisplayName": "Read and write all applications",
"Id": "1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9",
"IsEnabled": true,
"Origin": "Application",
"Value": "Application.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete user\u0027s mailbox settings without a signed-in user. Does not include permission to send mail.",
"DisplayName": "Read and write all user mailbox settings",
"Id": "6931bccd-447a-43d1-b442-00a195474933",
"IsEnabled": true,
"Origin": "Application",
"Value": "MailboxSettings.ReadWrite",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all domain properties without a signed in user. ?Also allows the app to add, ?verify and remove domains.",
"DisplayName": "Read and write domains",
"Id": "7e05723c-0bb0-42da-be95-ae9f08a6e53c",
"IsEnabled": true,
"Origin": "Application",
"Value": "Domain.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read user\u0027s mailbox settings without a signed-in user. Does not include permission to send mail.",
"DisplayName": "Read all user mailbox settings",
"Id": "40f97065-369a-49f4-947c-6a255697ae91",
"IsEnabled": true,
"Origin": "Application",
"Value": "MailboxSettings.Read",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read mail in all mailboxes without a signed-in user.",
"DisplayName": "Read mail in all mailboxes",
"Id": "810c84a8-4a9e-49e6-bf7d-12d183f40d01",
"IsEnabled": true,
"Origin": "Application",
"Value": "Mail.Read",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.",
"DisplayName": "Read and write mail in all mailboxes",
"Id": "e2a3a72e-5f79-4c64-b1b1-878b674786c9",
"IsEnabled": true,
"Origin": "Application",
"Value": "Mail.ReadWrite",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to send mail as any user without a signed-in user.",
"DisplayName": "Send mail as any user",
"Id": "b633e1c5-b582-4048-a93e-9f11b44c7e96",
"IsEnabled": true,
"Origin": "Application",
"Value": "Mail.Send",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all contacts in all mailboxes without a signed-in user.",
"DisplayName": "Read contacts in all mailboxes",
"Id": "089fe4d0-434a-44c5-8827-41ba8a0b17f5",
"IsEnabled": true,
"Origin": "Application",
"Value": "Contacts.Read",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user.",
"DisplayName": "Read and write contacts in all mailboxes",
"Id": "6918b873-d17a-4dc1-b314-35f528134491",
"IsEnabled": true,
"Origin": "Application",
"Value": "Contacts.ReadWrite",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read data in your organization\u0027s directory, such as users, groups and apps, without a signed-in user.",
"DisplayName": "Read directory data",
"Id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
"IsEnabled": true,
"Origin": "Application",
"Value": "Directory.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write data in your organization\u0027s directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion.",
"DisplayName": "Read and write directory data",
"Id": "19dbc75e-c2e2-444c-a770-ec69d8559fc7",
"IsEnabled": true,
"Origin": "Application",
"Value": "Directory.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers.",
"DisplayName": "Read and write devices",
"Id": "1138cb37-bd11-4084-a2b7-9f71582aeddb",
"IsEnabled": true,
"Origin": "Application",
"Value": "Device.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read events of all calendars without a signed-in user.",
"DisplayName": "Read calendars in all mailboxes",
"Id": "798ee544-9d2d-430c-a058-570e29e34338",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calendars.Read",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update, and delete events of all calendars without a signed-in user.",
"DisplayName": "Read and write calendars in all mailboxes",
"Id": "ef54d2bf-783f-4e0f-bca1-3210c0444d99",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calendars.ReadWrite",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s user flows, without a signed-in user.",
"DisplayName": "Read all identity user flows",
"Id": "1b0c317f-dd31-4305-9932-259a8b6e8099",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityUserFlow.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read or write your organization\u0027s user flows, without a signed-in user.",
"DisplayName": "Read and write all identity user flows",
"Id": "65319a09-a2be-469d-8782-f6b07debf789",
"IsEnabled": true,
"Origin": "Application",
"Value": "IdentityUserFlow.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and create online meetings as an application in your organization.",
"DisplayName": "Read and create online meetings",
"Id": "b8bb2037-6e08-44ac-a4ea-4674e010e2a4",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnlineMeetings.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read online meeting details in your organization, without a signed-in user.",
"DisplayName": "Read online meeting details",
"Id": "c1684f21-1984-47fa-9d61-2dc8c296bb70",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnlineMeetings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to get direct access to media streams in a call, without a signed-in user.",
"DisplayName": "Access media streams in a call as an app",
"Id": "a7a681dc-756e-4909-b988-f160edc6655f",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calls.AccessMedia.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to anonymously join group calls and scheduled meetings in your organization, without a signed-in user. ?The app will be joined as a guest to meetings in your organization.",
"DisplayName": "Join group calls and meetings as a guest",
"Id": "fd7ccf6b-3d28-418b-9701-cd10f5cd2fd4",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calls.JoinGroupCallAsGuest.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to join group calls and scheduled meetings in your organization, without a signed-in user. ?The app will be joined with the privileges of a directory user to meetings in your organization.",
"DisplayName": "Join group calls and meetings as an app",
"Id": "f6b49018-60ab-4f81-83bd-22caeabfed2d",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calls.JoinGroupCall.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to place outbound calls to multiple users and add participants to meetings in your organization, without a signed-in user.",
"DisplayName": "Initiate outgoing group calls from the app",
"Id": "4c277553-8a09-487b-8023-29ee378d8324",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calls.InitiateGroupCall.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to place outbound calls to a single user and transfer calls to users in your organization?s directory, without a signed-in user.",
"DisplayName": "Initiate outgoing 1 to 1 calls from the app",
"Id": "284383ee-7f6e-4e40-a2a8-e85dcb029101",
"IsEnabled": true,
"Origin": "Application",
"Value": "Calls.Initiate.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all organizational contacts without a signed-in user. These contacts are managed by the organization and are different from a user\u0027s personal contacts.",
"DisplayName": "Read organizational contacts",
"Id": "e1a88a34-94c4-4418-be12-c87b00e26bea",
"IsEnabled": true,
"Origin": "Application",
"Value": "OrgContact.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user.",
"DisplayName": "Read and write Microsoft Intune apps",
"Id": "78145de6-330d-4800-a6ce-494ff2d33d07",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementApps.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.",
"DisplayName": "Read and write Microsoft Intune device configuration and policies",
"Id": "9241abd9-d0e6-425a-bd4f-47ba86e767a4",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementConfiguration.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user.",
"DisplayName": "Perform user-impacting remote actions on Microsoft Intune devices",
"Id": "5b07b0dd-2377-4e44-a38d-703f09a0dc3c",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementManagedDevices.PrivilegedOperations.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device?s owner",
"DisplayName": "Read and write Microsoft Intune devices",
"Id": "243333ab-4d21-40cb-a475-36241daa0842",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementManagedDevices.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user.",
"DisplayName": "Read and write Microsoft Intune RBAC settings",
"Id": "e330c4f0-4170-414e-a55a-2f022ec2b57b",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementRBAC.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user.",
"DisplayName": "Read and write Microsoft Intune configuration",
"Id": "5ac13192-7ace-4fcf-b828-1a26f28068ee",
"IsEnabled": true,
"Origin": "Application",
"Value": "DeviceManagementServiceConfig.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user.",
"DisplayName": "Manage app permission grants and app role assignments",
"Id": "06b708a9-e830-4db3-a914-8e69da51d44f",
"IsEnabled": true,
"Origin": "Application",
"Value": "AppRoleAssignment.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage permission grants for delegated permissions exposed by any API (including Microsoft Graph), without a signed-in user.",
"DisplayName": "Manage all delegated permission grants",
"Id": "8e8e4742-1d95-4f68-9d56-6ee75648c72a",
"IsEnabled": true,
"Origin": "Application",
"Value": "DelegatedPermissionGrant.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all users\u0027 teamwork activity feed, without a signed-in user.",
"DisplayName": "Read all users\u0027 teamwork activity feed",
"Id": "70dec828-f620-4914-aa83-a29117306807",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsActivity.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user.",
"DisplayName": "Read privileged access to Azure AD roles",
"Id": "4cdc2547-9148-4295-8d11-be0db1391d6b",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.Read.AzureAD",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
"DisplayName": "Read privileged access to Azure AD groups",
"Id": "01e37dc9-c035-40bd-b438-b2879c4870a6",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.Read.AzureADGroup",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user.",
"DisplayName": "Read privileged access to Azure resources",
"Id": "5df6fe86-1be0-44eb-b916-7bd443a71236",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.Read.AzureResources",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user.",
"DisplayName": "Read and write privileged access to Azure AD roles",
"Id": "854d9ab1-6657-4ec8-be45-823027bcd009",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.ReadWrite.AzureAD",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
"DisplayName": "Read and write privileged access to Azure AD groups",
"Id": "2f6817f8-7b12-4f0f-bc18-eeaf60705a9e",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.ReadWrite.AzureADGroup",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to request and manage time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) in your organization, without a signed-in user.",
"DisplayName": "Read and write privileged access to Azure resources",
"Id": "6f9d5abc-2db6-400b-a267-7de22a40fb87",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrivilegedAccess.ReadWrite.AzureResources",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all the indicators for your organization, without a signed-in user.",
"DisplayName": "Read all threat indicators",
"Id": "197ee4e9-b993-4066-898f-d6aecc55125b",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatIndicators.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to send, read, update and delete user?s notifications, without a signed-in user.",
"DisplayName": "Deliver and manage all user\u0027s notifications",
"Id": "4e774092-a092-48d1-90bd-baad67c7eb47",
"IsEnabled": true,
"Origin": "Application",
"Value": "UserNotification.ReadWrite.CreatedByApp",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all applications and service principals without a signed-in user.",
"DisplayName": "Read all applications",
"Id": "9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30",
"IsEnabled": true,
"Origin": "Application",
"Value": "Application.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read BitLocker keys for all devices, without a signed-in user. Allows read of the recovery key.",
"DisplayName": "Read all BitLocker keys",
"Id": "57f1cf28-c0c4-4ec3-9a30-19a2eaaf2f6e",
"IsEnabled": true,
"Origin": "Application",
"Value": "BitlockerKey.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read basic BitLocker key properties for all devices, without a signed-in user. Does not allow read of the recovery key.",
"DisplayName": "Read all BitLocker keys basic information",
"Id": "f690d423-6b29-4d04-98c6-694c42282419",
"IsEnabled": true,
"Origin": "Application",
"Value": "BitlockerKey.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read memberships and basic group properties for all groups without a signed-in user.",
"DisplayName": "Read all group memberships",
"Id": "98830695-27a2-44f7-8c18-0c3ebc9698f6",
"IsEnabled": true,
"Origin": "Application",
"Value": "GroupMember.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be updated and groups cannot be deleted.",
"DisplayName": "Read and write all group memberships",
"Id": "dbaae8cf-10b5-4b86-a4a1-f871c94c6695",
"IsEnabled": true,
"Origin": "Application",
"Value": "GroupMember.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create groups without a signed-in user.",
"DisplayName": "Create groups",
"Id": "bf7b1a76-6e77-406b-b258-bf5c7720e98f",
"IsEnabled": true,
"Origin": "Application",
"Value": "Group.Create",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to read your organization\u0027s threat assessment requests, without a signed-in user.",
"DisplayName": "Read threat assessment requests",
"Id": "f8f035bb-2cce-47fb-8bf5-7baf3ecbee48",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatAssessment.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all schedules, schedule groups, shifts and associated entities in the Teams or Shifts application without a signed-in user.",
"DisplayName": "Read all schedule items",
"Id": "7b2ebf90-d836-437f-b90d-7b62722c4456",
"IsEnabled": true,
"Origin": "Application",
"Value": "Schedule.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage all schedules, schedule groups, shifts and associated entities in the Teams or Shifts application without a signed-in user.",
"DisplayName": "Read and write all schedule items",
"Id": "b7760610-0545-4e8a-9ec3-cce9e63db01c",
"IsEnabled": true,
"Origin": "Application",
"Value": "Schedule.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read call records for all calls and online meetings without a signed-in user.",
"DisplayName": "Read all call records",
"Id": "45bbb07e-7321-4fd7-a8f6-3ff27e6a81c8",
"IsEnabled": true,
"Origin": "Application",
"Value": "CallRecords.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s conditional access policies, without a signed-in user.",
"DisplayName": "Read and write your organization\u0027s conditional access policies",
"Id": "01c0a623-fc9b-48e9-b794-0756f8e8f067",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.ConditionalAccess",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user?s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods",
"DisplayName": "Read and write all users\u0027 authentication methods ",
"Id": "50483e42-d915-4231-9639-7fdb7fd190e5",
"IsEnabled": true,
"Origin": "Application",
"Value": "UserAuthenticationMethod.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": " Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user?s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
"DisplayName": " Read all users\u0027 authentication methods",
"Id": "38d9df27-64da-44fd-b7c5-a6fbac20248f",
"IsEnabled": true,
"Origin": "Application",
"Value": "UserAuthenticationMethod.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create tabs in any team in Microsoft Teams, without a signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs.",
"DisplayName": "Create tabs in Microsoft Teams.",
"Id": "49981c42-fd7b-4530-be03-e77b21aed25e",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.Create",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read the names and settings of tabs inside any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. ",
"DisplayName": "Read tabs in Microsoft Teams.",
"Id": "46890524-499a-4bb2-ad64-1476b4f3e1cf",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read and write tabs in any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs.",
"DisplayName": "Read and write tabs in Microsoft Teams.",
"Id": "a96d855f-016b-47d7-b51c-1218a98d791c",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all domain properties without a signed-in user.",
"DisplayName": "Read domains",
"Id": "dbb9058a-0e50-45d7-ae91-66909b5d4664",
"IsEnabled": true,
"Origin": "Application",
"Value": "Domain.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy.",
"DisplayName": "Read and write your organization\u0027s application configuration policies",
"Id": "be74164b-cff1-491c-8741-e671cb536e13",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.ApplicationConfiguration",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s devices\u0027 configuration information without a signed-in user.",
"DisplayName": "Read all devices",
"Id": "7438b122-aefc-4978-80ed-43db9fcc7715",
"IsEnabled": true,
"Origin": "Application",
"Value": "Device.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, update and delete identities that are associated with a user\u0027s account, without a signed in user. This controls the identities users can sign-in with.",
"DisplayName": "Manage all users\u0027 identities",
"Id": "c529cfca-c91b-489c-af2b-d92990b66ce6",
"IsEnabled": true,
"Origin": "Application",
"Value": "User.ManageIdentities.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all users\u0027 shift schedule preferences without a signed-in user.",
"DisplayName": "Read all user shift preferences",
"Id": "de023814-96df-4f53-9376-1e2891ef5a18",
"IsEnabled": true,
"Origin": "Application",
"Value": "UserShiftPreferences.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage all users\u0027 shift schedule preferences without a signed-in user.",
"DisplayName": "Read and write all user shift preferences",
"Id": "d1eec298-80f3-49b0-9efb-d90e224798ac",
"IsEnabled": true,
"Origin": "Application",
"Value": "UserShiftPreferences.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all the OneNote notebooks in your organization, without a signed-in user.",
"DisplayName": "Read and write all OneNote notebooks",
"Id": "0c458cef-11f3-48c2-a568-c66751c238c0",
"IsEnabled": true,
"Origin": "Application",
"Value": "Notes.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to have full control of all site collections without a signed in user.",
"DisplayName": "Have full control of all site collections",
"Id": "a82116e5-55eb-4c41-a434-62fe8a61c773",
"IsEnabled": true,
"Origin": "Application",
"Value": "Sites.FullControl.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create or delete document libraries and lists in all site collections without a signed in user.",
"DisplayName": "Create, edit, and delete items and lists in all site collections",
"Id": "0c0bf378-bf22-4481-8f81-9e89a9b4960a",
"IsEnabled": true,
"Origin": "Application",
"Value": "Sites.Manage.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read access packages and related entitlement management resources without a signed-in user.",
"DisplayName": "Read all entitlement management resources",
"Id": "c74fd47d-ed3c-45c3-9a9e-b8676de685d2",
"IsEnabled": true,
"Origin": "Application",
"Value": "EntitlementManagement.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write access packages and related entitlement management resources without a signed-in user.",
"DisplayName": "Read and write all entitlement management resources",
"Id": "9acd699f-1e81-4958-b001-93b1d2506e19",
"IsEnabled": true,
"Origin": "Application",
"Value": "EntitlementManagement.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Create channels in any team, without a signed-in user.",
"DisplayName": "Create channels",
"Id": "f3a65bd4-b703-46df-8f7e-0174fea562aa",
"IsEnabled": true,
"Origin": "Application",
"Value": "Channel.Create",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Delete channels in any team, without a signed-in user.",
"DisplayName": "Delete channels",
"Id": "6a118a39-1227-45d4-af0c-ea7b40d210bc",
"IsEnabled": true,
"Origin": "Application",
"Value": "Channel.Delete.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read all channel names, channel descriptions, and channel settings, without a signed-in user.",
"DisplayName": "Read the names, descriptions, and settings of all channels",
"Id": "c97b873f-f59f-49aa-8a0e-52b32d762124",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelSettings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read and write the names, descriptions, and settings of all channels, without a signed-in user.",
"DisplayName": "Read and write the names, descriptions, and settings of all channels",
"Id": "243cded2-bd16-4fd6-a953-ff8177894c3d",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelSettings.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Get a list of all teams, without a signed-in user.",
"DisplayName": "Get a list of all teams",
"Id": "2280dda6-0bfd-44ee-a2f4-cb867cfc4c1e",
"IsEnabled": true,
"Origin": "Application",
"Value": "Team.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read all channel names and channel descriptions, without a signed-in user.",
"DisplayName": "Read the names and descriptions of all channels",
"Id": "59a6b24b-4225-4393-8165-ebaec5f55d7a",
"IsEnabled": true,
"Origin": "Application",
"Value": "Channel.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read and change all teams\u0027 settings, without a signed-in user.",
"DisplayName": "Read and change all teams\u0027 settings",
"Id": "bdd80a03-d9bc-451d-b7c4-ce7c63fe3c8f",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamSettings.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read all team\u0027s settings, without a signed-in user.",
"DisplayName": "Read all teams\u0027 settings",
"Id": "242607bd-1d2c-432c-82eb-bdb27baa23ab",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamSettings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read the members of all teams, without a signed-in user.",
"DisplayName": "Read the members of all teams",
"Id": "660b7406-55f1-41ca-a0ed-0b035e182f3e",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamMember.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Add and remove members from all teams, without a signed-in user. Also allows changing a team member\u0027s role, for example from owner to non-owner.",
"DisplayName": "Add and remove members from all teams",
"Id": "0121dc95-1b9f-4aed-8bac-58c5ac466691",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamMember.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read the members of all channels, without a signed-in user.",
"DisplayName": "Read the members of all channels",
"Id": "3b55498e-47ec-484f-8136-9013221c06a9",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelMember.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Add and remove members from all channels, without a signed-in user. Also allows changing a member\u0027s role, for example from owner to non-owner.",
"DisplayName": "Add and remove members from all channels",
"Id": "35930dcf-aceb-4bd1-b99a-8ffed403c974",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChannelMember.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user.",
"DisplayName": "Read and write authentication flow policies",
"Id": "25f85f3c-f66c-4205-8cd5-de92dd7f0cec",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.AuthenticationFlows",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write all authentication method policies for the tenant, without a signed-in user.?",
"DisplayName": "Read and write all authentication method policies?",
"Id": "29c18626-4985-4dcd-85c0-193eef327366",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.AuthenticationMethod",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and write your organization\u0027s authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default.",
"DisplayName": "Read and write your organization\u0027s authorization policy",
"Id": "fb221be6-99f2-473f-bd32-01c6a0e9ca3b",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.Authorization",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read names and members of all one-to-one and group chats in Microsoft Teams, without a signed-in user.",
"DisplayName": "Read names and members of all chat threads",
"Id": "b2e060da-3baf-4687-9611-f4ebc0f0cbde",
"IsEnabled": true,
"Origin": "Application",
"Value": "Chat.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read policies related to consent and permission grants for applications, without a signed-in user.",
"DisplayName": "Read consent and permission grant policies",
"Id": "9e640839-a198-48fb-8b9a-013fd6f6cbcd",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.Read.PermissionGrant",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user.",
"DisplayName": "Manage consent and permission grant policies",
"Id": "a402ca1c-2696-4531-972d-6e5ee4aa11ea",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.ReadWrite.PermissionGrant",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read printers without a signed-in user.?",
"DisplayName": "Read printers",
"Id": "9709bb33-4549-49d4-8ed9-a8f65e45bb0f",
"IsEnabled": true,
"Origin": "Application",
"Value": "Printer.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and update printers without a signed-in user. Does not allow creating (registering) or deleting (unregistering) printers.",
"DisplayName": "Read and update printers",
"Id": "f5b3f73d-6247-44df-a74c-866173fddab0",
"IsEnabled": true,
"Origin": "Application",
"Value": "Printer.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to perform advanced operations like redirecting a print job to another printer without a signed-in user. Also allows the application to read and update the metadata of print jobs.",
"DisplayName": "Perform advanced operations on print jobs",
"Id": "58a52f47-9e36-4b17-9ebe-ce4ef7f3e6c8",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintJob.Manage.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read the metadata and document content of print jobs without a signed-in user.?",
"DisplayName": "Read print jobs",
"Id": "ac6f956c-edea-44e4-bd06-64b1b4b9aec9",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintJob.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read the metadata of print jobs without a signed-in user.?Does not allow access to print job document content.",
"DisplayName": "Read basic information for print jobs",
"Id": "fbf67eee-e074-4ef7-b965-ab5ce1c1f689",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintJob.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and update the metadata and document content of print jobs without a signed-in user.",
"DisplayName": "Read and write print jobs",
"Id": "5114b07b-2898-4de7-a541-53b0004e2e13",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintJob.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and update the metadata of print jobs without a signed-in user.?Does not allow access to print job document content.",
"DisplayName": "Read and write basic information for print jobs",
"Id": "57878358-37f4-4d3a-8c20-4816e0d457b1",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintJob.ReadWriteBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and update print task definitions without a signed-in user.?",
"DisplayName": "Read, write and update print task definitions",
"Id": "456b71a7-0ee0-4588-9842-c123fcc8f664",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintTaskDefinition.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create chat and channel messages, without a signed in user. The app specifies which user appears as the sender, and can backdate the message to appear as if it was sent long ago. The messages can be sent to any chat or channel in the organization.",
"DisplayName": "Create chat and channel messages with anyone\u0027s identity and with any timestamp",
"Id": "dfb0dd15-61de-45b2-be36-d6a69fba3c79",
"IsEnabled": true,
"Origin": "Application",
"Value": "Teamwork.Migrate.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the Teams apps that are installed in any chat, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Read installed Teams apps for all chats",
"Id": "cc7e7635-2586-41d6-adaa-a8d3bcad5ee5",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadForChat.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the Teams apps that are installed in any team, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Read installed Teams apps for all teams",
"Id": "1f615aea-6bf9-4b05-84bd-46388e138537",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadForTeam.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Read installed Teams apps for all users",
"Id": "9ce09611-f4f7-4abd-a629-a05450422a97",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadForUser.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Manage Teams apps for all chats",
"Id": "9e19bae1-2623-4c4f-ab6e-2664615ff9a0",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteForChat.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Manage Teams apps for all teams",
"Id": "5dad17ba-f6cc-4954-a5a2-a0dcc95154f0",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteForTeam.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read application-specific settings.",
"DisplayName": "Manage Teams apps for all users",
"Id": "74ef0291-ca83-4d02-8c7e-d2391e6a444f",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteForUser.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall itself for any chat, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage itself for all chats",
"Id": "73a45059-f39c-4baf-9182-4954ac0e55cf",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteSelfForChat.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall itself in any team, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage itself for all teams",
"Id": "9f67436c-5415-4e7f-8ac1-3014a7132630",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteSelfForTeam.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall itself to any user, without a signed-in user.",
"DisplayName": "Allow the app to manage itself for all users",
"Id": "908de74d-f8b2-4d6b-a9ed-2a17b3b78179",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsAppInstallation.ReadWriteSelfForUser.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create teams without a signed-in user.?",
"DisplayName": "Create teams",
"Id": "23fc2474-f741-46ce-8465-674744c5c361",
"IsEnabled": true,
"Origin": "Application",
"Value": "Team.Create",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Add and remove members from all teams, without a signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role.",
"DisplayName": "Add and remove members with non-owner role for all teams",
"Id": "4437522e-9a86-4a41-a7da-e380edd4a97d",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamMember.ReadWriteNonOwnerRole.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all term store data, without a signed-in user. This includes all sets, groups and terms in the term store.",
"DisplayName": "Read all term store data",
"Id": "ea047cc2-df29-4f3e-83a3-205de61501ca",
"IsEnabled": true,
"Origin": "Application",
"Value": "TermStore.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, edit or write all term store data, without a signed-in user. This includes all sets, groups and terms in the term store.",
"DisplayName": "Read and write all term store data",
"Id": "f12eb8d6-28e3-46e6-b2c0-b7e4dc69fc95",
"IsEnabled": true,
"Origin": "Application",
"Value": "TermStore.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your tenant\u0027s service health information, without a signed-in user. Health information may include service issues or service health overviews.",
"DisplayName": "Read service health",
"Id": "79c261e0-fe76-4144-aad5-bdc68fbe4037",
"IsEnabled": true,
"Origin": "Application",
"Value": "ServiceHealth.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your tenant\u0027s service announcement messages, without a signed-in user. Messages may include information about new or changed features.",
"DisplayName": "Read service messages",
"Id": "1b620472-6534-4fe6-9df2-4680e8aa28ec",
"IsEnabled": true,
"Origin": "Application",
"Value": "ServiceMessage.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all the short notes without a signed-in user.",
"DisplayName": "Read all users\u0027 short notes",
"Id": "0c7d31ec-31ca-4f58-b6ec-9950b6b0de69",
"IsEnabled": true,
"Origin": "Application",
"Value": "ShortNotes.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, create, edit, and delete all the short notes without a signed-in user.",
"DisplayName": "Read, create, edit, and delete all users\u0027 short notes",
"Id": "842c284c-763d-4a97-838d-79787d129bab",
"IsEnabled": true,
"Origin": "Application",
"Value": "ShortNotes.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s conditional access policies, without a signed-in user.",
"DisplayName": "Read your organization\u0027s conditional access policies",
"Id": "37730810-e9ba-4e46-b07e-8ca78d182097",
"IsEnabled": true,
"Origin": "Application",
"Value": "Policy.Read.ConditionalAccess",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read role-based access control (RBAC) settings for all RBAC providers without a signed-in user. This includes reading role definitions and role assignments.",
"DisplayName": "Read role management data for all RBAC providers",
"Id": "c7fbd983-d9aa-4fa7-84b8-17382c103bc4",
"IsEnabled": true,
"Origin": "Application",
"Value": "RoleManagement.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all PSTN and direct routing call log data without a signed-in user.",
"DisplayName": "Read PSTN and direct routing call log data",
"Id": "a2611786-80b3-417e-adaa-707d4261a5f0",
"IsEnabled": true,
"Origin": "Application",
"Value": "CallRecord-PstnCalls.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all one-to-one and group chats messages in Microsoft Teams, without a signed-in user.",
"DisplayName": "Read all chat messages",
"Id": "b9bb2381-47a4-46cd-aafb-00cb12f68504",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChatMessage.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall all tabs for any chat, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage all tabs for all chats",
"Id": "fd9ce730-a250-40dc-bd44-8dc8d20f39ea",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteForChat.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall all tabs in any team, without a signed-in user.",
"DisplayName": "Allow the Teams app to manage all tabs for all teams",
"Id": "6163d4f4-fbf8-43da-a7b4-060fe85ed148",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteForTeam.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows a Teams app to read, install, upgrade, and uninstall all tabs for any user, without a signed-in user.",
"DisplayName": "Allow the app to manage all tabs for all users",
"Id": "425b4b59-d5af-45c8-832f-bb0b7402348a",
"IsEnabled": true,
"Origin": "Application",
"Value": "TeamsTab.ReadWriteForUser.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the API connectors used in user authentication flows, without a signed-in user.",
"DisplayName": "Read API connectors for authentication flows",
"Id": "b86848a7-d5b1-41eb-a9b4-54a4e6306e97",
"IsEnabled": true,
"Origin": "Application",
"Value": "APIConnectors.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read, create and manage the API connectors used in user authentication flows, without a signed-in user.",
"DisplayName": "Read and write API connectors for authentication flows",
"Id": "1dfe531a-24a6-4f1b-80f4-7a0dc5a0a171",
"IsEnabled": true,
"Origin": "Application",
"Value": "APIConnectors.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Read the members of all chats, without a signed-in user.",
"DisplayName": "Read the members of all chats",
"Id": "a3410be2-8e48-4f32-8454-c29a7465209d",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChatMember.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Add and remove members from all chats, without a signed-in user.",
"DisplayName": "Add and remove members from all chats",
"Id": "57257249-34ce-4810-a8a2-a03adf0c5693",
"IsEnabled": true,
"Origin": "Application",
"Value": "ChatMember.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create chats without a signed-in user.?",
"DisplayName": "Create chats",
"Id": "d9c48af6-9ad9-47ad-82c3-63757137b9af",
"IsEnabled": true,
"Origin": "Application",
"Value": "Chat.Create",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read tenant-wide print settings without a signed-in user.",
"DisplayName": "Read tenant-wide print settings",
"Id": "b5991872-94cf-4652-9765-29535087c6d8",
"IsEnabled": true,
"Origin": "Application",
"Value": "PrintSettings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read and change the tenant-level settings of SharePoint and OneDrive, without a signed-in user.",
"DisplayName": "Read and change SharePoint and OneDrive tenant settings",
"Id": "19b94e34-907c-4f43-bde9-38b1909ed408",
"IsEnabled": true,
"Origin": "Application",
"Value": "SharePointTenantSettings.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s authentication event listeners without a signed-in user.",
"DisplayName": "Read all authentication event listeners",
"Id": "b7f6385c-6ce6-4639-a480-e23c42ed9784",
"IsEnabled": true,
"Origin": "Application",
"Value": "EventListener.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read or write your organization\u0027s authentication event listeners without a signed-in user.",
"DisplayName": "Read and write all authentication event listeners",
"Id": "0edf5e9e-4ce8-468a-8432-d08631d18c43",
"IsEnabled": true,
"Origin": "Application",
"Value": "EventListener.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s custom authentication extensions without a signed-in user.",
"DisplayName": "Read all custom authentication extensions",
"Id": "88bb2658-5d9e-454f-aacd-a3933e079526",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomAuthenticationExtension.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all users? tasks and task lists in your organization, without a signed-in user.",
"DisplayName": "Read all users? tasks and tasklist",
"Id": "f10e1f91-74ed-437f-a6fd-d6ae88e26c1f",
"IsEnabled": true,
"Origin": "Application",
"Value": "Tasks.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to obtain basic tenant information about another target tenant within the Azure AD ecosystem without a signed-in user.",
"DisplayName": "Read cross-tenant basic information",
"Id": "cac88765-0581-4025-9725-5ebc13f729ee",
"IsEnabled": true,
"Origin": "Application",
"Value": "CrossTenantInformation.ReadBasic.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.? It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user.",
"DisplayName": "Read all shared cross-tenant user profiles and export or delete their data",
"Id": "306785c5-c09b-4ba0-a4ee-023f3da165cb",
"IsEnabled": true,
"Origin": "Application",
"Value": "CrossTenantUserProfileSharing.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update the authentication context information in your organization without a signed-in user.",
"DisplayName": "Read and write all authentication context information",
"Id": "a88eef72-fed0-4bf7-a2a9-f19df33f8b83",
"IsEnabled": true,
"Origin": "Application",
"Value": "AuthenticationContext.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s threat submissions and to view threat submission policies without a signed-in user.",
"DisplayName": "Read all of the organization\u0027s threat submissions",
"Id": "86632667-cd15-4845-ad89-48a88e8412e1",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatSubmission.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to sign digests for data without a signed-in user.",
"DisplayName": "Sign digests for data",
"Id": "cbe6c7e4-09aa-4b8d-b3c3-2dbb59af4b54",
"IsEnabled": true,
"Origin": "Application",
"Value": "InformationProtectionContent.Sign.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read your organization\u0027s threat submission policies without a signed-in user. Also allows the app to create new threat submission polices without a signed-in user.",
"DisplayName": "Read and write all of the organization\u0027s threat submission policies",
"Id": "926a6798-b100-4a20-a22f-a4918f13951d",
"IsEnabled": true,
"Origin": "Application",
"Value": "ThreatSubmissionPolicy.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read and update all Azure AD recommendations, without a signed-in user. ",
"DisplayName": "Read and update all Azure AD recommendations",
"Id": "0e9eea12-4f01-45f6-9b8d-3ea4c8144158",
"IsEnabled": true,
"Origin": "Application",
"Value": "DirectoryRecommendations.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all recordings of all online meetings, without a signed-in user.",
"DisplayName": "Read all recordings of online meetings.",
"Id": "a4a08342-c95d-476b-b943-97e100569c8d",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnlineMeetingRecording.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows an app to manage license assignments for users and groups, without a signed-in user.",
"DisplayName": "Manage all license assignments",
"Id": "5facf0c1-8979-4e95-abcf-ff3d079771c0",
"IsEnabled": true,
"Origin": "Application",
"Value": "LicenseAssignment.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all Azure AD recommendations, without a signed-in user. ",
"DisplayName": "Read all Azure AD recommendations",
"Id": "ae73097b-cb2a-4447-b064-5d80f6093921",
"IsEnabled": true,
"Origin": "Application",
"Value": "DirectoryRecommendations.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.? It also permits the application to export external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user.",
"DisplayName": "Read all shared cross-tenant user profiles and export their data",
"Id": "8b919d44-6192-4f3d-8a3b-f86f8069ae3c",
"IsEnabled": true,
"Origin": "Application",
"Value": "CrossTenantUserProfileSharing.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to manage restricted resources based on the other permissions granted to the app, without a signed-in user.",
"DisplayName": "Manage restricted resources in the directory",
"Id": "f20584af-9290-4153-9280-ff8bb2c0ea7f",
"IsEnabled": true,
"Origin": "Application",
"Value": "Directory.Write.Restricted",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read all transcripts of all online meetings, without a signed-in user.",
"DisplayName": "Read all transcripts of online meetings.",
"Id": "a4a80d8d-d283-4bd8-8504-555ec3870630",
"IsEnabled": true,
"Origin": "Application",
"Value": "OnlineMeetingTranscript.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the application to read the tenant-level settings of SharePoint and OneDrive, without a signed-in user.",
"DisplayName": "Read SharePoint and OneDrive tenant settings",
"Id": "83d4163d-a2d8-4d3b-9695-4ae3ca98f888",
"IsEnabled": true,
"Origin": "Application",
"Value": "SharePointTenantSettings.Read.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read or write your organization\u0027s custom authentication extensions without a signed-in user.",
"DisplayName": "Read and write all custom authentication extensions",
"Id": "c2667967-7050-4e7e-b059-4cbbb3811d03",
"IsEnabled": true,
"Origin": "Application",
"Value": "CustomAuthenticationExtension.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create protected content without a signed-in user. ",
"DisplayName": "Create protected content",
"Id": "287bd98c-e865-4e8c-bade-1a85523195b9",
"IsEnabled": true,
"Origin": "Application",
"Value": "InformationProtectionContent.Write.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to create, read, update and delete all users? tasks and task lists in your organization, without a signed-in user",
"DisplayName": "Read and write all users? tasks and tasklists",
"Id": "44e666d1-d276-445b-a5fc-8815eeb81d55",
"IsEnabled": true,
"Origin": "Application",
"Value": "Tasks.ReadWrite.All",
"AdditionalProperties": {}
},
{
"AllowedMemberTypes": [
"Application"
],
"Description": "Allows the app to read the authentication context information in your organization without a signed-in user.",
"DisplayName": "Read all authentication context information",
"Id": "381f742f-e1f8-4309-b4ab-e3d91ae4c5c1",
"IsEnabled": true,
"Origin": "Application",
"Value": "AuthenticationContext.Read.All",
"AdditionalProperties": {}
}
]
@watahani
Copy link
Author 

$msGraph = Get-MgServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
$msGraph.AppRoles | ConvertTo-Json -Depth 100 | Out-File -Encoding utf8 ./approle-permissions.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment