| Microsoft Graph (Application) |
Application.ReadWrite.OwnedBy* |
Allows the app to create and rotate its own application secrets. |
No* |
| Microsoft Graph (Application) |
Channel.Create |
Allows the app to create channels in any team. |
Yes |
| Microsoft Graph (Application) |
Channel.ReadBasic.All |
Allows the app to read all channel names and descriptions. |
Yes |
| Microsoft Graph (Application) |
ChannelMember.ReadWrite.All |
Allows the app to add and remove members from all channels. |
Yes |
| Microsoft Graph (Application) |
ChannelMessage.Read.All |
Allows the app to read all channel messages in Teams. |
Yes |
| Microsoft Graph (Application) |
ChannelSettings.ReadWrite.All |
Allows the app to read and write channel settings. |
Yes |
| Microsoft Graph (Application) |
Chat.Read.All |
Allows the app to read all 1:1 and group chat messages in Teams. |
Yes |
| Microsoft Graph (Application) |
Directory.Read.All |
Allows the app to read directory data, including users and groups. |
Yes |
| Microsoft Graph (Application) |
Files.ReadWrite.All |
Allows the app to read, create, update, and delete files in all site collections. |
Yes |
| Microsoft Graph (Application) |
Group.ReadWrite.All |
Allows the app to create, read, update, and delete Microsoft 365 Groups. |
Yes |
| Microsoft Graph (Application) |
Notes.ReadWrite.All |
Allows the app to read, share, and modify OneNote notebooks. |
Yes |
| Microsoft Graph (Application) |
Policy.Read.All |
Allows the app to read organizational policy configurations. |
Yes |
| Microsoft Graph (Application) |
Reports.Read.All |
Allows the app to read Microsoft 365 service usage reports. |
Yes |
| Microsoft Graph (Application) |
Tasks.ReadWrite.All |
Allows the app to create, read, update, and delete Planner tasks. |
Yes |
| Microsoft Graph (Application) |
Team.ReadBasic.All |
Allows the app to discover all teams. |
Yes |
| Microsoft Graph (Application) |
TeamMember.ReadWrite.All |
Allows the app to add and remove team members and update roles. |
Yes |
| Microsoft Graph (Application) |
TeamworkTag.ReadWrite.All |
Allows the app to read and write Teams tags. |
Yes |
| Microsoft Graph (Application) |
TeamsAppInstallation.ReadWriteForTeam.All |
Allows the app to read, install, upgrade, and uninstall Teams apps. |
Yes |
| Microsoft Graph (Application) |
User.Read.All |
Allows the app to read user profile information. |
Yes |
| Microsoft Graph (Delegated) |
ChannelMessage.Read.All |
Allows the app to read channel messages on behalf of the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
ChannelMessage.Send |
Allows the app to send channel messages on behalf of the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
Directory.AccessAsUser.All |
Allows the app to access directory data as the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
Group.ReadWrite.All |
Allows the app to manage groups on behalf of the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
Notes.ReadWrite.All |
Allows the app to manage OneNote content on behalf of the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
Sites.ReadWrite.All |
Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. |
Yes |
| Microsoft Graph (Delegated) |
offline_access |
Allows the app to maintain access without requiring the user to reauthenticate. |
Yes |
| Microsoft Graph (Delegated) |
openid |
Allows users to sign in and provide basic profile information. |
Yes |