Microsoft Azure Permissions

The following table describes the permissions required by PlaceOS and their intended use case.

Permission & Usage	Display String	Description	Admin Conesent Required
Place.Read.All List all rooms in a tenant GET /places/microsoft.graph.room	Read all company places	Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant.	YES
Calendars.ReadWrite and Calendars.ReadWrite.Shared Add an event to the user's calendar POST /me/events	Read and write user calendar and shared calendars	Allows the app to create, read, update and delete events in the user’s calendar and any calendars shared to the user.	YES
Contacts.Read: Read a contact from one of the top-level contact folders of the signed-in user (GET /me/contacts).	Read user’s contacts	Allows the app to read user contacts, to make adding attendees to events more convenient when using PlaceOS apps to create events.	YES
Group.Read.All: Read all Microsoft 365 groups that the signed-in user is a member of GET /me/memberOf/ List Microsoft 365 group content like members GET /groups/{id}/members	Read all groups	Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.	YES
User.Read.All: List Users GET /users Read a user's profle GET /users/{id}	Read all users’ profiles	Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.	YES
offline_access	For automated access relating to room resource calendars (e.g. auto releasing a room in the case of a meeting no show)	Allows automated server side actions to be performed, using MS Graph API refresh token.	YES

Permission & Usage

Display String

Description

Admin Conesent Required

Place.Read.All List all rooms in a tenant GET /places/microsoft.graph.room

Read all company places

Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant.

YES

Calendars.ReadWrite

and Calendars.ReadWrite.Shared

Add an event to the user's calendar

POST /me/events

Read and write user calendar and shared calendars

Allows the app to create, read, update and delete events in the user’s calendar and any calendars shared to the user.

YES

Contacts.Read:

Read a contact from one of the top-level contact folders of the signed-in user (GET /me/contacts).

Read user’s contacts

Allows the app to read user contacts, to make adding attendees to events more convenient when using PlaceOS apps to create events.

YES

Group.Read.All:

Read all Microsoft 365 groups that the signed-in user is a member of GET /me/memberOf/

List Microsoft 365 group content like members GET /groups/{id}/members

Read all groups

Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.

YES

User.Read.All:

List Users GET /users

Read a user's profle GET /users/{id}

Read all users’ profiles

Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

YES

offline_access

For automated access relating to room resource calendars (e.g. auto releasing a room in the case of a meeting no show)

Allows automated server side actions to be performed, using MS Graph API refresh token.

YES

PreviousSecurity NextGlossary

Last updated 1 year ago