Microsoft Azure Permissions

The following table describes the permissions required by PlaceOS and their intended use case.

Permission & Usage
Display String
Description
Admin Conesent Required

Place.Read.All List all rooms in a tenant GET /places/microsoft.graph.room

Read all company places

Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant.

YES

Calendars.ReadWrite

and Calendars.ReadWrite.Shared

Add an event to the user's calendar

POST /me/events

Read and write user calendar and shared calendars

Allows the app to create, read, update and delete events in the user’s calendar and any calendars shared to the user.

YES

Contacts.Read:

Read a contact from one of the top-level contact folders of the signed-in user (GET /me/contacts).

Read user’s contacts

Allows the app to read user contacts, to make adding attendees to events more convenient when using PlaceOS apps to create events.

YES

Group.Read.All:

  • Read all Microsoft 365 groups that the signed-in user is a member of GET /me/memberOf/

Read all groups

Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.

YES

User.Read.All:

List Users GET /users

Read a user's profle GET /users/{id}

Read all users’ profiles

Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

YES

For automated access relating to room resource calendars (e.g. auto releasing a room in the case of a meeting no show)

Allows automated server side actions to be performed, using MS Graph API refresh token.

YES

Last updated