Microsoft Azure Permissions
The following table describes the permissions required by PlaceOS and their intended use case.
Permission & Usage
Admin Conesent Required
Read all company places
Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant.
Add an event to the user's calendar
Read and write user calendar and shared calendars
Allows the app to create, read, update and delete events in the user’s calendar and any calendars shared to the user.
Read a contact from one of the top-level contact folders of the signed-in user (GET /me/contacts).
Read user’s contacts
Allows the app to read user contacts, to make adding attendees to events more convenient when using PlaceOS apps to create events.
Read all groups
Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.
Read all users’ profiles
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
For automated access relating to room resource calendars (e.g. auto releasing a room in the case of a meeting no show)
Allows automated server side actions to be performed, using MS Graph API refresh token.