Microsoft Azure Permissions
The following table describes the permissions required by PlaceOS and their intended use case.
Place.Read.All List all rooms in a tenant GET /places/microsoft.graph.room
Read all company places
Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant.
YES
Calendars.ReadWrite
and Calendars.ReadWrite.Shared
Add an event to the user's calendar
Read and write user calendar and shared calendars
Allows the app to create, read, update and delete events in the user’s calendar and any calendars shared to the user.
YES
Contacts.Read:
Read a contact from one of the top-level contact folders of the signed-in user (GET /me/contacts).
Read user’s contacts
Allows the app to read user contacts, to make adding attendees to events more convenient when using PlaceOS apps to create events.
YES
Group.Read.All:
Read all Microsoft 365 groups that the signed-in user is a member of GET /me/memberOf/
List Microsoft 365 group content like members GET /groups/{id}/members
Read all groups
Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.
YES
Read all users’ profiles
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
YES
For automated access relating to room resource calendars (e.g. auto releasing a room in the case of a meeting no show)
Allows automated server side actions to be performed, using MS Graph API refresh token.
YES
Last updated