☰
Related Products
ADManager Plus
ADAudit Plus
ADSelfService Plus
M365 Manager Plus
The roles required by an Entra application configured for M365 Manager Plus are listed below.
Table 1: Roles required by the configured Entra application.
| Role Name | Scope |
|---|---|
| Privileged Authentication Administrator | Create, manage, and delete users and their authentication methods. |
| Helpdesk Administrator | Change passwords, invalidate refresh tokens, and monitor service health. |
| Exchange Administrator | Create, manage, and delete Exchange Online mailboxes. |
The permissions required by an Entra application configured for M365 Manager Plus are listed below.
Table 2: Permissions required by the configured Entra application.
| Module | API Name | Permission | Scope |
|---|---|---|---|
| Management | Microsoft Graph | User.ReadWrite.All | Create, modify, delete, or restore users. |
| Group.ReadWrite.All | Create, modify, delete, or restore groups. Add or remove group members and owners. | ||
| AdminsitrativeUnit.ReadWrite.All | Add members to administrative units. | ||
| RoleManagement.ReadWrite.Directory | Add directory roles to users. | ||
| UserAuthenticationMethod.ReadWrite.All | Allows the application to read and write authentication methods of all users | ||
| Policy.ReadWrite.AuthenticationMethod | Allows the application to change the MFA status of all users and configure their default MFA method. | ||
| Exchange Online | Exchange.ManageAsApp | Used to execute Exchange Online PowerShell cmdlets via the configured Entra application | |
| SharePoint Online | Sites.Manage.All | Allow the app to read, create, update, and delete document libraries and lists in all site collections. | |
| Reporting | Microsoft Graph | User.Read.All | Get user and group member reports. |
| Group.Read.All | Get group reports. | ||
| Contacts.Read | Get contact reports. | ||
| Files.Read.All | Get OneDrive for Business reports. | ||
| Reports.Read.All | Get usage reports. | ||
| Organization.Read.All | Get license detail reports. | ||
| AuditLog.Read.All | Get audit-log-based reports. | ||
| ChannelMember.Read.All | Get Microsoft Teams channel member reports. | ||
| Application.Read.All | Get Entra application details. | ||
| Sites.Read.All | Get details on SharePoint sites. | ||
| Policy.Read.All | Configure conditional access policy details. | ||
| Calendars.Read | Get users' calendar details. | ||
| ReportSettings.Read.All | Enables the configured Entra application to retrieve tenant-level settings from the tenant where it is configured. | ||
| Office 365 Management | ActivityFeed.Read | Read the audit data for the organization. | |
| Exchange Online | Exchange.ManageAsApp | Used to execute Exchange Online PowerShell cmdlets via the configured Entra application | |
| SharePoint Online | Sites.Read.All | Allow the app to read documents and list items in all site collections. | |
| Auditing and alerting | Office 365 Management | ActivityFeed.Read | Read the activity data for the organization. |
| Exchange Online | Exchange.ManageAsApp | Used to execute Exchange Online PowerShell cmdlets via the configured Entra application | |
| SharePoint Online | InformationProtectionPolicy.Read.All
(not available in Azure China tenants) |
Get data on published sensitivity labels used in the tenant. | |
| Monitoring | Microsoft Graph | ServiceHealth.Read.All | Get health and performance reports. |
| Content search | Microsoft Graph | Mail.Read | Get content search reports. |
| Configuration | Microsoft Graph | Application.ReadWrite.All | Modify the application details. |
| Backup | Office 365 Exchange Online | full_access_as_app | Use Exchange Web Services to back up and restore mailboxes. |
Copyright © 2023, ZOHO Corp. All Rights Reserved.
Previous Topic