Permissions
On the following page you see an overview of the required permissions.
Easy Directory requires two separate app registrations within your tenant to ensure functionality and security:
Easy Directory: This primary app handles the core functionalities, enabling the display of your contacts directly within Microsoft Teams.
Easy Directory Configuration: To enhance security, a second app registration with elevated permissions is used to change the users configuration
Easy Platform Configuration Center: To enhance security, a third app registration with elevated permissions is used for configuration tasks. This app allows:
Access to contacts stored in shared mailboxes.
The provision of a dedicated portal for managing contacts and views.
Access to the Easy Platform Configuration Portal is restricted to users assigned the Teams Administrator role, ensuring that only authorized personnel can manage the platform’s configuration and permissions.
This two-app approach guarantees both robust functionality and a secure management environment for Easy Directory.
Easy Directory
Contacts.Read
Allows the app to read user contacts.
Contacts.Read.Shared
Allows the app to read contacts a user has permissions to access, including their own and shared contacts.
Contacts.ReadWrite
Allows the app to create, read, update, and delete user contacts.
MailboxSettings.Read
Allows the app to the read user's mailbox settings. Does not include permission to send mail.
Presence.Read.All
Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location
User.Read.All
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
MailboxSettings.Read
Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail.
User.Read.All
Allows the app to read user profiles without a signed in user.
Contacts.Read
Allows the app to read all contacts in all mailboxes without a signed-in user.
Easy Directory Configuration
Presence.Read.All
Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
User.Read
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
User.ReadBasic.All
Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.
Easy Platform Configuration Center
Application.Read.All
Allows the app to read applications and service principals on behalf of the signed-in user.
Allows the app to read your users' primary email address
offline_access
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
openid
Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
profile
Allows the app to see your users' basic profile (e.g., name, picture, user name, email address)
User.Read
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
User.ReadBasic.All
Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.
Last updated