Azure Batch
Permission | Details |
User_impersonation | Admin consent required No Admin consent display name Access Azure Batch Service Admin consent description Allow the application to access the Azure Batch Service API on behalf of the signed-in user. User consent display name Full access to Azure Batch Service API User consent description Allow the application to access all Azure Batch Service functionality on your behalf. |
Azure Service Management
Permission | Details |
User_impersonation | Admin consent required No Admin consent display name Access Azure Service Management as organization users (preview) Admin consent description Allows the application to access the Azure Management Service API acting as users in the organization. User consent display name Access Azure Service Management as you (preview) User consent description Allows the application to access Azure Service Management as you. |
Microsoft Graph
Permission | Details |
Application.ReadWrite.Al | Admin consent required Yes Display Name Manage app permission grants and app role assignments Description Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. |
Application.ReadWrite.OwnedBy | Admin consent required Yes Display Name Manage app permission grants and app role assignments Description Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. It cannot update any apps that it is not an owner of. |
AppRoleAssignment.ReadWrite.All | Admin consent required Yes Display Name Manage app permission grants and app role assignments Description Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user. |
BillingConfiguration.ReadWrite.All | Admin consent required Yes Display Name Read and write application billing configuration Description Allows the app to read and write the billing configuration on all applications without a signed-in user. |
Device.ReadWrite.All | Admin consent required Yes Display Name Read and write devices Description Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers. |
Directory.AccessAsUser.All | Admin consent required Yes Display Name Access directory as the signed in user Description Allows the app to have the same access to information in the directory as the signed-in user. |
Directory.Read.All | Admin consent required Yes Display Name Read directory data Description Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. |
Directory.ReadWrite.All | Admin consent required Yes Display Name Read and write directory data Description Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. |
Policy.Read.All | Admin consent required Yes Display Name Read your organization's policies Description Allows the app to read all your organization's policies without a signed in user. |
Policy.Read.ConditionalAccess | Admin consent required Yes Display Name Read your organization's conditional access policies Description Allows the app to read your organization's conditional access policies, without a signed-in user. |
Policy.Read.PermissionGrant | Admin consent required Yes Display Name Read consent and permission grant policies Description Allows the app to read policies related to consent and permission grants for applications, without a signed-in user. |
Policy.ReadWrite.ApplicationConfiguration | Admin consent required Yes Display Name Read and write your organization's application configuration policies Description Allows the app to read and write your organization's application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy. |
Policy.ReadWrite.AuthenticationFlows | Admin consent required Yes Display Name Read and write authentication flow policies Description Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user. |
Policy.ReadWrite.AuthenticationMethod | Admin consent required Yes Display Name Read and write all authentication method policies Description Allows the app to read and write all authentication method policies for the tenant, without a signed-in user. |
Policy.ReadWrite.Authorization | Admin consent required Yes Display Name Read and write your organization's authorization policy Description Allows the app to read and write your organization's authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. |
Policy.ReadWrite.ConditionalAccess | Admin consent required Yes Display Name Read and write your organization's conditional access policies Description Allows the app to read and write your organization's conditional access policies, without a signed-in user. |
Policy.ReadWrite.ConsentRequest | Admin consent required Yes Display Name Read and write your organization's consent request policy Description Allows the app to read and write your organization's consent requests policy without a signed-in user. |
Policy.ReadWrite.FeatureRollout | Admin consent required Yes Display Name Read and write feature rollout policies Description Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to roll out of a specific feature. |
Policy.ReadWrite.PermissionGrant | Admin consent required Yes Display Name Manage consent and permission grant policies Description Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user. |
Policy.ReadWrite.TrustFramework | Admin consent required Yes Display Name Read and write your organization's trust framework policies Description Allows the app to read and write your organization's trust framework policies without a signed in user. |
User.Export.All | Admin consent required Yes Display Name Export user's data Description Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator). |
User.Invite.All | Admin consent required Yes Display Name Invite guest users to the organization Description Allows the app to invite guest users to the organization, without a signed-in user. |