Microsoft 365 admin account
The Microsoft 365 admin account must grant consent for Condeco to use User.Read and Calendars.ReadWrite however, an Application Access Policy can be configured to allow or deny access to specific Microsoft Outlook calendars.
Learn more about configuring an Application Access Policy at Microsoft https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access.
It is a requirement that the Microsoft 365 admin account grants consent to access the user calendars defined by the Application Access Policy, however, Condeco only subscribes to the calendars of users who have authorized this via the Condeco Outlook Add-in.
Accepting permissions
During the onboard process, you are prompted to grant the Microsoft 365 admin account access to the Condeco Token Provider application that uses Microsoft Graph:
|
Description |
Permission Type |
Reason |
---|---|---|---|
User.Read | Sign in and read user account. | Delegated | Required to read the Exchange Admin’s identity and tenant information during the consent flow. |
User.ReadBasic.All | Read the basic profile details of all users[User.ReadBasic.All] | Application | Required to get a user’s basic details (including GUID identifiers) which is used when subscribing. |
Calendars.ReadWrite | Read and write calendars in all mailboxes. | Application | Required to read and update events within users’ calendars. |