ShareGate Apricot needs access to specific resources from Microsoft to work properly. You need to provide your consent for Apricot to obtain this access.
Note: Security is one of our highest priorities. We comply with industry standards and we have internal policies to ensure your data is protected. Our security overview provides detailed information on these policies.
Index
- Types of required permissions
- Microsoft Graph permissions
- Microsoft 365 SharePoint Online permissions
- Windows Azure Active Directory permissions
Types of permissions
There are two types of permissions the app uses:
- Application permissions - Define what ShareGate Apricot is allowed to do within your tenant independently, without a signed-in user.
- Delegated permissions - Define what ShareGate Apricot is allowed to do within your tenant on behalf of the signed-in user.
Microsoft Graph permissions
Read all groups (delegated)
The app uses the permission to crawl the Outlook activity in order to detect inactive groups.
Read directory data (delegated)
The app uses the permission to validate that the ShareGate Apricot Teams bot is available in the app catalog of a team.
Read items in all site collections (application)
The app uses the permission to detect sites that are linked to Microsoft 365 Groups and to get the properties of external sharing links for your external sharing reviews.
Read and write directory data (application)
The app uses the permission to allow you to change the guest access setting of your groups and modify guests in a group through the app.
Read and write all groups (application)
The app uses the permission to crawl your teams, groups, properties, Owners, Members, Teams' private channels, Teams activity, and Outlook activity.
The permission also allows you to modify the privacy setting and membership of your teams and groups, and to use the app's archive or restore features.
Send mail as any user (application)
The app uses the permission to send email notifications to your Owners via a user account in your environment.
Manage Teams apps for all users (application)
The app uses the permission to read, upgrade, install, and uninstall the ShareGate Apricot Teams bot for any user when required.
Microsoft 365 SharePoint Online permissions
Read items in all site collections (application)
The app uses the permission to crawl SharePoint activity in order to detect inactive teams and groups and to get the properties of external sharing links for your external sharing reviews.
Have full control of all site collections (application)
The app uses the permission to copy the content of the SharePoint sites within your Microsoft 365 Groups (including private channels) to archive them. The permission also allows you to remove external sharing links directly in the application.
Windows Azure Active Directory permissions
Sign in and read user profile (delegated)
The permission is used to validate your Microsoft account when you sign in to ShareGate Apricot (Only Global admins, SharePoint admins, and group admins are allowed to sign in).
Read directory data (application)
The permission is used to validate your Microsoft account when you sign in to ShareGate Apricot (Only Global admins, SharePoint admins, and groups admins are allowed to sign in).