ShareGate Apricot needs access to specific resources from Microsoft to work properly. You need to provide your consent for the app to obtain this access.
Note: Security is one of our highest priorities. We comply with industry standards and we have internal policies to ensure your data is protected. Our Security overview article provides detailed information on these policies.
Index
Types of permissions
The app uses 2 types of permissions. Application permissions define what ShareGate Apricot is allowed to do within your tenant independently, without a signed-in user, while delegated permissions define what ShareGate Apricot is allowed to do within your tenant on behalf of the signed-in user.
Microsoft Graph
Application permissions
- Read items in all site collections - The app uses the permission to detect sites that are linked to Microsoft 365 Groups and to get the properties of external sharing links for your external sharing reviews.
- Read and write directory data - The app uses the permission to allow you to change the guest access setting of your groups and modify guests in a group through the app.
- Read and write all groups - The app uses the permission to crawl your teams, groups, properties, owners, members, Teams' private channels, Teams activity, and Outlook activity. The permission also allows you to modify the privacy setting and membership of your teams and groups, and to use the app's archive or restore features.
- Send mail as any user - The app uses the permission to send email notifications to your owners via a user account in your environment.
- Manage Teams apps for all users - The app uses the permission to read, upgrade, install, and uninstall the ShareGate Apricot Teams bot for any user when required.
Delegated permissions
- Read all groups - The app uses the permission to crawl the Outlook activity in order to detect inactive groups.
- Read directory data - The app uses the permission to validate that the ShareGate Apricot Teams bot is available in the app catalog of a team.
Microsoft 365 SharePoint online
Application permissions
- Have full control of all site collections - The app uses the permission to copy the content of the SharePoint sites within your Microsoft 365 Groups (including private channels) to archive them. The permission also allows you to remove external sharing links directly in the application.
- Read items in all site collections - The app uses the permission to crawl SharePoint activity in order to detect inactive teams and groups and to get the properties of external sharing links for your external sharing reviews.
Windows Azure Active Directory
Application permissions
- Read directory data - The permission is used to validate your Microsoft account when you sign in to ShareGate Apricot (Only global admins, SharePoint admins, and groups admins are allowed to sign in).
Delegated permissions
- Sign in and read user profile - The permission is used to validate your Microsoft account when you sign in to ShareGate Apricot (Only global admins, SharePoint admins, and group admins are allowed to sign in).