How to obtain more details on Graph API Permissions

AndyChou-4617 41 Reputation points


I have a new app registered in Azure AD. I'd like to grant minimum permissions required for the app users to perform their work. Is there a way to get more details on the predefined permissions such as and user.export.all?

For example, delegated permission has description "Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user." What reports does it refer to? sign-in reports?

Another example, user.export.all delegated permission is described as "Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user." What "customer content" and "system-generated logs" does it refer to?

Comparing the above two permissions, can't the user with permission retrieve all users' info and aggregate them offline? If so, how is it different from explicitly granting user.export.all?

I am hoping there is documentation explaining in more details but I could not find it. I wonder if anybody knows..


Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,154 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 85,641 Reputation points MVP

    In this context, "reports" refer to direct reports for the user, i.e. all the people that he is a manager for. As for the "export" permission, this is with relation to the GDPR and similar controls, it's likely not something your app would be using.