I have a new app registered in Azure AD. I'd like to grant minimum permissions required for the app users to perform their work. Is there a way to get more details on the predefined permissions such as user.read.all and user.export.all?
For example, user.read.all delegated permission has description "Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user." What reports does it refer to? sign-in reports?
Another example, user.export.all delegated permission is described as "Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user." What "customer content" and "system-generated logs" does it refer to?
Comparing the above two permissions, can't the user with user.read.all permission retrieve all users' info and aggregate them offline? If so, how is it different from explicitly granting user.export.all?
I am hoping there is documentation explaining in more details but I could not find it. I wonder if anybody knows..