My client is granting full access but I am getting less perms in my azure ad app.

Anns 61 Reputation points
2023-04-12T17:26:08.8433333+00:00

I have set up Oauth flow in my Office 365 app and I have added the following permissions to my app.

  • AuditLog.Read.All
  • DeviceManagementManagedDevices.Read.All
  • Files.Read.All
  • Mail.Read (Application)
  • Mail.Read
  • Mail.Read.Shared
  • offline_access
  • Reports.Read.All
  • SecurityEvents.Read.All
  • SecurityEvents.ReadWrite.All
  • User.Read
  • User.Read.All
  • UserAuthenticationMethod.Read.All
  • When I get the client's consent, my client provides all perms authorizations but I only get these perms in my list. Due to this, I am unable to fetch my client's all mailboxes to work on. What could be the solution?
  • AuditLog.Read.All
  • DeviceManagementManagedDevices.Read.All
  • Files.Read.All
  • offline_access
  • Reports.Read.All
  • SecurityEvents.Read.All
  • SecurityEvents.ReadWrite.All
  • User.Read
  • User.Read.All
  • UserAuthenticationMethod.Read.All
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,819 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 96,836 Reputation points MVP
    2023-04-12T17:30:39.2166667+00:00

    There are two different types of permissions you can set: Delegate permissions, which require a user context, and Application permissions, which run in the context of application/service principal. When you obtain an access token, only one set of permissions will be returned, depending on the authentication flow used. I.e., if you are using any user-centric auth flow, only Delegate permissions will be included in the token. If you are using the client credentials flow (logging via client secret or certificate) only application permissions will be included.