Enterprise Application permission request

JM 1 Reputation point
2023-11-30T14:02:22.61+00:00

Below is a snip of a user permission request. What I am trying to determine is whether it applies to ONLY the users mailbox or if it is tenant wide permission. From the permission descriptions, it looks like it is for anyone in the organization.

User's image

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,398 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 100.1K Reputation points MVP
    2023-11-30T16:23:29.97+00:00

    It's hard to tell from that screen (a common feedback we leave to MS folks), but you can take a look at the original URL that triggered the prompt. It should list all the scopes the app is asking for, for example:

    scope=Mail.Send+openid+profile+offline_access

    which you can then search against the Graph permissions reference document: https://learn.microsoft.com/en-us/graph/permissions-reference

    In this case, the app seems to be requesting delegate (so not tenant-wide) Mail.Send and Mail.ReadWrite permissions. It will only have access to the user's mailbox.

    0 comments No comments

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more