Extend your app with Microsoft Graph permissions and scopes
You can extend your bot and message extension apps by using Microsoft Graph. These permissions can allow app users to view user profile, to read mail, and more. Your app must ask for specific permission scopes to obtain the access tokens on app user's consent.
Graph scopes, such as User.Read
or Mail.Read
, lets you specify how your app accesses a Teams user's account. You need to specify your scopes in the authorization request.
In this section, you'll learn to Configure API permissions in Microsoft Entra ID.
Configure API permissions in Microsoft Entra ID
You can configure Graph scopes in Microsoft Entra ID as required for your app. Delegated permissions are used by apps that require signed-in access. An app user or administrator who is signed-in must consent to them. Your app can consent on behalf of the signed-in user when it calls Microsoft Graph.
To configure API permissions
Open the app you registered in the Azure portal.
Select Manage > API permissions from the left pane.
The API permissions page appears.
Select + Add a permission to add Microsoft Graph API permissions.
The Request API permissions page appears.
Select Microsoft Graph.
The options for Graph permissions display.
Select Delegated permissions to view the list of permissions.
Select relevant permissions for your app, and then select Add permissions.
You can also enter the permission name in the search box to find it.
A message appears on the browser stating that the permissions were updated.
The added permissions are displayed in the API permissions page.
You've configured your app with Microsoft Graph permissions.
After you've completed the configuration in Microsoft Entra ID, you must update the code to acquire access token for Microsoft Graph. For more information, see Bot framework SDK.
The app user is prompted to consent for Graph permissions on the first time they use it. After the app user gives consent, the Graph permissions are granted. For more information on Graph API permissions, see permissions and consent.