Permissions
Easy Calling requires three separate app registrations within your tenant to ensure functionality and security:
Easy Calling: This primary app handles the core functionalities, enabling the display of your call directly within Microsoft Teams.
Easy Calling Configuration: To enhance security, a second app registration with elevated permissions is used to change the users configuration
Easy Platform Configuration Center: To enhance security, a third app registration with elevated permissions is used for configuration tasks.
Easy Calling
Calls.JoinGroupCall.All
Allows the app to join group calls and scheduled meetings in your organization, without a signed-in user. The app will be joined with the privileges of a directory user to meetings in your organization.
Presence.Read.All
Allows the app to read presence information of all users in the directory without a signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Calls.InitiateGroupCall.All
Allows the app to place outbound calls to multiple users and add participants to meetings in your organization, without a signed-in user.
TeamsActivity.Send
Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies.
Calls.JoinGroupCallAsGuest.All
Allows the app to anonymously join group calls and scheduled meetings in your organization, without a signed-in user. The app will be joined as a guest to meetings in your organization.
CallEvents.Read.All
Allows the app to read call event information for all users in your organization, without a signed-in user.
User.Read.All
Allows the app to read user profiles without a signed in user.
ChannelMember.Read.All
Read the members of all channels, without a signed-in user.
Calls.AccessMedia.All
Allows the app to get direct access to media streams in a call, without a signed-in user.
Calls.Initiate.All
Allows the app to place outbound calls to a single user and transfer calls to users in your organization’s directory, without a signed-in user.
ChannelMember.Read.All
Read the members of channels, on behalf of the signed-in user.
Contacts.ReadWrite
Allows the app to create, read, update, and delete user contacts.
Mail.Send
Allows the app to send mail as users in the organization.
Presence.Read.All
Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location.
Tasks.ReadWrite
Allows the app to create, read, update, and delete the signed-in user's tasks and task lists, including any shared with the user.
User.Read
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
User.Read.All
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
Tasks.Read
Allows the app to read the signed-in user’s tasks and task lists, including any shared with the user. Doesn't include permission to create, delete, or update anything.
openid
Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
profile
Allows the app to see your users' basic profile (e.g., name, picture, user name, email address)
offline_access
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
Easy Calling Configuration
Channel.ReadBasic.All
Read all channel names and channel descriptions, without a signed-in user.
Team.ReadBasic.All
Read the names and descriptions of teams, on behalf of the signed-in user.
User.Read
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
openid
Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
profile
Allows the app to see your users' basic profile (e.g., name, picture, user name, email address)
offline_access
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions
Group.Read.All
Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.
User.Read.All
Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
User.ReadBasic.All
Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.
Channel.ReadBasic.All
Read channel names and channel descriptions, on behalf of the signed-in user.
Tasks.ReadWrite
Allows the app to create, read, update, and delete the signed-in user's tasks and task lists, including any shared with the user.
user_impersonation
Access Microsoft Teams and Skype for Business data based on the user's role membership
Easy Platform Configuration Portal App
User.Read
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
Application.Read.All
Allows the app to read applications and service principals on behalf of the signed-in user.
openid
Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.
profile
Allows the app to see your users' basic profile (e.g., name, picture, user name, email address)
offline_access
Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions.
Last updated