Application

Permission ID Purpose Description
User.EnableDisableAccount.All 3011c876-62b7-4ada-afa2-506cbbecc68c Enable and disable user accounts Allows the app to enable and disable users’ accounts, without a signed-in user.
User.Export.All 405a51b5-8d8d-430b-9842-8be4b0e9f324 Export user’s data Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator).
User.Invite.All 09850681-111b-4a89-9bed-3f2cae46d706 Invite guest users to the organization Allows the app to invite guest users to the organization, without a signed-in user.
User.ManageIdentities.All c529cfca-c91b-489c-af2b-d92990b66ce6 Manage all users’ identities Allows the app to read, update and delete identities that are associated with a user’s account, without a signed in user. This controls the identities users can sign-in with.
User.Read.All df021288-bdef-4463-88db-98f22de89214 Read all users’ full profiles Allows the app to read user profiles without a signed in user.
User.ReadWrite.All 741f803b-c850-494e-b5df-cde7c675a1ca Read and write all users’ full profiles Allows the app to read and update user profiles without a signed in user.

Delegated

Permission ID Purpose Description
User.EnableDisableAccount.All f92e74e7-2563-467f-9dd0-902688cb5863 Enable and disable user accounts Allows the app to enable and disable users’ accounts, on behalf of the signed-in user.
User.Export.All 405a51b5-8d8d-430b-9842-8be4b0e9f324 Export user’s data Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator).
User.Invite.All 63dd7cd9-b489-4adf-a28c-ac38b9a0f962 Invite guest users to the organization Allows the app to invite guest users to the organization, on behalf of the signed-in user.
User.ManageIdentities.All 637d7bec-b31e-4deb-acc9-24275642a2c9 Manage user identities Allows the app to read, update and delete identities that are associated with a user’s account that the signed-in user has access to. This controls the identities users can sign-in with.
User.Read e1fe6dd8-ba31-4d61-89e7-88639da4683d Sign in and read user profile Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
User.Read.All a154be20-db9c-4678-8ab7-66f6cc099a59 Read all users’ full profiles Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
User.ReadBasic.All b340eb25-3456-403f-be2f-af7a0d370277 Read all users’ basic profiles Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo.
User.ReadWrite b4e74841-8e56-480b-be8b-910348b18b4c Read and write access to user profile Allows the app to read your profile. It also allows the app to update your profile information on your behalf.
User.ReadWrite.All 204e0828-b5ca-4ad8-b9f3-f32a958e7cc4 Read and write all users’ full profiles Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.