Azure Active Directory Graph
| Permission Type | Type | Description | Admin Consent Required? |
| Application.ReadWrite.All | Application | Read and write all applications | Yes |
| Application.ReadWrite.Owned | Application | Manage apps that this app creates or owns | Yes |
| Device.ReadWrite.All | Application | Read and write devices | Yes |
Directory.AccessAsUser.All | Delegated | Access your organization's directory | Yes |
| Directory.Read.All | Delegated | Read directory data | Yes |
| Directory.Read.All | Application | Read directory data | Yes |
| Directory.ReadWrite.All | Delegated | Read and write directory data | No |
Directory.ReadWrite.All | Application | Read and write directory data | Yes |
| Domain.ReadWrite.All | Application | Read and write domains | Yes |
| Group.Read.All | Delegated | Read all groups | Yes |
| Group.ReadWrite.All | Delegated | Read and write all groups | Yes |
| Member.Read.Hidden | Delegated | Read hidden memberships | Yes |
| Member.Read.Hidden | Application | Read all hidden memberships | Yes |
| User.Read | Delegated | Enable sign-on and read user's profiles | No |
| User.Read.All | Delegated | Read all users' full profiles | Yes |
| User.ReadBasic.All | Delegated | Read all users' basic profiles | No |
Microsoft Graph
| Permission Name | Type | Description | Admin Consent Required? |
| Application.ReadWrite.Owned | Application | Manage apps that this app creates or owns | Yes |
| Calendars.Read | Application | Read calendars in all mailboxes | Yes |
| Calendars.ReadWrite | Application | Read and write calendas in all mailboxes | Yes |
| Contacts.Read | Application | Read contacts in all mailboxes | Yes |
| Contacts.ReadWrite | Application | Read and write contacts in all mailboxes | Yes |
| Device.ReadWrite.All | Application | Read and write devices | Yes |
| DeviceManagementConfiguration.Read.All | Application | Read Microsoft Intune device configuration and policies | Yes |
| DeviceManagementConfiguration.ReadWrite.All | Application | Read and write Microsoft Intune device configuration and policies | Yes |
| DeviceManagementManageDevices.PrivilegedOperations.All | Application | Perform user-impacting remote actions on Microsoft Intune devices | Yes |
| DeviceManagementManageDevices.Read.All | Application | Read Microsoft Intune devices | Yes |
| DeviceManagementManageDevices.ReadWrite.All | Application | Read and write Microsoft Intune devices | Yes |
| Directory.Read.All | Application | Read directory data | Yes |
| Directory.ReadWrite.All | Application | Read and write directory data | Yes |
| Domain.ReadWrite.All | Application | Read and write domains | Yes |
| Files.Read.All | Application | Read files in all site collections | Yes |
| Files.ReadWrite.All | Application | Read and write files in all site collections | Yes |
| Groupd.Read.All | Application | Read all groups | Yes |
| Group.ReadWrite.All | Application | Read and write all groups | Yes |
| Mail.Read | Application | Read main in all mailboxes | Yes |
| Mail.ReadWrite | Application | Read and write main in all mailboxes | Yes |
| Mail.Send | Application | Send mail as any user | Yes |
| MailboxSettings.Read | Application | Read all user mailbox settings | Yes |
| MailboxSettings.ReadWrite | Application | Read and write all user mailbox settings | Yes |
| Member.Read.Hidden | Application | Read all hidden memberships | Yes |
| Notes.Read.All | Application | Read all OneNote notebooks | Yes |
| Notes.ReadWrite.All | Application | Read and write all OneNote notebooks | Yes |
| OnlineMeetings.Read.All | Application | Read online meeting details | Yes |
| OnlineMeetings.ReadWrite.All | Application | Read and create online meetings | Yes |
| People.Read.All | Application | Read all users' relevant people lists | Yes |
| Reports.Read.All | Delegated | Read all usage reports | Yes |
| Reports.Read.All | Application | Read all usage reports | Yes |
| Sites.FullControl.All | Application | Have full control of all site collections | Yes |
| Sites.Manage.All | Application | Create, edit, and delete items and lists in all site collections | Yes |
| Sites.Read.All | Application | Read items in all site collections | Yes |
| Sites.ReadWrite.All | Application | Read and write items in all site collections | Yes |
| User.Invite.All | Application | Invite guest users to the organization | Yes |
| User.Read.All | Application | Read all users' full profiles | Yes |
| User.ReadWrite.All | Application | Read and write all users' full profiles | Yes |
Office 365 Exchange Online
| Permission Type | Type | Description | Admin consent required? |
| Exchange.ManageAsApp | Application | Manage Exchange As Application | Yes |
