Skip to content
English
Go to Qooper Homepage
  • There are no suggestions because the search field is empty.

Outlook and Teams Integration Permission Scopes

Qooper leverages only delegated permissions—meaning it acts on behalf of an authenticated user and only within that user’s allowed scope. It does not access data outside what the user can already reach. Access is constrained to the privileges of the signed-in user and does not provide independent or elevated access.

These permissions are scoped to required functionality—Qooper only requests what is necessary for calendar syncing and meeting coordination. By default, Qooper’s permissions do not include access to user mailboxes or email content. This reduces risk exposure and supports compliance requirements.

Outlook Permissions

  1. Scope Name: openid
    • Description: Allows users to sign in to the app with their work or school accounts and provides basic user profile information.
    • Type: Delegated
    • Purpose: Ensures seamless user authentication and secure platform access.
  2. Scope Name: User.Read
    • Description: Enables users to sign in and allows the app to read their profile and basic organizational information.
    • Type: Delegated
    • Purpose: Supports user identification and basic personalization within the app.
  3. Scope Name: email
    • Description: Allows the app to read users' primary email addresses.
    • Type: Delegated
    • Purpose: Facilitates communication, notifications, and effective mentor-mentee interactions via email.
  4. Scope Name: Calendars.Read.Shared
    • Description: Permits the app to read events in calendars accessible to the user, including shared and delegated calendars.
    • Type: Delegated
    • Purpose: Supports scheduling meetings, tracking events, and managing calendar activities for mentors and mentees.
  5. Scope Name: Calendars.ReadWrite
    • Description: Allows the app to create, read, update, and delete events in user calendars.
    • Type: Delegated
    • Purpose: Manages mentoring schedules, sets up meetings, and ensures timely interactions.
  6. Scope Name: OnlineMeetings.ReadWrite
    • Description: Enables the app to create and read online meetings on behalf of the signed-in user.
    • Type: Delegated
    • Purpose: Organizes virtual mentoring sessions, facilitates online meetings, and enhances remote mentorship experiences.

Microsoft Teams Permissions

  1. Scope Name: OnlineMeetings.ReadWrite
    • Description: Allows the application to create and read online meetings on behalf of the signed-in user.
    • Type: Delegated
    • Purpose: Facilitates the organization of virtual mentoring sessions and online meetings between mentors and mentees, enhancing remote mentorship experiences.
  2. Scope Name: Group.Read.All
    • Description: Allows the application to read Microsoft 365 group properties, membership, and associated content (e.g., conversations, files, calendars) accessible to the signed-in user.
    • Type: Delegated
    • Purpose: Used in a limited manner for configuration and retrieval of group-related metadata required by the application.
  3. Scope Name: Channel.ReadBasic.All
    • Description: Allows the application to read channel names and descriptions for teams the signed-in user has access to.
    • Type: Delegated
    • Purpose: Used for configuration and selection of available channels.
  4. Scope Name: ChannelMessage.Send
    • Description: Allows the application to send channel messages in Microsoft Teams on behalf of the signed-in user.
    • Type: Delegated
    • Purpose: Facilitates communication within specific channels, enabling information sharing, updates, and discussions.

  • Additional Notes

    • Permissions requiring administrative consent are explicitly approved by tenant administrators prior to use.

    • No access is granted to user mailboxes or email content.

    • All access is limited to the context of the signed-in user and is subject to existing organizational security controls and policies.

  • Admin Consent Considerations

    • The integration uses delegated permissions only via Microsoft Graph and does not request or use application-level (app-only) permissions.

    • Permissions that may require administrative consent include: Group.Read.All, Channel.ReadBasic.All, and ChannelMessage.Send, depending on tenant configuration.

    • All access occurs in the context of a signed-in user and is limited to data the user is authorized to access; no independent or tenant-wide background access is performed, and no offline access occurs without user interaction.

    • Administrators retain full control and can revoke consent at any time through the Microsoft Entra ID (Azure AD) portal, which revokes the application’s access.

References