Microsoft 365 admin account
The Microsoft 365 admin account must grant consent for Condeco to use User.Read and Calendars.ReadWrite however, an Application Access Policy can be configured to allow or deny access to specific Microsoft Outlook calendars.
Learn more about configuring an Application Access Policy at Microsoft https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access.
It is a requirement that the Microsoft 365 admin account grants consent to access the user calendars defined by the Application Access Policy, however, Condeco only subscribes to the calendars of users who have authorized this via the Condeco Outlook Add-in.
Accepting permissions
During the onboard process, you are prompted to grant the Microsoft 365 admin account access to the Condeco Token Provider application that uses Microsoft Graph:
| Description | Permission Type | Reason | |
|---|---|---|---|
| User.Read | Sign in and read user account. | Delegated | Required to read the Exchange Admin’s identity and tenant information during the consent flow. |
| User.Read.All | Read a user's full account. | Application | Required to fetch a user's complete profile (including GUID identifiers) which can be used while making a subscription. |
| Calendars.ReadWrite | Read and write calendars in all mailboxes. | Application | Required to read and update events within users’ calendars. |