Azure AD App Group.ReadWrite.All Delegate Permissions

New Contributor

Hi Team, We are planning to do a tenant to tenant migration.

We had few questions from client that we require confirmation from your side.

1. We have built a console application that connects to Graph APIs, For this we have requested a azure AD app with the below delegate permissions - Group.ReadWrite.All Please can you confirm that. Group.ReadWrite.All Permissions are required to call Graph APIs and add owners to the SharePoint sites and MS Teams to get the inventory like (Number of Lists, Libraries, workflow counts, document count).

2. Also please confirm SP Admin will not have access to SharePoint Group Sites or MS Teams without being added as owner explicitly

3. We also need Group.ReadWrite.All(Delegate Permissions) to use the Graph APIs to Migrate the content from source to Target. We need this access on both Source and Target.

4. For Getting and Migrating One Drive Permission Sharing Setting using latest Graph APIs from Microsoft We need Sites.ReadWrite.All Access as well. Please can you confirm these officially. Also please let us know if you have any alternate approach for the same Regards

0 Replies