User & Groups SyncUser & Groups Sync
Try For Free

Azure AD - Microsoft Graph API minimum permission

Is there a working alternative to Directory.Read.All (MS Graph API Permission)?

Yes, the minimum requirement to make User Sync work is Group.Read.All and User.Read.All. Please keep in mind, the suggested setup in the setup guides ensures that all features and future additions to User Sync will work without customers having to change their Azure configuration.

It could be that in future versions new features will not work, because they may require additional API permissions. Please check our documentation / release notes for further details.

Can I use GroupMember.Read.All instead of Group.Read.All?

Instead of Group.Read.All we have customers, who are using GroupMember.Read.All. Based on the Microsoft documentation, there is the following difference between both (Application Permission)

Group.Read.All

GroupMember.Read.All

Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user.

Allows the app to read memberships and basic group properties for all groups without a signed-in user.

However, it could be that in future versions new features will not work, because they may require additional API permissions. Please check our documentation / release notes for further details.

Knowing Limitations

  • Profile Picture will only work if the permission is set to Directory.Read.All and User.Read.All.

This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other