App registration permissions

  • Last update on September 26th, 2024

Legacy CoreView solutions

An Entra ID app connector is available for owners of legacy CoreView offerings who would like to retain access to this feature. Please contact your CSM to learn more.

 

This report outlines the permissions identified by the app registration creator as necessary for the application's intended functionality.

Please be aware that the permissions listed are the ones required by the app. To see which permissions have been granted, consult the “Service principal delegated permissions” and “Application permissions” reports.

 

Permissions fall into two main categories: application permissions and delegated permissions. Delegated permissions are further divided into admin type, which necessitates admin consent, and user type, where individual user consent is sufficient for app usage.

The report offers a cohesive view by listing specific permissions (found in the “Value” column) that each app (noted in the “App display name” column) has been granted, across identified “Resources”. The goal of this report is to streamline the management of permissions.

Each entry in this report represents a unique combination of an app registration, resource,  and permission, essentially representing one permission per row.

 

In the example below, the “CoreView Graph Management” app needs user consent for sign-in and user data access. Furthermore, it requires six distinct permissions: to read and write directory data, manage all applications, access and modify all users' authentication methods, edit all groups, alter all users' full profiles, and to add or remove members from all channels. These permissions were granted through Microsoft Graph.

A particularly valuable use case for this report is the ability to filter for sensitive permissions, such as Directory.ReadWrite.All. This allows for a quick check to ensure that apps with such permissions are safe and reliable. This report's advantage is its ability to perform this check for all apps in your tenant at once, saving considerable time and effort. In contrast, the Microsoft Admin Center requires permissions to be checked for each app individually.

Multi-permission filter

To search for multiple permissions simultaneously, use the filter in the “Value” column. Simply select the permissions you need from the dropdown menu. This will display tailored results, speeding up your security checks.