Edit

Share via

Extend your app with Microsoft Graph permissions and scopes

  • Article

You can extend your bot and message extension apps by using Microsoft Graph. These permissions can allow app users to view user profile, to read mail, and more. Your app must ask for specific permission scopes to obtain the access tokens on app user's consent.

Graph scopes, such as User.Read or Mail.Read, lets you specify how your app accesses a Teams user's account. You need to specify your scopes in the authorization request.

In this section, you'll learn to Configure API permissions in Microsoft Entra ID.

Configure API permissions in Microsoft Entra ID

You can configure Graph scopes in Microsoft Entra ID as required for your app. Delegated permissions are used by apps that require signed-in access. An app user or administrator who is signed-in must consent to them. Your app can consent on behalf of the signed-in user when it calls Microsoft Graph.

To configure API permissions

  1. Open the app you registered in the Azure portal.

  2. Select Manage > API permissions from the left pane.

    Screenshot shows the API permissions menu option.

    The API permissions page appears.

  3. Select + Add a permission to add Microsoft Graph API permissions.

    Screenshot shows the API permissions page to add a permission.

    The Request API permissions page appears.

  4. Select Microsoft Graph.

    Screenshot shows the Request API permissions page with Microsoft Graph option highlighted.

    The options for Graph permissions display.

  5. Select Delegated permissions to view the list of permissions.

    Screenshot shows the Delegated permissions option highlighted.

  6. Select relevant permissions for your app, and then select Add permissions.

    Screenshot shows the selection of permissions to add.

    You can also enter the permission name in the search box to find it.

    A message appears on the browser stating that the permissions were updated.

    Screenshot shows the permissions updated message.

    The added permissions are displayed in the API permissions page.

    Screenshot shows the configured API permissions.

    You've configured your app with Microsoft Graph permissions.

After you've completed the configuration in Microsoft Entra ID, you must update the code to acquire access token for Microsoft Graph. For more information, see Bot framework SDK.

The app user is prompted to consent for Graph permissions on the first time they use it. After the app user gives consent, the Graph permissions are granted. For more information on Graph API permissions, see permissions and consent.