Microsoft Entra Permissions

  • Published on Dec 21, 2025
  • 2 minute(s) read
Prev Next

imper.ai requires access to specific Microsoft Entra ID and Microsoft Graph API permissions in order to monitor Microsoft Teams meetings, evaluate participant identity, and protect real-time collaboration against impersonation and social-engineering attacks.

This article explains which permissions are required and why they are needed.

How Permissions Are Granted

Permissions are granted during the Microsoft Entra consent flow when an administrator authorizes imper.ai in the Azure / Entra portal.

The permissions are approved at the tenant level and apply across Microsoft Teams and related Microsoft 365 services.

Some permissions require a Global Administrator or Application Administrator role.

Permissions Requested by imper.ai

The following Microsoft Graph permissions are required for imper.ai to monitor and protect services that integrate with your Microsoft Entra identity.

User.Read.All

Type: Application

Used for:

  • Identifying meeting participants

  • Mapping internal users

  • Correlating Teams identities with Entra directory users

User.ReadBasic.All

Type: Application

Used for:

  • Reading basic profile information of all users in the organization

  • Accessing details such as name, email, and profile photo

  • Supporting app features that require minimal user info without full profile access

Group.Read.All

Type: Application

Used for:

  • Identifying Microsoft Teams and group membership

  • Associating meetings with organizational context

Directory.Read.All

Type: Application

Used for:

  • Maintaining alignment with the organization’s Entra directory

  • Detecting newly added or modified users

OnlineMeetings.Read.All

Type: Application

Used for:

  • Detecting Microsoft Teams meetings

  • Retrieving meeting metadata

  • Associating participants with active meetings

Chat.Read.All

Type: Application

Used for:

  • Reading all chat messages in Microsoft Teams

  • Accessing chat content for analysis, search, or processing

  • Supporting features that require visibility into all user chats within the organization

ChatMessage.Send

Type: Application

Used for:

  • Sending chat messages as the signed-in user in Microsoft Teams

  • Enabling app-driven conversations and notifications in chats

  • Supporting automated messaging workflows within Teams

Calendars.Read / Calendars.ReadWrite

Type: Application

Used for:

  • Identifying scheduled meetings

  • Linking calendar invitations to Teams or Zoom sessions

  • Updating or replacing meeting links with secure wrapped versions (when enabled)

Chat.ReadWrite.WhereInstalled

Type: Application

Used for:

  • Reading and sending messages in chats where the app is installed

  • Updating or deleting messages in those chats

  • Enabling app-specific chat interactions and workflows within installed contexts

TeamsActivity.Send

Type: Application

Used for:

  • Sending activity feed notifications to users in Microsoft Teams

  • Informing users about important events, updates, or actions from the app

  • Driving engagement by alerting users directly within Teams

TeamsActivity.Read.All

Type: Application

Used for:

  • Reading all users’ activity feed notifications in Microsoft Teams

  • Tracking app-generated or system notifications for analytics or reporting

  • Monitoring notifications to understand user engagement within Teams

TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All

Type: Application

Used for:

  • Installing or uninstalling Teams apps for the signed-in user in chat contexts

  • Granting consent for apps on behalf of the user in chats

  • Managing app availability and permissions for the user within chats

TeamsAppInstallation.ReadWriteAndConsentForUser.All

Type: Application

Used for:

  • Installing or uninstalling Teams apps on behalf of other users

  • Granting app permissions and consent for other users

  • Managing app availability and access across users in the organization

AuditLog.Read.All

Type: Application

Used for:

  • Reading sign-in and audit logs

  • Supporting security analysis and investigations

  • Detecting anomalous authentication behavior

Chat & Teams Activity permissions

Used for:

  • Monitoring meeting-related activity

  • Delivering imper.ai security notifications

  • Providing contextual alerts in supported workflows

(Exact scope varies depending on enabled features.)

Permissions used by the Microsoft Teams app

When the imper.ai Microsoft Teams app is deployed, additional permissions are granted within the Teams client context.

These permissions allow the app to:

  • Run during live Teams meetings

  • Display verification indicators to protected users

  • Surface security-related information in real time

The Teams app does not access:

  • Audio or video streams

  • Chat content

  • Files or recordings

Security and Privacy Considerations

The permissions requested by imper.ai:

  • Are limited to identity, directory, calendar, and meeting metadata

  • Do not provide access to:

    • Audio or video

    • Chat messages

    • Files or recordings

  • Are used exclusively for:

    • Verification

    • Security monitoring

    • Risk analysis

imper.ai does not modify meetings, user settings, or Microsoft 365 data.

Verification results and risk indicators are visible only to authorized administrators and protected users.

Reviewing or Revoking Permissions

Administrators can review or revoke imper.ai permissions at any time from the Microsoft Entra Admin Center.

Revoking permissions disables Microsoft Teams meeting protection until the integration is reconnected.

Related articles