Delegated App
When you create an app profile for the Delegated app, the IBM® Storage Protect for Cloud Delegated App will be automatically setup up in your Microsoft Entra ID. Refer to the following sections to see the delegated permissions that should be accepted when you authorize the IBM Storage Protect for Cloud Delegated App .
IBM Storage Protect for Cloud Azure VMs and Storage
| API | Permission | Purpose |
|---|---|---|
| Azure Service Management | user_impersonation (Access Azure Service Management as organization users [preview]) |
Allows the application to access Azure Service Management as you. |
IBM Storage Protect for Cloud Microsoft™ 365
When consenting to the IBM Storage Protect for Cloud Microsoft 365 delegated app profile, the consent user must have the Microsoft 365 Global Administrator role. For details, refer to the Required Permissions of Microsoft Delegated App section in the IBM Storage Protect for Cloud Microsoft 365 user guide.
| API | Permission | Purpose |
|---|---|---|
| Microsoft Graph | openid (S ign users in) |
Allows to authenticate users by retrieving their consent. |
profile (View users’ basic profile) |
Retrieves users’ profile information. | |
offline_access (Maintain access to data you have given it access to) |
Maintains access over an extended period without requiring the user to re-authorize frequently | |
Group.ReadWrite.All (Read and write all groups) |
Retrieves the conversation thread. |
|
ChannelMessage.Send (Send channel messages) |
Sends messages to channels in Microsoft Teams. | |
TeamMember.ReadWrite.All (Add and remove members from teams) |
Adds members to Microsoft Teams. | |
ChannelMember.ReadWrite.All (Add and remove members from channels) |
Adds members to channels in Microsoft Teams. | |
Directory.Read.All (Read directory data) |
Retrieves the profile and domain information of all users in your Microsoft 365 tenant. | |
| Power BI Services | Tenant.ReadWrite.All (Read and write all content in tenant) |
Retrieves the workspaces and backs up, or adds users to a workspace. |
Workspace.ReadWrite.All (Read and write all workspaces) |
Gets and restores workspaces | |
Capacity.Read.All (View all capacities) |
Retrieves capacities (including multi-geo) | |
Report.ReadWrite.All (Read and write all reports) |
Performs backup for reports. | |
Dataset.ReadWrite.All (Read and write all datasets) |
Performs backup and restore for reports. | |
| PowerApps Service | User (Access the PowerApps Service API) |
Retreives information on Cloud Flows in Power Automate. |
| Dynamics CRM |
user_impersonation (Access Common Data Service as organization users) |
Retreives information on Desktop Flows and Business Process Flows in Power Automate. |