Quick Check
— load tenant data without saving anything
App Registration
Required permissions
In API permissions → Add a permission, then Grant admin consent. Microsoft Graph18
| Permission | Admin consent | Usage |
|---|---|---|
AuditLog.Read.All |
Audit log data | |
DeviceManagementConfiguration.Read.All |
Intune configurations | |
DeviceManagementManagedDevices.Read.All |
Intune devices | |
Directory.Read.All |
Directory data | |
offline_access |
Refresh token | |
Organization.Read.All |
Tenant info | |
Policy.Read.All |
Conditional Access | |
Reports.Read.All |
Usage reports | |
RoleManagement.Read.Directory |
Global admins | |
SecurityEvents.Read.All |
Security events | |
SecurityIncident.Read.All |
Defender XDR incidents | |
SharePointTenantSettings.Read.All |
SharePoint settings | |
Sites.Read.All |
SharePoint sites | |
User.Read |
Sign-in profile | |
User.Read.All |
All users | |
UserAuthenticationMethod.Read.All |
MFA / SSPR | |
IdentityRiskyUser.Read.All |
Identity Protection — risky users | |
TeamsTelephoneNumber.Read |
Teams phone numbers (Calling Plan, Direct Routing, Operator Connect) |
1
| Permission | Admin consent | Usage |
|---|---|---|
Exchange.Manage |
Exchange configuration |
2
| Permission | Admin consent | Usage |
|---|---|---|
Alert.Read |
MDE alerts | |
Machine.Read |
MDE devices and endpoints |
Redirect URI (Authentication → Redirect URIs)
https://tenanttoolbeta.m365docs.ch/oauth-callback