Microsoft Teams scopes for Mio for internal teams
We never ask for more than the bare minimum scopes necessary
Jennifer Jin avatar
Written by Jennifer Jin
Updated over a week ago

Mio is making cross platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us.

Mio securely integrates with your messaging platforms and never stores messages or files. Download our security white paper in our security center for more details.

We never require more permissions than necessary to make Mio function as intended.


Application scopes requested by Mio for Connect Platforms

Scope

Description

Use case

AppCatalog.Read.All

Read all app catalogs

Allows Mio to check if the application is installed in the app catalog.

Channel.ReadBasic.All

Read the names and descriptions of all channels

Allows Mio to import all the channels from selected Teams.

Channel.Create

Create channels

Allows Mio to create channels in selected Teams.

ChannelMessage.Read.All

Read all channel messages

Allows Mio to read all connected channel messages .

Chat.Read.All

Read all chat messages

Allows Mio to read all connected DM and group chat messages.

ChatMember.ReadWrite.All

Add and remove members from all chats

Allows Mio to add new members to an existing DM or group chat.

Chat.Create

Create chats

Allows Mio to create new DM's and group chats.

Sites.ReadWrite.All

Read items in all site collections and upload files

Allows Mio to fetch files and upload in channels

GroupMember.Read.All

Read all group memberships

Allows Mio to read group membership to keep channel membership rosters up to date.

Team.ReadBasic.All

Get a list of all teams

Allows Mio to show all the Teams when connecting the platform so the user can select which teams they would like to import.

GroupMember.ReadWrite.All

Read and write all group memberships

Allows Mio to add new members to the selected Team.

Team.Create

Create teams

Allows Mio to create new Teams (Groups).

Organization.Read.All

Read organization information

Allows Mio to read your organization details to set up the account.

User.ReadWrite.All

Read and write all users' full profiles

Allows Mio to read basic information (email, name and avatar) about users in selected Teams.

TeamsAppInstallation.ReadWriteForUser.All

Manage Teams apps for all users

Allows Mio to install the app to a user so that Mio can send messages (prompts) to the user.

Group.Read.All

Read and write all groups

Allows Mio to create a subscription to group changes

TeamsAppInstallation.ReadWriteForTeam.All

Manage Teams apps for all teams

Allows Mio to install/uninstall the app from Teams

ChannelMember.ReadWrite.All

Allow Mio to list the members of a channel and add new members


Delegated scopes requested by Mio for User Sync

Scope

Description

Use case

Chat.ReadWrite

Read and write user chat messages

Allows Mio to send/edit and soft delete messages as the signed in user in DM's and group chats.

ChannelMessage.Send

Send channel messages

Allows Mio to send messages as the signed in user in channels.

ChannelMessage.ReadWrite

Read and write user channel messages

Allows Mio to edit and soft delete messages in channels.

Team.ReadBasic.All

Read the names and descriptions of teams

Allows Mio to get a list of joined Teams for the signed in user.

Files.ReadWrite

Have full access to user files

Allows Mio to upload a file on behalf of the signed in user and send an invitation to another user.

User.Read

Sign in and read user profile

Allows Mio to access the signed in users profile for identification purposes.

offline_access

Maintain access to data you have given it access to

Allows Mio to keep the access token refreshed after successful authentication


Frequently asked questions

Why does Mio need User.ReadWrite.All?

To enable cross platform direct messaging, Mio syncs a user's primary account with their secondary account. For example, Dave uses Webex and even though he has an account on Microsoft Teams he doesn't use. Mio will sync Dave's Webex account to his Microsoft Teams account and whenever he posts a message on Slack, Mio will post an exact copy of that message in Microsoft Teams using his Microsoft Teams account.

If Dave ever updates his avatar or wants to update his display name to David, Mio will use the User.ReadWrite.All scope to update his account in Microsoft Teams.

Why does Mio need to read all files that I have access to?

When a file is uploaded in Microsoft Teams it's stored in shared Sharepoint folders. The Mio app needs to access these specific Sharepoint files in order to successfully send the file to Slack and Webex.

At this time, this permission is the least privileged scope that Microsoft offers.


If you have any questions regarding security for Mio, please reach out to our team via the chat bot in the bottom right corner of your page.

Did this answer your question?