Mio is making cross platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us.

Mio securely integrates with your messaging platforms and never stores messages or files. Download our security white paper in our security center for more details.

We never require more permissions than necessary to make Mio function as intended.

  1. Application scopes requested by Mio for Connect Platforms

  2. Delegated scopes requested by Mio for User Sync


Application scopes requested by Mio for Connect Platforms

Scope

Permission

Use case

Channel.ReadBasic.All

Retrieve the list of channels in the team

ChannelMessage.Read.All

Read all channel messages

To create the subscriptions to get the messages from a Microsoft Teams channel that will post to the other platforms

Chat.Create

Create chats

To allow Mio to create a direct message or group chat from the Mio bot to the end user.

Chat.Read.All

Read all chat messages

To create the subscriptions to get the messages from a Microsoft Teams direct message or group chat that will post to other platforms.

ChatMember.ReadWrite.All

Add and remove members from all chats

To invite the appropriate users when Mio creates a synced group chat

Files.ReadWrite.All

Read and write files in all site locations

To allow Mio to read files posted into channels and to upload files into a channel.

Group.ReadWrite.All

Read and write all groups

To allow Mio to read data about a Group and allow Mio to create Groups.

Organization.Read.All

Read organization information

To gather information about your organization like its name and ID

Team.Create

Create teams

To allow Mio to create a new Team within AAD.

User.Read.All

Read all users' full profiles

To allow Mio to read user information for identification purposes.

User.ReadWrite.All

Read and write all users' full profiles

To allow Mio to see all information about users in their tenant, so we can match them with the bot/users on other platforms

TeamsAppInstallation.ReadWrite

Add app to a team


Delegated scopes requested by Mio for User Sync

Scope

Permission

Use case

ChannelMessage.Send

Send a new chat message in the specified channel or a chat

ChannelMessage.ReadWrite

Read and write user channel messages

Chat.Create

Create chats

To allow Mio to create a group chat when a Teams user's secondary account is invited into a group chat on another platform.

Chat.ReadWrite

Read and write user chat messages

To allow the Mio app to send messages as the Guest user in a regular Teams direct message and group chat

ChatMember.ReadWrite

Add and remove members from chats

To invite the appropriate users when Mio creates a synced group chat

Files.ReadWrite

Have full access to user files

To allow the Mio app to post files and images across platforms as the Guest user

Sites.ReadWrite.All

Edit or delete items in all site collections

To allow the Mio app to post files and images across platforms as the Guest user

Team.ReadBasic.All

Read the names and descriptions of teams

To allow Mio to know which Teams a Guest user has been added to.

User.Read

Sign in and read user profile

To allow users to sign in to the Mio app with their Teams account

offline_access

Maintain access to data you have given it access to

To allow Mio to maintain access to the above permissions over time (does not grant additional permissions)


Frequently asked questions

Why does Mio need User.ReadWrite.All?

To enable cross platform direct messaging, Mio syncs a user's primary account with their secondary account. For example, Dave uses Webex and even though he has an account on Microsoft Teams he doesn't use. Mio will sync Dave's Webex account to his Microsoft Teams account and whenever he posts a message on Slack, Mio will post an exact copy of that message in Microsoft Teams using his Microsoft Teams account.

If Dave ever updates his avatar or wants to update his display name to David, Mio will use the User.ReadWrite.All scope to update his account in Microsoft Teams.

Why does Mio need Group.ReadWrite.All?

Mio has an administrative hub that is used by customers to sync channels. One use case is to sync an existing channel in Webex to a channel that does not yet exist in Microsoft Teams. For example, Dave wants to sync the #engineering channel in Webex over to Microsoft Teams, but an engineering channel does not yet exist in Microsoft Teams. Mio uses Group.ReadWrite.All to create the engineering channel in Microsoft Teams and then syncs it with the #engineering channel in Webex. This is the only scope that allows the Mio app to create a channel inside of a Team.

Why does Mio need to read all files that I have access to?

When a file is uploaded in Microsoft Teams it's stored in shared Sharepoint folders. The Mio app needs to access these specific Sharepoint files in order to successfully send the file to Slack and Webex.

At this time, this permission is the least privileged scope that Microsoft offers.


If you have any questions regarding security for Mio, please reach out to our team via the chat bot in the bottom right corner of your page.

Did this answer your question?