Go to Mio
All Collections
Use Microsoft Teams to chat with cross-platform internal teams
Guides for admins
Microsoft Teams scopes for Mio for internal teams

Microsoft Teams scopes for Mio for internal teams

We never ask for more than the bare minimum scopes necessary
Jennifer Jin avatar
Written by Jennifer Jin
Updated over a week ago

Mio is making cross platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us.

Mio securely integrates with your messaging platforms and never stores messages or files. Download our security white paper in our security center for more details.

We never require more permissions than necessary to make universal channels function as intended.

Jump to...

Scopes requested by Mio during sign up process

Mio requests the following delegated scopes to access the Microsoft graph APIs.

Scope name

Scope type

Permission & description

Use case

Sign you in and read your profile

Delegated

User.Read - Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.

To populate your account information for Mio

Maintain access to data you have given it access to

Delegated

offline_access - Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.

To allow Mio to maintain access to the above permissions over time (does not grant additional permissions)

Scopes requested by Mio if you are a Teams admin and for Connect Platforms

These are the same scopes requested if you are using Connect Platforms to sync your organization's internal teams.

* Mio will not require this scope if your organization is using Account Sync or Guest Account Sync.

Scope name

Scope type

Permission & Description

Use Case

Send channel messages

Delegated

ChannelMessage.Send - Allows an app to send channel messages in Microsoft Teams, on behalf of the signed-in user.

To allow the Mio app to send messages as the Guest user in a regular Teams channel

Read user channel messages

Delegated

ChannelMessage.Read.All - Allows an app to read a channel's messages in Microsoft Teams, on behalf of the signed-in user.

To create the subscriptions to get the messages from a Microsoft Teams channel that will post to the other platforms

Read and write user chat messages

Delegated

Chat.ReadWrite - Allows an app to read and write 1 on 1 or group chats threads, on behalf of the signed-in user.

To allow the Mio app to send messages as the Guest user in a regular Teams direct message and group chat

Sign in and read user profile

Delegated

User.Read - Allows you to sign in to the app with your organizational account and let the app read your profile. It also allows the app to read basic company information.

To allow users to sign in to the Mio app with their Teams account

Have full access to user files

Delegated

Files.ReadWrite - Allows the app to read, create, update and delete the signed-in user's files

To allow the Mio app to post files and images across platforms as the Guest user

Edit or delete items in all site collections

Delegated

Sites.ReadWrite.All - Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user.

To allow the Mio app to post files and images across platforms as the Guest user

Read the names and descriptions of teams

Delegated

Team.ReadBasic.All - Read the names and descriptions of teams, on behalf of the signed-in user

To allow Mio to know which Teams a Guest user has been added to.

Read user channel messages

Delegated

Channel.ReadBasic.All - Read channel names and channel descriptions, on your behalf.

To allow Mio to read the names of your channels, so you can convert them into universal channels

Read directory data

Delegated

Directory.Read.All - Allows the app to read data in your organization's directory, such as users, groups and apps.

To allow Mio to retrieve user roles so we know if someone is a Teams admin or not

Manage installed Teams apps in teams*

Delegated

TeamsAppInstallation.ReadWriteForTeam - Allows the app to read, install, upgrade, and uninstall Teams apps in teams you can access. Does not give the ability to read application-specific settings.

To make Mio accessible in all teams within your organization, so you don't have to individually add Mio to each team

Manage user’s installed Teams apps*

Delegated

TeamsAppInstallation.ReadWriteForUser - Allows the app to read, install, upgrade, and uninstall Teams apps installed for you. Does not give the ability to read application-specific settings.

To allow Mio to install bot users/apps to Teams, or install apps for different users

Read and write all users' full profiles

Delegated

User.ReadWrite.All - Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on your behalf.

To allow Mio to see all information about users in their tenant, so we can match them with the bot/users on other platforms

Read user chat messages

Delegated

Chat.Read - Allows the app to read your 1 on 1 or group chat messages in Microsoft Teams, on your behalf.

To deliver messages to other chat platforms like Slack or Webex

Read and write all groups

Delegated/Application

Group.ReadWrite.All - Allows the app to create groups and read all group properties and memberships on your behalf.

To manage and update group content for groups you are a member of

Read all groups

Delegated

Group.Read.All - Allows the app to read all groups you can access.

To subscribe to changes that happen in specific groups/Teams

Read all files that user can access

Delegated

Files.Read.All - Allows the app to read all files you can access.

To post files that you send across chat platforms

Read items in all site collections

Delegated

Sites.Read.All - Allow the application to read documents and list items in all site collections on your behalf.

To fetch images posted in messages and files stored in the sender’s space in Sharepoint

Maintain access to data you have given it access to

Delegated

offline_access - Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.

To allow Mio to maintain access to the above permissions over time (does not grant additional permissions)

Scopes requested by Mio for subscriptions

The following subscription scopes are requested for:

  1. Improved message delivery time

  2. User Account Sync

  3. Guest User Account Sync

Scope name

Scope type

Permission & description

Use case

Read all chat messages

Application

Chat.Read.All - Allows the app to read your 1-to-1 or group chat messages in Microsoft Teams.

To create the subscriptions to get the messages from a Microsoft Teams direct message or group chat that will post to the other platforms.

Read all channel messages

Application

ChannelMessage.Read.All - Allows the app to read all channel messages in Microsoft Teams

To create the subscriptions to get the messages from a Microsoft Teams channel that will post to the other platforms.

Read organization information

Application

Organization.Read.All - Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information.

To gather information about your organization like its name and ID.

Read and write all groups

Delegated/Application

Group.ReadWrite.All - Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write group calendar and conversations. All of these operations can be performed by the app without a signed-in user.

To manage and update group content for groups you are a member of.

Manage Teams apps for all users

Application

TeamsAppInstallation.ReadWriteForUser.All - Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read application-specific settings.

To allow Mio to install bot users/apps to Teams, or install apps for different users, without needing a signed in user.

Frequently asked questions

Why does Mio need to read all files that I have access to?

When a file is uploaded in Microsoft Teams it's stored in shared Sharepoint folders. The Mio app needs to access these specific Sharepoint files in order to successfully send the file to Slack and Webex.

At this time, this permission is the least privileged scope that Microsoft offers.

Mio does not perform any other channel management actions other than for universal channels you create through the app.

If you have any questions regarding security for Mio, please reach out to our team via the chat bot in the bottom right corner of your page.

Did this answer your question?