Mio is making cross platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us.

Mio securely integrates with your messaging platforms and never stores messages or files. Download our security white paper in our security center for more details.

We never require more permissions than necessary to make universal channels function as intended.


Scopes requested by Mio for Connect Platforms

Scope

Scope type

Permission

Use case

AppCatalog.ReadWrite.All

Delegated

Read and write to all app catalogs

To allow Mio to sync avatar information like name and picture

Channel.Create

Delegated

Create channels

To create and sync channels in Microsoft Teams that don't already exist

Channel.ReadBasic.All

Delegated

Read the names and descriptions of channels

Channel.ReadBasic.All

Application

Read the names and descriptions of all channels

ChannelMessage.Read.All

Application

Read all channel messages

To create the subscriptions to get the messages from a Microsoft Teams channel that will post to the other platforms

ChannelMessage.ReadWrite

Delegated

Read and write user channel messages

ChannelMessage.Send

Delegated

Send channel messages

To allow the Mio app to send messages on behalf of users in channels.

Chat.Create

Delegated

Create chats

To allow Mio to create a group chat when a Teams user's secondary account is invited into a group chat on another platform.

Chat.Create

Application

Create chats

Chat.Read

Delegated

Read user chat messages

To deliver messages to other chat platforms like Slack, Zoom, or Webex

Chat.Read.All

Application

Read all chat messages

To create the subscriptions to get the messages from a Microsoft Teams direct message or group chat that will post to other platforms.

Chat.ReadWrite

Delegated

Read and write user chat messages

To allow the Mio app to send messages as the Guest user in a regular Teams direct message and group chat

ChatMember.ReadWrite

Delegated

Add and remove members from chats

To invite the appropriate users when Mio creates a synced group chat

ChatMember.ReadWrite.All

Application

Add and remove members from all chats

To invite the appropriate users when Mio creates a synced group chat

Directory.AccessAsUser.All

Delegated

Access directory as the signed in user

To allow the Mio app to read the organization’s directory

Directory.Read.All

Delegated

Read directory data

To allow Mio to retrieve user roles so we know if someone is a Teams admin or not

Files.Read.All

Delegated

Read all files that user can access

To post files that you send across chat platforms

Files.ReadWrite

Delegated

Have full access to user files

To allow the Mio app to post files and images across platforms as the Guest user

Files.ReadWrite.All

Application

Read and write files in all site locations

Group.ReadWrite.All

Delegated

Read and write all groups

To manage and update group content for groups you are a member of

Group.ReadWrite.All

Application

Read and write all groups

Organization.Read.All

Application

Read organization information

To gather information about your organization like its name and ID

Sites.ReadWrite.All

Delegated

Edit or delete items in all site collections

To allow the Mio app to post files and images across platforms as the Guest user

Team.Create

Application

Create teams

Team.ReadBasic.All

Delegated

Read the names and descriptions of teams

To allow Mio to know which Teams a Guest user has been added to.

User.Read

Delegated

Sign in and read user profile

To allow users to sign in to the Mio app with their Teams account

User.Read.All

Application

Read all users' full profiles

User.ReadWrite.All

Delegated

Read and write all users' full profiles

To allow Mio to see all information about users in their tenant, so we can match them with the bot/users on other platforms

User.ReadWrite.All

Application

Read and write all users' full profiles

To allow Mio to see all information about users in their tenant, so we can match them with the bot/users on other platforms

offline_access

Delegated

Maintain access to data you have given it access to

To allow Mio to maintain access to the above permissions over time (does not grant additional permissions)


Frequently asked questions

Why does Mio need User.ReadWrite.All?

To enable cross platform direct messaging, Mio syncs a user's primary account with their secondary account. For example, Dave uses Webex and even though he has an account on Microsoft Teams he doesn't use. Mio will sync Dave's Webex account to his Microsoft Teams account and whenever he posts a message on Slack, Mio will post an exact copy of that message in Microsoft Teams using his Microsoft Teams account.

If Dave ever updates his avatar or wants to update his display name to David, Mio will use the User.ReadWrite.All scope to update his account in Microsoft Teams.

Why does Mio need Group.ReadWrite.All?

Mio has an administrative hub that is used by customers to sync channels. One use case is to sync an existing channel in Webex to a channel that does not yet exist in Microsoft Teams. For example, Dave wants to sync the #engineering channel in Webex over to Microsoft Teams, but an engineering channel does not yet exist in Microsoft Teams. Mio uses Group.ReadWrite.All to create the engineering channel in Microsoft Teams and then syncs it with the #engineering channel in Webex. This is the only scope that allows the Mio app to create a channel inside of a Team.

Why does Mio need to read all files that I have access to?

When a file is uploaded in Microsoft Teams it's stored in shared Sharepoint folders. The Mio app needs to access these specific Sharepoint files in order to successfully send the file to Slack and Webex.

At this time, this permission is the least privileged scope that Microsoft offers.

Mio does not perform any other channel management actions other than for universal channels you create through the app.


If you have any questions regarding security for Mio, please reach out to our team via the chat bot in the bottom right corner of your page.

Did this answer your question?