Mio is making cross platform communication between teams a reality. In doing so, protecting the integrity and security of your data is of paramount importance to us.
Mio securely integrates with your messaging platforms and never stores messages or files. Download our security white paper in our security center for more details.
We never require more permissions than necessary to make Mio function as intended.
Application scopes requested by Mio for Connect Platforms
Scope | Permission | Use case |
Channel.ReadBasic.All | Retrieve the list of channels in the team | |
ChannelMessage.Read.All | Read all channel messages | To create the subscriptions to get the messages from a Microsoft Teams channel that will post to the other platforms |
Chat.Create | Create chats | To allow Mio to create a direct message or group chat from the Mio bot to the end user. |
Chat.Read.All | Read all chat messages | To create the subscriptions to get the messages from a Microsoft Teams direct message or group chat that will post to other platforms. |
ChatMember.ReadWrite.All | Add and remove members from all chats | To invite the appropriate users when Mio creates a synced group chat |
Files.ReadWrite.All | Read and write files in all site locations | To allow Mio to read files posted into channels and to upload files into a channel. |
Group.ReadWrite.All | Read and write all groups | To allow Mio to read data about a Group and allow Mio to create Groups. |
Organization.Read.All | Read organization information | To gather information about your organization like its name and ID |
Team.Create | Create teams | To allow Mio to create a new Team within AAD. |
User.Read.All | Read all users' full profiles | To allow Mio to read user information for identification purposes. |
User.ReadWrite.All | Read and write all users' full profiles | To allow Mio to see all information about users in their tenant, so we can match them with the bot/users on other platforms |
TeamsAppInstallation.ReadWrite | Add app to a team |
Delegated scopes requested by Mio for User Sync
Scope | Permission | Use case |
ChannelMessage.Send | Send a new chat message in the specified channel or a chat | |
ChannelMessage.ReadWrite | Read and write user channel messages | |
Chat.Create | Create chats | To allow Mio to create a group chat when a Teams user's secondary account is invited into a group chat on another platform. |
Chat.ReadWrite | Read and write user chat messages | To allow the Mio app to send messages as the Guest user in a regular Teams direct message and group chat |
ChatMember.ReadWrite | Add and remove members from chats | To invite the appropriate users when Mio creates a synced group chat |
Files.ReadWrite | Have full access to user files | To allow the Mio app to post files and images across platforms as the Guest user |
Sites.ReadWrite.All | Edit or delete items in all site collections | To allow the Mio app to post files and images across platforms as the Guest user |
Team.ReadBasic.All | Read the names and descriptions of teams | To allow Mio to know which Teams a Guest user has been added to. |
User.Read | Sign in and read user profile | To allow users to sign in to the Mio app with their Teams account |
offline_access | Maintain access to data you have given it access to | To allow Mio to maintain access to the above permissions over time (does not grant additional permissions) |
Frequently asked questions
Why does Mio need User.ReadWrite.All?
To enable cross platform direct messaging, Mio syncs a user's primary account with their secondary account. For example, Dave uses Webex and even though he has an account on Microsoft Teams he doesn't use. Mio will sync Dave's Webex account to his Microsoft Teams account and whenever he posts a message on Slack, Mio will post an exact copy of that message in Microsoft Teams using his Microsoft Teams account.
If Dave ever updates his avatar or wants to update his display name to David, Mio will use the User.ReadWrite.All scope to update his account in Microsoft Teams.
Why does Mio need Group.ReadWrite.All?
Mio has an administrative hub that is used by customers to sync channels. One use case is to sync an existing channel in Webex to a channel that does not yet exist in Microsoft Teams. For example, Dave wants to sync the #engineering channel in Webex over to Microsoft Teams, but an engineering channel does not yet exist in Microsoft Teams. Mio uses Group.ReadWrite.All to create the engineering channel in Microsoft Teams and then syncs it with the #engineering channel in Webex. This is the only scope that allows the Mio app to create a channel inside of a Team.
Why does Mio need to read all files that I have access to?
When a file is uploaded in Microsoft Teams it's stored in shared Sharepoint folders. The Mio app needs to access these specific Sharepoint files in order to successfully send the file to Slack and Webex.
At this time, this permission is the least privileged scope that Microsoft offers.
If you have any questions regarding security for Mio, please reach out to our team via the chat bot in the bottom right corner of your page.