API Permissions related to Microsoft Teams integrationSummaryThe following are API permissions requested by the ServiceNow integration with Microsoft Teams. It is organized per app in the "Install Azure Apps" page available with the Microsoft Teams integration. For more information on Microsoft's delegated vs application permissions, see Microsoft's documentation Permissions and consent in the Microsoft identity platform. Notify for Microsoft Teams Calling capabilities are done on behalf of a bot, rather than an individual. All the permissions are Application permissions, allowing our bot the necessary permissions to create meetings, add participants, and read call details. Users.Read.All (Application) This allows the app to get the details of the users, such as their Azure ID, which is required to start the meeting.OnlineMeetings.ReadWrite.All (Application) This permission is required to initiate an online meeting.Calls.InitiateGroupCall.All (Application) This permission is required to invite multiple participants to a call on behalf of a Bot.Calls.JoinGroupCall.All (Application) This permission allows the bot to join the meeting as a participant. In order to read call details, the bot must first be a meeting participant.TeamsAppInstallation.ReadWriteForChat.All (Application) This permission is required to add our app to an online meeting, as part of Meeting Extensibility.TeamsTab.ReadWriteForChat.All (Application) This permission allows our app to open a tab with incident details within a meeting, as part of Meeting Extensibility. Request Based Chat Offline_access (delegated) ServiceNow stores an access token for each user, which allows them to re-authenticate with ServiceNow, within Microsoft Teams, without having to go through a login prompt. Offline access allows us to automatically refresh the access token.Chat.ReadWrite (delegated) The Read part of the Chat.ReadWrite permission allows us to import request-based chats from Microsoft Teams. The Write part of the Chat.ReadWrite permission is used in the "Start Chat" screen, where an opening message is provided on behalf of the agent.User.Read (delegated) This permission is automatically added whenever an app is created to read the basic information of the user like name, email-id.User.ReadBasic.All (delegated) This permission is required to obtain the names and Azure ID's of users. ServiceNow stores the Azure ID in order to create chats on behalf of users and import chats on their behalf.Files.Read.All (delegated) This permission is used when importing request-based chats from Microsoft Teams. It allows attachments to be imported, as part of the Teams chat.ChatMember.ReadWrite (delegated) When a request with a Teams chat is set to inactive, participants are automatically removed from the corresponding chat. This permission is required to remove the chat participants.Chat.Create (delegated) This permission is used in the creation of request-based chats.Chat.ReadBasic (delegated) This permission is used when importing request-based chats. It allows us to display which participant sent each message in the chat. Tab SSO User.Read (delegated) This permission enables the user to authenticate into a ServiceNow Portal embedded in Microsoft Teams.Offline_access (delegated) This permission is required for the use of Tab SSO, to enable user authentication with a Microsoft Teams tab.