Required Permissions Reference

17 min

introduction activate integrates with {{microsoft entra id}} , microsoft 365, and exchange online to automate identity lifecycle, access provisioning, and collaboration services to perform these functions securely, activate requires specific delegated or application permissions within your tenant this section outlines the minimum permissions required for each activate product each permission is listed alongside a short explanation of why it is needed so administrators can validate scope, reduce unnecessary privilege, and meet least privilege security principles permissions are grouped by product area, for example identity & access management – user provisioning, group membership, lifecycle actions data access management – shared mailbox and distribution list management collaboration management – teams creation and channel management service desk and catalogue – device, service, and licence management some products do not require any additional azure or microsoft 365 permissions; these are also noted explicitly for clarity note microsoft continues to deprecate legacy powershell modules (msonline, azuread) in favour of the microsoft graph api activate supports both where required, but organisations should plan to migrate to graph permissions wherever possible how to use this section review the products your organisation intends to deploy request the listed permissions during app registration in entra id this ensures activate has exactly the access it needs — no more, no less audit regularly as microsoft graph evolves, check if permissions can be reduced or updated identity access management identity & access manager true 243,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type role manager true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type self service password reset manager true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type privileged access manager true 220,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type security group compliance manager no additional azure permissions required security group manager true 232,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type itsm service desk integrations manager no additional azure permissions required data access management shared mailbox manager true 284,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type distribution list manager true 231,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type folder manager no additional azure permissions required teams® manager true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type hardware and software management asset and license manager no additional azure permissions required service catalogue manager true 5 229,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type device asset manager no additional azure permissions required license and subscription manager no additional azure permissions required extension & mobile connection manager no additional azure permissions required other general permissions these are permissions that are required for functions other than direct product use true 215,100 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type