Why ActionBridge Requires Microsoft Graph Permissions
Microsoft Graph Permissions Used by ActionBridge
ActionBridge integrates with Microsoft Teams and Outlook to provide collaborative task management and calendar scheduling. Below is a list of Microsoft Graph API permissions the app requires, along with the reasons each is used.
| Permission | Type | Why ActionBridge Needs This |
|---|---|---|
| Calendars.ReadWrite | Delegated | Allows ActionBridge to create and update tasks as Outlook calendar events on behalf of the user, enabling task scheduling and time-blocking. |
| Channel.ReadBasic.All | Delegated | Reads Teams channel names and descriptions to populate context when assigning or displaying tasks within projects or teams. |
| ChannelMessage.Read.All | Delegated | Reads messages in Teams channels the app is part of, used to retrieve and display task-related conversations or thread context. |
| ChannelMessage.Read.All | Application | Allows background services (like bots) to read Teams channel messages without a signed-in user, supporting automated task replies or triggers. |
| ChannelMessage.ReadWrite | Delegated | Allows read/write access to messages in Teams channels so users and bots can comment on tasks directly in threads. |
| ChannelMessage.Send | Delegated | Sends messages to Teams channels, such as task assignment notifications or reminders. |
| Delegated | Retrieves the user’s email address to associate task assignments and calendar events with their Microsoft 365 identity. | |
| Group.Read.All | Delegated | Reads Microsoft 365 groups and Teams the user is part of, allowing them to assign tasks to projects or teams. |
| offline_access | Delegated | Maintains user sessions with Microsoft Graph, enabling persistent access via refresh tokens even after logout or token expiration. |
| openid | Delegated | Used for user authentication and single sign-on (SSO) within Microsoft Teams and Outlook environments. |
| profile | Delegated | Retrieves basic profile info like name and avatar to personalize the ActionBridge experience and show task ownership clearly. |
| Team.ReadBasic.All | Delegated | Reads names and metadata of Teams teams to allow the user to associate tasks with specific teams or channels. |
| Teamwork.Migrate.All | Application | Supports future capability to migrate or import tasks/comments from legacy systems into Teams channels via background jobs. |
| User.Read | Delegated | Required for sign-in and reading the user’s Microsoft 365 profile. Essential for all apps using Microsoft Identity. |
Why These Permissions Are Needed
ActionBridge requires these permissions to deliver its full functionality:
- Task creation, assignment, and commenting within Teams
- Scheduling tasks into Outlook calendar
- Displaying user-specific task data across Teams and Outlook
Permissions are scoped to the signed-in user only. ActionBridge does not access emails, files, or calendar events unless explicitly triggered by the user (e.g., "Add to Outlook Calendar"). Data access is limited to what is necessary for the app’s operation, and enterprise admins can review or revoke permissions at any time.
Sho Shimoda
I spend as much time simplifying as I do coding—because making things easy is part of the product. I build systems that work beautifully and explain themselves.Category
Tags
Search History
Authors
Sho Shimoda
I spend as much time simplifying as I do coding—because making things easy is part of the product. I build systems that work beautifully and explain themselves.
Koki Nin
I focus on turning ideas into working code—refining architecture, fixing what’s broken, and improving what works. Sometimes the best “bug” becomes a feature.
Yasushi Motoki
I lead onboarding for AB, helping teams get value from day one. I focus on making a complex product feel simple, clear, and immediately useful.