Minimum permissions required:

• SharePoint Administrator
• User Administrator

📘 Why API Approval Is Needed

Compliance Tracker 365 uses the Microsoft Graph API to:

• Read user profile properties and group membership (for assigning terms to groups of users).
• Generate Excel reports in OneDrive.

Without approving these API requests:

• The Profile Import tab in the Management page will not support groups or staff profile properties.
• Excel reports will not be saved to OneDrive.

👥 Who Can Approve

This step must be performed by a SharePoint Administrator + User Administrator.

• Learn how to assign or verify Admin roles

🛠️ How to Approve API Requests

1. Open the API Access Management page using the link below.
   Replace myTenant with your tenant name:

   Tenant Name:

   https://myTenant-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/webApiPermissionManagement
   

2. Review pending requests for Compliance Tracker 365. There will be up to three:

   • Microsoft Graph – User.Read.All
     Used to read user profile properties for managing profiles.
   • Microsoft Graph – GroupMember.Read.All
     Used to read group membership and associate profiles with terms.
   • Microsoft Graph – Files.ReadWrite.All
     Used to create Excel report files in OneDrive. (Despite the name, this only allows access to an individual’s own OneDrive.)

3. Approve the required permissions:

   • ✅ User.Read.All and GroupMember.Read.All → Required for the Profile Import tab.
   • ✅ Files.ReadWrite.All → Required to export reports to Excel from the Management Reports tab.

4. Select each request and click Approve.

✅ Outcome

Once approved, Compliance Tracker 365 will have the necessary API access to:

• Import and manage staff profiles with group support.
• Export compliance reports directly to Excel in OneDrive.