Minimum permissions: SharePoint Administrator and User Administrator
Compliance Tracker 365 uses the Microsoft Graph API to read user profile properties and group membership. This allows you to assign terms to groups of users based on their profile properties. It is also used to create Excel reports in OneDrive.
If you would like to use these features, follow the steps below to allow Compliance Tracker 365 to access the specific Microsoft Graph API endpoint needed for this functionality. You can still use Compliance Tracker 365 if you do not approve these requests, but you will not be able to use the Profile Import tab of the Management page and the Excel report will not be saved to OneDrive.
This step needs to be performed by a SharePoint Administrator + User Administrator.
Learn how to assign/verify Admin roles to a user here
To approve the API requests, open the API access management page using the link below. Replace “myTenant” with your own tenant.
Tenant Name:
https://myTenant-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/webApiPermissionManagement
There will be up to three pending requests for Compliance Tracker 365:
- Microsoft Graph, User.Read.All - Used to read user profile properties to manage profiles.
- Microsoft Graph, GroupMember.Read.All - Used to read group membership to associate profiles with terms.
- Microsoft Graph, Files.ReadWrite.All - Used to create Excel report files in OneDrive. Despite the name, this permissions only allows an individual access to their own One Drive.
User.Read.All and GroupMember.Read.All must be approved for the Profile Import tab in Compliance Tracker 365 Management to support groups and staff profile properties.
Files.ReadWrite.All must be approved to export reports to Excel from the Compliance Tracker 365 Management Reports tab.
To approve, select each request and click Approve.
