What type of permissions do I need in Azure to install the application

This article explains what type of permissions you need to have in Azure to allow the application registration and allow the app to read necessary user information

To be able to allow OpsLogix SCOM Connector for Teams to read information from Microsoft Graph, the user installing the app needs to have an account that is Global Administrator, Application Administrator, or a Cloud Application Administrator in your Azure Tenant. This setting is required to grant admin consent to the application.

Grant tenant-wide admin consent to an application

 

An alternative is to allow end-users users to consent to applications from verified publishers.

Configure how end-users consent to applications

 

The application needs permission to read the following information from your Azure Tenant.

API / Permissions Name
Description
email View users' email address
offline_access Maintain access to data you have given it access to
openid Sign users in
profile View users' basic profile
User.Read Sign in and read user profile

The following permissions are the most requested application permissions with low-risk access. Get started managing consent and permissions for all users by adding these delegated permissions with only one click. Learn more

The offline_access scope gives your app access to resources on behalf of the user for an extended time. On the consent page, this scope appears as the Maintain access to data you have given it access to permission.

When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.

 This permission currently appears on all consent pages, even for flows that don't provide a refresh token (such as the implicit flow). This setup addresses scenarios where a client can begin within the implicit flow and then move to the code flow where a refresh token is expected.

 

More information about the following permissions required can  be found here:

Permissions and consent in the Microsoft identity platform

 

These permissions have been verified by Microsoft in the AppSource approval processes for the required permissions for what the app needs to work.