Complete list of required permissions
In this article
Permission request dialogs might appear when you sign up, sign in, or use some of the Shared Email Templates 2 features for the first time.
Permissions to sign up or sign in with Microsoft for the first time #
When you sign up or sign in with Microsoft for the first time, the following permissions are requested by the Shared Email Templates add-in to be used locally in the add-in pane or by the Shared Email Templates app in your web browser. Your access tokens stay private and don’t leave your device.
Sign you in and read your profile / Sign in and read user profile #
We use this permission to create your Shared Email Templates user account and identify you when you sign in. Also, we use this permission to read your name, email address, picture, and other properties of your Microsoft user profile when inserting a template into the currently composed message if the template contains the corresponding fillable fields.
Information for IT administrators and security engineers
| Graph API permission | User.Read |
| Graph API permission display name | Sign in and read user profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#userread |
Read all users’ basic profiles #
We use this permission to read basic properties of other user profiles in your organization when you invite users to your Shared Email Templates company account.
The permission is requested by the Shared Email Templates control panel (the Company account option) in your web browser.
Information for IT administrators and security engineers
| Graph API permission | User.ReadBasic.All |
| Graph API permission display name | Read all users’ basic profiles |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#userreadbasicall |
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
The permission is requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook and by the Shared Email Templates control panel (the Company account option) in your web browser.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Permissions to access OneDrive files #
When you access your OneDrive, the following permissions are requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook or by the Shared Email Templates app in your web browser. Your access tokens stay private and don’t leave your device.
Have full access to all files user can access #
We use this permission to read the list of your OneDrive folders and files when you attach your files or insert pictures. Also, we use this permission to upload a local file to your OneDrive when you use the corresponding feature.
Information for IT administrators and security engineers
| Graph API permission | Files.ReadWrite.All |
| Graph API permission display name | Have full access to all files user can access |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#filesreadwriteall |
View users’ basic profile #
We use this permission to read basic properties of your profile to identify you when you sign in to your OneDrive.
Information for IT administrators and security engineers
| Graph API permission | profile |
| Graph API permission display name | View users’ basic profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#profile |
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
The permission is requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook and by the Shared Email Templates control panel (the Company account option) in your web browser.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Permissions to access SharePoint files #
When you access your SharePoint, the following permissions are requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook or by the Shared Email Templates app in your web browser. Your access tokens stay private and don’t leave your device.
Read items in all site collections #
We use this permission to read the list of your SharePoint folders and files when you attach your files or insert pictures. Also, we use this permission to upload a local file to your SharePoint when you use the corresponding feature.
Information for IT administrators and security engineers
| Graph API permission | Sites.Read.All |
| Graph API permission display name | Read items in all site collections |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#sitesreadall |
View users’ basic profile #
We use this permission to read basic properties of your profile to identify you when you sign in to your SharePoint.
Information for IT administrators and security engineers
| Graph API permission | profile |
| Graph API permission display name | View users’ basic profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#profile |
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
The permission is requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook and by the Shared Email Templates control panel (the Company account option) in your web browser.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Permissions required for mail merge campaigns #
When you schedule or send a mail merge campaign, the following permissions are requested by the Shared Email Templates add-in to be used locally in the add-in pane or by the Shared Email Templates app in your web browser. To send email messages on behalf of your mailbox, your access tokens will be stored in a secret vault in our mail merge service. The access tokens will be removed as soon as the campaign is finished.
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
The permission is requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook and by the Shared Email Templates control panel (the Company account option) in your web browser.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Sign in and read user profile #
We use this permission to create your Shared Email Templates user account and identify you when you sign in. Also, we use this permission to read your name, email address, picture, and other properties of your Microsoft user profile when inserting a mail merge template into the currently composed message if the mail merge template contains the corresponding fillable fields.
Information for IT administrators and security engineers
| Graph API permission | User.Read |
| Graph API permission display name | Sign in and read user profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#userread |
Have full access to all files user can access #
We use this permission to read the list of your OneDrive or SharePoint folders and files when you attach your files or insert pictures into your mail merge messages. Also, we use this permission to read your mailing list.
Information for IT administrators and security engineers
| Graph API permission | Files.ReadWrite.All |
| Graph API permission display name | Have full access to all files user can access |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#filesreadwriteall |
Send mail as a user #
We use this permission to send your mail merge campaign on your behalf.
Information for IT administrators and security engineers
| Graph API permission | Mail.Send |
| Graph API permission display name | Send mail as a user |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#mailsend |
Permissions to import users from an Azure AD group #
When you import user groups from Azure AD, the following permissions are requested by the Shared Email Templates app in your web browser. Your access tokens stay private and don’t leave your device.
Sign in and read user profile #
We use this permission to identify you when you sign in.
Information for IT administrators and security engineers
| Graph API permission | User.Read |
| Graph API permission display name | Sign in and read user profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#userread |
Read all users’ basic profiles #
We use this permission to read basic properties of other user profiles in your organization when you import users to your Shared Email Templates company account.
Information for IT administrators and security engineers
| Graph API permission | User.ReadBasic.All |
| Graph API permission display name | Read all users’ basic profiles |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#userreadbasicall |
Read directory data #
We use this permission to read basic properties of user groups and user profiles in your Azure AD when you import users to your Shared Email Templates company account.
Information for IT administrators and security engineers
| Graph API permission | Directory.Read.All |
| Graph API permission display name | Read directory data |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#directoryreadall |
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Permissions to connect Outlook folders (deprecated Linked Outlook folders feature) #
When you connect an Outlook folder, the following permissions are requested by the Shared Email Templates add-in to be used locally in the add-in pane in your Outlook. Your access tokens stay private and don’t leave your device.
Read user mail #
We use this permission to read email templates stored in a linked Outlook folder of your mailbox.
Information for IT administrators and security engineers
| Graph API permission | Mail.Read |
| Graph API permission display name | Read user mail |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#mailread |
Read user and shared mail #
We use this permission to read email templates stored in a linked Outlook folder of a shared mailbox.
Information for IT administrators and security engineers
| Graph API permission | Mail.Read.Shared |
| Graph API permission display name | Read user and shared mail |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#mailreadshared |
View users’ basic profile #
We use this permission to read basic properties of your profile to identify you when you access a linked Outlook folder.
Information for IT administrators and security engineers
| Graph API permission | profile |
| Graph API permission display name | View users’ basic profile |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#profile |
Maintain access to data you have given it access to #
We would like not to use this permission but currently it is obligatory for all consent requests. You can find more details in the Microsoft developers’ explanation.
Information for IT administrators and security engineers
| Graph API permission | offline_access |
| Graph API permission display name | Maintain access to data you have given it access to |
| Link to the permission description | https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access |
Required Microsoft Graph API permissions: Information for IT administrators and security engineers #
Sign in/Sign up with Microsoft #
| Graph Permission | Permission Type | Justification | Azure AD App ID |
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
| profile | delegated | To read basic user information. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
| offline_access | delegated | To refresh access token, when the active one is expired. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
| User.ReadBasic.All | delegated | To read a basic set of profile properties of other users in the organization on behalf of the signed-in user. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
General Shared Email Templates functionality #
| Graph Permission | Permission Type | Justification | Azure AD App ID |
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| profile | delegated | To read basic user information. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Files.ReadWrite.All | delegated | To read and upload files to the signed-in user’s OneDrive or SharePoint folders. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Sites.Read.All | delegated | To read site and folder items in all site collections on behalf of the signed-in user. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Mail.Read | delegated | To read email in user mailboxes. Required for Outlook Draft functionality. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Mail.Read.Shared | delegated | To read mail that the user can access, including shared mail. Required for Outlook Draft functionality. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce or 680093f8-3534-48f1-8dae-3a13343cc03c |
| Directory.Read.All | delegated | Required by Azure AD authorization flow. To read data in groups of the user’s organization. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or c1e89043-a87e-4168-9620-996b6174f9ce |
Mail Merge functionality #
| Graph Permission | Permission Type | Justification | Azure AD App ID |
| openid | delegated | Required by Azure AD authorization flow. To sign users in and ensure their consent to using the Shared Email Templates app. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| profile | delegated | To read basic user information. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| offline_access | delegated | To refresh access token, when the active one is expired. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| User.Read | delegated | To read the profile of signed-in users. Also allows the Shared Email Templates app to read basic company information of signed-in users. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| Files.ReadWrite.All | delegated | To read and upload files to the signed-in user’s OneDrive or SharePoint folders. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |
| Mail.Send | delegated | Allows the Shared Email Templates app to send mail as the signed-in user. | e6f666d5-61ff-4582-8732-cedd9e55cef3 or 6e8e4d5c-1979-4b55-a2e8-a7531167af15 |