Delegated permissions

  • Last update on October 24th, 2024

Table of Contents

Legacy CoreView solutions

An Entra ID app connector is available for owners of legacy CoreView offerings who would like to retain access to this feature. Please contact your CSM to learn more.

 

This report details all permissions that an admin has delegated to apps within your tenant. It offers a single-panel view, showing the permissions (listed in the “Scope” column) that have been delegated to each app (identified in the “Service principal display name” column) across specified “Resources”. The goal of this report is to make permission management more straightforward.

Each entry in this report represents a unique combination of a service principal and a resource.

 

For instance, in the example provided below, the Microsoft Azure PowerShell app has been granted full control over all sites through SharePoint Online, along with a range of permissions for reading and writing through Microsoft Graph.

A particularly valuable use case for this report is the ability to filter for sensitive permissions, such as Directory.ReadWrite.All. This allows for a quick check to ensure that apps with such permissions are safe and reliable. This report's advantage is its ability to perform this check for all apps in your tenant at once, saving considerable time and effort. In contrast, the Microsoft Admin Center requires permissions to be checked for each app individually.

Currently, the report only displays admin consents given to applications, not user consents.