Azure AD Permissions and Consent Requirements

Scan to SharePoint Online requires user consent to the following API permissions:

API

Permission

Type

Description

SharePoint

AllSites.Write

Delegated

Read and write items in all site collections

Microsoft Graph

User.Read

Delegated

Sign in and read user profile


Note: These permissions do not require administrator consent. When required permissions are granted, the application can read and write access reviews on behalf of the signed-in user.

Granting administrator consent

Depending on the preconfigured Azure AD settings, non-administrator users can be restricted from consenting to the application to access company data on their behalf. In such scenarios, the applications must be granted an administrator consent to access the organizational data.

To grant administrator consent, user can try one or more of the following:

From the consent prompt

An admin user can consider enabling the administrator consent directly from the consent prompt, when signing in to the application.

From the Azure portal

After signing in, you can grant administrator consent through the Enterprise applications, if the application has already been added in the Azure Active Directory.