FAQ - BeZoned App permissions
General understanding
BeZoned implements features that normally require users to open several Microsoft apps (Teams, Outlook, Planner, etc.) and combines them into a single virtual‑office experience. To achieve this, it calls Microsoft Graph API on your behalf. For example, reading and writing Teams chats or channels requires Chat.ReadWrite and ChatMessage permissions; scheduling virtual‑office huddles requires access to online meetings and calendar resources; showing colleagues’ availability relies on Presence data; and installing or updating the BeZoned tab in multiple teams requires Teams App installation and Teams Tab permissions. Without these delegated and application permissions, BeZoned would not be able to provide the integrated Teams experience it was designed for. The permissions BeZoned requests map directly to Microsoft Graph permissions, so they are familiar to administrators and can be granted with confidence.
FAQ
Overview of permissions used by BeZoned
Permission & type | Why BeZoned needs it |
AppCatalog.Read.All | Access to find the BeZoned meeting app and install in Meetings |
Calendars.ReadBasic.All | Read calendar entries to show day-schedule in the avatar menu |
Channel.Create | When creating a new office, BeZoned also need to create channels in the team |
Channel.Delete.All | To clean up offices and clean up meeting rooms, BeZoned need to delete channels. |
Channel.ReadBasic.All | BeZoned need to read names of Teams to correctly show the names of Offices in the application |
ChannelSettings.Read.All | To see who is part of a team (office) |
ChannelSettings.ReadWrite.All | Needed in the future to change office names from within BeZoned |
Chat.Create | To create meeting chats, and other office chats |
Chat.ReadWrite (D) | Allow BeZoned to synchronize chats between the BeZoned office, and the Teams chats |
ChatMessage.Read (D) | Read chat messages to display them in the BeZoned office |
ChatMessage.Send (D) | Send e.g. quick-message from the avatar menu |
Directory.Read.All | Used when creating a new team to add users from the company directory |
email (D) | See the end users email address |
MailboxSettings.Read | Find the time zone of a user |
offline_access (D) | Maintain access to data you have given it access to |
OnlineMeetings.Read.All | Not used, will be removed in the future. |
OnlineMeetings.ReadWrite (D) | Read and create users online teams meetings |
openid (D) | Necessary to sign in with Microsoft ID |
Organization.Read.All | Read necessary organization information |
Presence.ReadWrite.All | Read and set user presence (Available, Busy, Away, etc) |
profile (D) | Allow the app to read basic user information (e.g., name, picture, user name, email address) |
Team.Create | When creating a new BeZoned office, it need access to create a corresponding Team |
Team.ReadBasic.All | Read the names and descriptions of teams to create list of offices |
TeamMember.ReadWrite.All | Add and remove members from offices |
TeamMember.ReadWrite.All (D) | Not used, will be removed in the future |
TeamsAppInstallation.ReadWriteSelfForChat.All | Used to attach the BeZoned meeting app to Teams meeting chats |
TeamsAppInstallation.ReadWriteSelfForUser.All | Allow the BeZoned to manage itself |
TeamsTab.ReadWrite.All | Create and read tabs in Teams channels |
User.Read.All | Read full profile of user |
The permissions marked with (D) are delegated permissions that the individual users can accept. The others are application permissions that must be approved by an admin.