This page highlights the permissions which are granted by the different Exclaimer AAD apps required for each feature of the product -
- Exclaimer Cloud Signatures for Office 365 <region>
- Exclaimer Cloud Signatures for Outlook Feature
- Exclaimer Cloud <region> Setup - Please remove after setup
- Exclaimer Cloud Signatures for Office 365 Sent Items <region>
-
Exclaimer Cloud - User Details Editor
Application Name: Exclaimer Cloud Signatures for Office 365 <region>
Purpose: Used to synchronize user data from AAD to Exclaimer Cloud
Permission Name |
Type |
Description |
Purpose |
---|---|---|---|
Microsoft Graph | |||
User.Read |
Delegated |
Sign in and read user profile |
Used by the UI to query if the signed-in user is an admin of M365 and expose different setup options to them. |
Directory.Read.All |
Application |
Read directory data |
Used by the data service to query directory data which is then stored in an Exclaimer cache. |
Azure Active Directory Graph |
|||
User.Read |
Delegated |
Enable sign-on and read user's profile |
Used by the UI to query if the signed-in user is an admin of M365 and expose different setup options to them. |
Directory.Read.All |
Application |
Read directory data |
Used by the data service to query directory data which is then stored in an Exclaimer cache. |
Application Name: Exclaimer Cloud - Signatures for Outlook Feature
Purpose: Used by the Outlook Add-in & legacy app for outlook for user sign-in and auth
Permission Name |
Type |
Description |
Purpose |
---|---|---|---|
Microsoft Graph | |||
User.Read |
Delegated |
Sign in and read user profile |
Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product. |
Azure Active Directory Graph |
|||
User.Read |
Delegated |
Enable sign-on and read user's profile |
Used to confirm that the user is a valid user within your tenancy in O365 + Exclaimer before making the request to the product. |
Application Name: Exclaimer Cloud <region> Setup - Please remove after setup
Purpose: Used during the setup for server-side signatures for O365 and should be removed after setup is complete
Permission Name |
Type |
Description |
Purpose |
---|---|---|---|
Microsoft Graph | |||
Domain.ReadWrite.All |
Application |
Read and write domains |
Used to create the domain in your O365 tenancy required for certificate auth and tenant attribution. |
Azure Active Directory Graph |
|||
Domain.ReadWrite.All |
Application |
Read and write domains |
Used to create the domain in your O365 tenancy required for certificate auth and tenant attribution. |
Application Name: Exclaimer Cloud Signatures for Office 365 Sent Items <region>
Purpose: Used when enabling the Sent Items feature and to provide subsequent access to the user's mailbox to update the sent items.
Permission Name |
Type |
Description |
Purpose |
---|---|---|---|
Microsoft Graph | |||
User.Read |
Delegated |
Read and write domains |
Allows reading the profile of the signed-in user.
Used by the UI to query if the signed-in user is an admin of M365 and can consent on the part of the organization. |
Azure Active Directory Graph |
|||
User.Read |
Delegated |
Read and write domains |
Allows reading the profile of the signed-in user.
Used by the UI to query if the signed-in user is an admin of M365 and can consent on the part of the organization. |
Office 365 Exchange Online |
|||
full_access_as_app |
Application |
Use Exchange Web Services with full access to all mailboxes |
Access the user's mailbox in Exchange Online and update the non-imprinted sent item in the sent items folder with the imprinted message. |
Mail.ReadWrite |
Application |
Read and write mail in all mailboxes |
Access the user's mailbox in Exchange Online and update the non-imprinted sent item in the sent items folder with the imprinted message. |
Application Name: Exclaimer Cloud - User Details Editor
Purpose: Used to allow the user to sign in to User Details Editor
Permission Name |
Type |
Description |
Purpose |
---|---|---|---|
Microsoft Graph |
|||
Openid |
Delegated |
Sign users in |
To support user sign-in and mapping between Exclaimer subscription and AD user. |
profile |
Delegated |
View user's basic profile |
As above |
User.Read |
Delegated |
Sign in and read user profile |
Used to confirm if the user is a 365 Global Admin and control access to Settings. |