FAQ - BeZoned App permissions

General understanding

BeZoned implements features that normally require users to open several Microsoft apps (Teams, Outlook, Planner, etc.) and combines them into a single virtual‑office experience. To achieve this, it calls Microsoft Graph API on your behalf. For example, reading and writing Teams chats or channels requires Chat.ReadWrite and ChatMessage permissions; scheduling virtual‑office huddles requires access to online meetings and calendar resources; showing colleagues’ availability relies on Presence data; and installing or updating the BeZoned tab in multiple teams requires Teams App installation and Teams Tab permissions. Without these delegated and application permissions, BeZoned would not be able to provide the integrated Teams experience it was designed for. The permissions BeZoned requests map directly to Microsoft Graph permissions, so they are familiar to administrators and can be granted with confidence.

FAQ

Overview of permissions used by BeZoned

Permission & type

Why BeZoned needs it

AppCatalog.Read.All

Access to find the BeZoned meeting app and install in Meetings

Calendars.ReadBasic.All

Read calendar entries to show day-schedule in the avatar menu

Channel.Create

When creating a new office, BeZoned also need to create channels in the team

Channel.Delete.All

To clean up offices and clean up meeting rooms, BeZoned need to delete channels.

Channel.ReadBasic.All

BeZoned need to read names of Teams to correctly show the names of Offices in the application

ChannelSettings.Read.All

To see who is part of a team (office)

ChannelSettings.ReadWrite.All

Needed in the future to change office names from within BeZoned

Chat.Create

To create meeting chats, and other office chats

Chat.ReadWrite (D)

Allow BeZoned to synchronize chats between the BeZoned office, and the Teams chats

ChatMessage.Read (D)

Read chat messages to display them in the BeZoned office

ChatMessage.Send (D)

Send e.g. quick-message from the avatar menu

Directory.Read.All

Used when creating a new team to add users from the company directory

email (D)

See the end users email address

MailboxSettings.Read

Find the time zone of a user

offline_access (D)

Maintain access to data you have given it access to

OnlineMeetings.Read.All

Not used, will be removed in the future.
Read and create users online teams meetings

OnlineMeetings.ReadWrite (D)

Read and create users online teams meetings

openid (D)

Necessary to sign in with Microsoft ID

Organization.Read.All

Read necessary organization information

Presence.ReadWrite.All

Read and set user presence (Available, Busy, Away, etc)

profile (D)

Allow the app to read basic user information (e.g., name, picture, user name, email address)

Team.Create

When creating a new BeZoned office, it need access to create a corresponding Team

Team.ReadBasic.All

Read the names and descriptions of teams to create list of offices

TeamMember.ReadWrite.All

Add and remove members from offices

TeamMember.ReadWrite.All (D)

Not used, will be removed in the future

TeamsAppInstallation.ReadWriteSelfForChat.All

Used to attach the BeZoned meeting app to Teams meeting chats

TeamsAppInstallation.ReadWriteSelfForUser.All

Allow the BeZoned to manage itself

TeamsTab.ReadWrite.All

Create and read tabs in Teams channels

User.Read.All

Read full profile of user

The permissions marked with (D) are delegated permissions that the individual users can accept. The others are application permissions that must be approved by an admin.