ShareGate Desktop needs access to specific resources from Microsoft to work properly. To obtain this access, you need to provide your consent for the app to use delegated permissions on your tenant.
Using delegated permissions the app impersonates you in order to connect to the environment and perform actions using ShareGate Desktop. Your network identifies this as an application performing actions and not you directly. As with all operations in ShareGate Desktop, your data remains secure.
For more information, see What is the Azure ShareGate Desktop application? and How can I manage access to ShareGate Desktop?
| Permission | Description |
|---|---|
| Access directory as the signed-in user | Allows the app to have the same access to information in the directory as the signed-in user. |
| Read user files | Allows the app to read the signed-in user's files. |
| Read all groups | Allows the app to read basic group properties and memberships on behalf of the signed-in user. |
| Read and write all groups | Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content. |
| Sign in and read the user profile | Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
| Have full control of all site collections | Allows the app to have full control of all site collections on behalf of the signed-in user. |
| Read and write items and lists in all site collections | Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user. |
| Read items in all site collections | Allows the app to read documents and list items in all site collections on behalf of the signed-in user. |
| Read and write items in all site collections | Allows the app to create, read, update, and delete documents and list items in all site collections on behalf of the signed-in user. |
| Read user files | Allows the app to read the current user's files. |
| Read and write user files | Allows the app to read, create, update, and delete the current user's files. |
| Run search queries as a user | Allows the app to run search queries and to read basic site info on behalf of the current signed-in user. Search results are based on the user's permissions instead of the app's permissions. |
| Read managed metadata | Allows the app to read managed metadata and to read basic site info on behalf of the signed-in user. |
| Read and write managed metadata | Allows the app to read, create, update, and delete managed metadata and to read basic site info on behalf of the signed-in user. |
| Read user profiles | Allows the app to read user-profiles and to read basic site info on behalf of the signed-in user. |
| Read and write user profiles | Allows the app to read and update user-profiles and to read basic site info on behalf of the signed-in user. |
Note: To remove the Azure ShareGate Desktop application from your tenant see How do I remove the Azure ShareGate Desktop application?