Restricted Azure Permissions for Microsoft Integrations

The Microsoft Teams and Outlook integration with Oracle Learning no longer requires elevated permissions in the Azure app. The Azure App requires permission to read user data to validate the username. With this enhancement, User.ReadAll permission is replaced by User.ReadBasic.All which is much more restrictive and returns only basic user information, such as the name, email address, and photo.

Steps for the Azure Administrator to implement this change:

• In the Azure portal, navigate to the Azure app created for your Microsoft Teams and Outlook integrations.
• Navigate to App Permissions.
• Remove User.ReadAll permission
• Add User.BasicRead.All. permission and grant administrator access.

This enhancement provides enhanced security for Microsoft integrations with reduced permission level.

Steps to Enable

You don't need to do anything to enable this feature.

Key Resources

For more information about Microsoft integrations, see these help topics in the Implementing Learning guide:

• Setup the Microsoft Calendar Outlook App for Oracle Learning integration
• Setup the Microsoft Teams App for Oracle Learning Integration

For more information about User.ReadBasicAll scope, see the Microsoft Graph Permission user.read.all and user.readbasic.all help.