LawToolBox Permissions
All the permissions listed below operate under the user’s scope as delegated permissions by leveraging Microsoft Graph API
All the permissions are documented in the below Microsoft document:
Learn More:
- Overview of permissions and consent in the Microsoft identity platform (Delegated Permissions) - learn.microsoft.com
- Microsoft Graph Permissions Reference - learn.microsoft.com
- Application Information for LawToolBox by LawToolBox.com,Inc. - Microsoft 365 App Certification - learn.microsoft.com
Grant Permissions:
- application permissions (grant app consent)
- enterprise permissions (grant enterprise consent)
App permissions:![]() | Enterprise permissions:![]() |
LawToolBox makes a concerted effort to only ask for the permissions necessary to make our solution for M365 work as expected.
_________________________________________________________________
Application Permissions Explained:
- application permissions (grant app consent)
These user-based permissions are for the LawToolBox application to work as an extension of what the user already has access to or has permission to do in Microsoft 365 (add calendar appointments, view files and contacts, visit SharePoint sites, Teams, etc.). This does not allow LawToolBox company to see your files, M365 data and the data will remain in your tenant.
1. Have full access to your calendars Allows the app to create, read, update, and delete events in user calendars. This is a permission requested to access your data in Contoso 2. Read items in all site collections Related to files and folders for uploading files to case folders and file sharing in meetings– so files can be uploaded to SharePoint for a specific matter – this facilitates SharePoint search (virtual meeting uses this function) Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user.
3. Read and write items and lists in all site collections Allows the app to read, create, update, and delete document libraries and lists in all site collections on behalf of the signed-in user. This is a permission requested to access your data in Contoso. 4. Read your files Read and list the user files the user already has access to Allows the app to read the current user's files. This is a permission requested to access your data in Contoso. 5. Read your mail Allows the app to read the signed-in user's mailbox. This is a permission requested to access your data in Contoso. 6. Read and write user mailbox settings Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to send mail. This is a permission requested to access your data in Contoso. 7. Read and write all OneNote notebooks that you can access Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization. This is a permission requested to access your data in Contoso. 8. Read and write to your and shared contacts Allows the app to create, read, update, and delete contacts a user has permissions to, including their own and shared contacts. This is a permission requested to access your data in Contoso. 9. Sign you in and read your profile Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. This is a permission requested to access your data in Contoso. 10. Have full access of your contacts Allows the app to create, read, update, and delete user contacts. This is a permission requested to access your data in Contoso. 11. Read and write all groups Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content. This is a permission requested to access your data in Contoso. 12. Read and write directory data Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. This is a permission requested to access your data in Contoso. 13. Send mail as you Allows the app to send mail as users in the organization. This is a permission requested to access your data in Contoso. 14. Have full access to your files Allows the app to read, create, update and delete the signed-in user's files. This is a permission requested to access your data in Contoso. 15. Read and write all OneNote notebooks that you can access Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization. This is a permission requested to access your data in Contoso. 16. Read and create your online meetings Allows the app to read and create online meetings on behalf of the signed-in user. This is a permission requested to access your data in Contoso. 17. Read your relevant people list Allows the app to read a ranked list of relevant people of the signed-in user. The list includes local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype). This is a permission requested to access your data in Contoso. | ![]() |
NOTE: Some permissions can not be revoked. If certain permissions are revoked, it will deprecate functions of LawToolBox and will limit the functionality for the users.
_________________________________________________________________
Enterprise Permissions Explained
- Enterprise permissions (grant enterprise consent)
Enterprise-level permissions allow users to exceeds 250 groups limit for Microsoft 365 and make it unlimited. These permissions provide a more seamless user experience for auditing and self-troubleshooting.
Each permission is explained in detail here:
Examples of how application permissions are used and enhance user and admin experience: Editor rights: When our deadlines move, the original entry gets “Cancelled”
Audit tool: LawToolBox manages deadlines through a group calendar.
Group limits:
|