Teamflect integrates deeply with Microsoft 365 to provide a connected and seamless experience for its users. This integration is made possible through the Microsoft Graph API, which enables secure access to essential data and services across the Microsoft ecosystem.
What is Microsoft Graph API?
The Microsoft Graph API is a unified endpoint provided by Microsoft that allows developers to access programmatically:
Outlook
Teams
SharePoint
Calendars
Users and Groups
And more
It is crucial in enabling secure data exchange between third-party applications and Microsoft 365 services.
Why Graph API Permissions Matter
Third-party applications like Teamflect require specific Graph API permissions to:
Securely access and retrieve data
Ensure only authorized access to Microsoft 365 content
Provide key functionalities such as calendar sync, user management, task tracking, and organizational insights
Before We Start
When your organization installs Teamflect, Microsoft asks you to approve a set of permissions. This is completely standard for any app that works inside Microsoft Teams and Outlook.
This guide explains each permission in everyday language, so your IT team and end-users know exactly what they’re agreeing to.
Required permissions are needed for Teamflect to function at all. Optional permissions unlock specific features — if you skip them, everything else still works normally.
Core Permissions (Required)
These are the basics Teamflect needs to know: who you are, who’s in your organization, and how to show people inside the app.
Permission | Type | What It Enables | If Not Granted |
User.Read | Required | Reads your name, email, and profile photo so Teamflect can identify you when you sign in. | Teamflect cannot load at all — it won’t know who you are. |
User.ReadBasic.All | Required | Lets you see other people’s names and profile cards inside Teamflect (e.g. when giving feedback or setting goals for your team). | You’d only see your own profile. You couldn’t search for or interact with colleagues. |
⚠️ None of these permissions let Teamflect read your emails, chats, or files. They only cover profile information and availability status.
Calendar & Tasks (Optional)
These permissions connect Teamflect to your calendar and Microsoft To Do. They’re off by default and only activate when your admin enables the related feature.
Permission | Type | What It Enables | If Not Granted |
Calendars.Read | Optional | Reads your calendar events so Teamflect can display 1-on-1 and team meetings inside the app. Read-only — Teamflect cannot create, edit, or delete events. | The 1-on-1 Meetings module won’t show calendar-based meetings. You can still create meetings manually inside Teamflect. |
Tasks.ReadWrite | Optional | Connects to Microsoft To Do so you can view and manage tasks directly inside Teamflect. | The To Do integration won’t appear. You can still use Teamflect’s built-in task management. |
Here's a quick video outlining the steps for end-users to grant Teamflect access to their calendar later on:
Organization Directory (Optional)
This permission gives Teamflect a read-only view of your org chart data.
Permission | Type | What It Enables | If Not Granted |
Directory.Read.All | Optional | Reads department names, manager relationships, and team structures from your Microsoft directory. Read-only — Teamflect cannot modify anything. | Teamflect won’t automatically know reporting lines, departments, or teams. Your admin would need to configure this information manually. |
People.Read | Optional | Pulls in your most-relevant contacts (the people you email or meet with often) so Teamflect can suggest them first. | Contact suggestions won’t appear. You’d need to search for people manually every time. |
Presence.Read.All | Optional | Shows real-time availability dots (green = available, yellow = away, red = busy) next to people’s names. | No availability indicators. You won’t know if someone is free before reaching out. |
File Permissions (Optional)
These permissions are only relevant if your organization uses Excel-based goal tracking — for example, linking a goal’s progress to a value in a shared spreadsheet.
Permission | Type | What It Enables | If Not Granted |
Files.Read | Optional | Reads files that you personally have access to (your OneDrive, files shared with you). Used for linking a goal to an Excel file you own or have been shared. | You won’t be able to connect Excel files to goals for automated progress tracking. |
Files.Read.All | Optional | Reads files across the organization, including SharePoint and other users’ OneDrive. Only needed if goals are linked to shared Excel files that the user doesn’t individually have access to. | Same as above, but specifically for organization-wide shared files. Most teams only need Files.Read. |
Both permissions are read-only. Teamflect cannot edit, delete, or create files. If you don’t use Excel-based goal tracking, you can safely skip both.
Tip: Start with Files.Read (personal files only). Only upgrade to Files.Read.All if you specifically need organization-wide shared Excel connections.
Power BI Permissions (Optional)
These permissions are only needed if your organization wants to pull live KPIs and metrics from Power BI Scorecards into Teamflect goals.
Permission | Type | What It Enables | If Not Granted |
Dataset.Read.All | Optional | Reads Power BI datasets so Teamflect can pull live metrics (e.g., revenue, NPS) directly into goal progress tracking. | You won’t be able to connect Power BI data to Teamflect goals. Manual progress updates would still work. |
Workspace.Read.All | Optional | Reads the list of Power BI workspaces so Teamflect knows which datasets are available to connect. | Teamflect won’t be able to browse your Power BI workspaces. Always used together with Dataset.Read.All. |
Both are read-only and always used together. If you don’t use Power BI, skip both.
Quick Summary
Here’s the short version:
What Teamflect CAN See | What Teamflect CANNOT Do |
✓ Your name, email, and profile photo ✓ Names and profiles of colleagues ✓ Your availability status ✓ Calendar events (if enabled) ✓ Org chart / reporting lines (if enabled) ✓ Excel file data for goals (if enabled) ✓ Power BI metrics (if enabled) | ✗ Read your emails or chat messages ✗ Edit or delete your files ✗ Create, edit, or cancel calendar events ✗ Access passwords or security settings ✗ Modify your directory or org chart ✗ Share your data with third parties |
Removing Permissions
If your organization decides it no longer needs a specific optional permission, your IT administrator can remove it at any time through Microsoft Entra ID (formerly Azure AD). Only the related feature will stop working — everything else continues normally.
Please take a look at this article to learn more about how to remove specific Graph API permissions in Entra ID.
Data Privacy & Security Commitment
Teamflect takes data privacy seriously and adheres to the following principles:
No Teamflect employee or third party has standing access to customer data
All requested permissions serve only the purpose of powering the core functionality
Data is securely stored, processed, and handled in compliance with industry standards
Compliance with GDPR and Other Regulations
Teamflect is fully GDPR compliant, aligning with global privacy laws and frameworks. We:
Limit data access to only what’s required
Encrypt data during transmission and at rest
Enable users to access, update, or delete their data at any time
Non-compliance with GDPR carries severe penalties - this ensures that Teamflect remains vigilant and transparent in how it handles data.
Teamflect Trust Center
For more details, visit the 👉 Teamflect Trust Center. You can explore our security practices, compliance certifications, and data handling policies in depth.
Use Cases
Seamless 1:1 Meeting Management
With Calendars.Read, Teamflect automatically pulls in your Outlook meetings so managers and employees can prepare agendas, take shared notes, and track action items—all in one place.Connected Goals & OKRs
With Files.Read or Files.Read.All, you can link goals directly to Excel sheets in OneDrive or SharePoint for automated progress tracking, ensuring real-time alignment across teams.Smarter Collaboration & Feedback
With People.Read and Directory.Read.All, Teamflect builds org charts and recommends feedback providers, making it easier to recognize, review, and coach the right people across your organization.