Permission requested is very open ended and would suggest more information on what and how you are going to work with the data.
Permission requested in the Auth handshake is quite concerning as there are things that I would have thought are not required to do these actions. Also there is nothing about how and when this access to the Office platform would be used.
Thanks for your comment.
Our software allows you to:
- Browse through your Office 365 SharePoint tenant (only the places the user has access to )
- Search SharePoint site collections and sites that you as a user have access to
- Collects an email from exchange online and saves it to a selected location in SharePoint
- Set the relevant column data to the email now saved to the location
- Update exchange and the email to say that it has been saved to SharePoint, and assigns a "Transferred to SharePoint" category
All of these things require us access to Exchange, SharePoint and the Microsoft Graph, and the consent information we have asked for allows us to complete the save process. These don't require admin to approve, and as such are limited to the user access rights.
As for the access to the platform, it is happening as you browse or search SharePoint within or app, and then used after you click the save button to collect the email from Exchange, and store it within SharePoint and save the corresponding column information.