How do I add the Group.Read.All permission?

[jmuehlenbein]

I don't see this as an option anywhere....

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 0a9d928d-fab5-99af-105f-86cb0520dcfa
• Version Independent ID: ded494e8-1cc3-04bb-fec9-1c44e7231d06
• Content: The SharePoint modernization scanner
• Content Source: docs/transform/modernize-scanner.md
• Product: sharepoint
• GitHub Login: @spdevdocs
• Microsoft Alias: spdevdocs

[msft-github-bot]

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

[JarbasHorst]

Hello @jmuehlenbein

the documentation provides this link about Granting access via Azure AD App-Only (recommended) which shows how to define applications in Azure AD and how to grant permissions to SharePoint. However, this application can be granted permissions to Graph as well.

In your PnP Modernization Scanner Azure AD app, click on "API permissions" in the left menu bar, and click on the "Add a permission" button. A new blade will appear. Here you choose the permissions that you will grant to this application. Choose i.e.:

• Microsoft Graph
  • Application permissions
  • Group
    • Group.Read.All

Now, click on the blue "Add permissions" button at the bottom to add the permissions to your application, then on "Grant admin consent for Contoso".

I hope it helps to clarify your question.

Regards, Jarbas

[Jerry0527]

Group.Read.All is set in Azure AD App, you can firstly register Azure AD App:

Then set Application Permissions:

Reference:

Manage app registration and API permission for Microsoft Graph notifications

[msft-github-bot]

Closing this issue as "answered". If you encounter a similar issue(s), please open up a new issue. See our wiki for more details: Issue-List: Our approach to closed issues