DOI’s BisonConnect team handles requests for granting permissions to applications in AzureAD. Detailed information on this is available at the following webpages:
- Azure Service Principal Requests (sharepoint.com)
- Review permissions granted to applications – Microsoft Entra | Microsoft Learn
The applications listed in the below table have been approved for use. Access is controlled via AzureAD (AAD) Security Groups. In some cases, there is an on-premise Active Directory security group that is used for rollup permissions in AAD. Users must be added directly – local site AD roll-up groups will not roll all the way up into AzureAD.
| Application | Description | Access Delegation | Name of Group (if applicable) |
|---|---|---|---|
| PNP Powershell | Allows programmatic access to O365 data such as moving SharePoint data. | DOI grants access. Request via a ticket to the Service Desk. | |
| Microsoft Graph | Allows access to Microsoft Graph to view information and attributes of users, groups, and more. | The USGS AD Team grants access. Request via a ticket to the Service Desk. | GS-Graph Explorer |
| Azure R | Allows access to Microsoft O365 Azure R toolsets. | Local IT (COUAs) can grant access using the “Member Of” property of a user’s AD account. | IGSUBWTST-M365Auth-AzureR |