Microsoft 365 Copilot · OAuth Scopes

Microsoft 365 Copilot OAuth Scopes

OAuth 2.0 derived

Microsoft 365 Copilot publishes 7 OAuth 2.0 scopes via the authorizationCode and clientCredentials flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Microsoft 365 Copilot API on a user’s behalf.

Tokens are issued from https://login.microsoftonline.com/common/oauth2/v2.0/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Artificial IntelligenceCopilotEnterpriseLLMMicrosoft 365Natural Language ProcessingProductivity
Scopes: 7 Flows: authorizationCode, clientCredentials Method: derived

OAuth endpoints

Authorization URL
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Flows
authorizationCodeclientCredentials

Scopes (7)

ScopeDescriptionFlows
Calendars.Read Read user calendars authorizationCode
ExternalConnection.ReadWrite.OwnedBy Manage owned Copilot connector connections authorizationCode
ExternalItem.ReadWrite.OwnedBy Manage owned external items authorizationCode
Files.Read.All Read all files authorizationCode
Mail.Read Read user mail authorizationCode
User.Read Sign in and read user profile authorizationCode
https://graph.microsoft.com/.default Use app-registered Graph permissions clientCredentials

Source

OAuth Scopes

microsoft-365-copilot-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/microsoft-365-copilot-openapi.yml
schemes:
- name: oauth2
  source: openapi/microsoft-365-copilot-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
    tokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
  description: Microsoft Entra ID OAuth 2.0
scopes:
- scope: Calendars.Read
  description: Read user calendars
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: ExternalConnection.ReadWrite.OwnedBy
  description: Manage owned Copilot connector connections
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: ExternalItem.ReadWrite.OwnedBy
  description: Manage owned external items
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: Files.Read.All
  description: Read all files
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: Mail.Read
  description: Read user mail
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: User.Read
  description: Sign in and read user profile
  flows:
  - authorizationCode
  sources:
  - openapi/microsoft-365-copilot-openapi.yml
- scope: https://graph.microsoft.com/.default
  description: Use app-registered Graph permissions
  flows:
  - clientCredentials
  sources:
  - openapi/microsoft-365-copilot-openapi.yml