# Microsoft 365 ## Enterprise App Mago verified for Microsoft Entra ID - Azure Marketplace When using Mago with Microsoft 365 room resources and users, the various features of the room app and mobile app leverage Microsoft 365 services through the Microsoft Graph APIs. To enable these features, you must add the verified Enterprise app "Mago" to the list of allowed apps in your Microsoft 365 tenant and grant access to the required scopes. To add your app and confirm consent, you need to: * Sign in to the Azure portal () or the Entra ID portal () with a user with Administrator privileges * Search for the app "Mago" (Application ID `17781659-6867-4c77-9ba3-40670305181c`) in Enterprise Applications and add it to your tenant * Repeat the operation in App Registrations (if the app does not appear automatically) * In App Registrations > API Permissions, grant tenant-level access {% hint style="warning" %} If the "Mago" app does not show up in the search results on Entra ID, use the following workaround: * Open admin.mago.io and sign in with a Microsoft 365 admin account from your tenant * When prompted, the Mago app will request scope permissions * Approve the request and the app will then appear in Microsoft Entra under Enterprise Applications * From there, you can grant access at tenant level or for specific users {% endhint %} ## Configuring consent Below are the official Microsoft guides to grant consent to the Mago app. **Tenant-wide** consent {% embed url="" %} **Single user** consent {% embed url="" %} In case the device is managed through **Microsoft Intune**, check the app access policies in the Intune settings and allow access to the "Mago" app. Refer to the following guide: {% embed url="" %} ## Required features and scopes | Mago – Feature | Required Scope Permissions | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | Log in with room account and view room name and email address |

openid

profile

| | Select the room calendar to list upcoming meetings on the display |

Calendars.Read

Calendars.Read.Shared

| | Support meeting access from more than 15 video conferencing systems by analyzing join URLs included in invitation messages in the room account inbox | `Mail.Read` | | Create a new instant meeting as a Host and book the room calendar |

Calendars.ReadWrite

Calendars.ReadWrite.Shared

OnlineMeetings.ReadWrite

| | Search for Azure directory contacts to add recipients to meeting invitations | `User.Read` | | Use the meeting room inbox to send: meeting invitations, Mago Workspace objects (e.g. imported images or files, PDF meeting summaries), room status notifications | `Mail.Send` | | Maintain access without an administrator reauthorizing room access every 60 minutes | `offline_access` | | Browse, import, open and view cloud storage files (OneDrive) during a Mago Workspace or Mago Stage session (file presentation) | `Files.ReadWrite.All` | | Browse, import, and view cloud storage files (SharePoint Sites) during a Mago Stage session (file presentation) | `Sites.Read.All` | | Mago mobile app - Feature | Required Scope Permissions | | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | | Sign in to Mago Workspace using a personal Microsoft 365 account, view your account name and email address |

openid

profile

| | Choose a personal calendar to list your personal meetings in the app and start them in the meeting room |

Calendars.Read

Calendars.Read.Shared

| | Support meeting access from more than 15 video conferencing systems by analyzing join URLs included in invitation messages in the room account inbox | `Mail.Read` | | Create a new instant meeting as a Host and book the room calendar |

Calendars.ReadWrite
Calendars.ReadWrite.Shared
OnlineMeetings.ReadWrite

| | Search for Azure directory contacts to add recipients to meeting invitations | `User.Read` | | Use the meeting room inbox to send: meeting invitations, Mago Workspace objects (e.g. imported images or files, PDF summaries of meetings) | `Mail.Send` | | Maintain access without having to reauthorize the app every 60 minutes or if it goes into the background | `offline_access` | | Browse, import, open and view cloud storage files (OneDrive) during a Mago Workspace or Mago Stage session (file presentation) | `Files.ReadWrite.All` | | Browse, import, and view cloud storage files (SharePoint Sites) during a Mago Stage session (file presentation) | `Sites.Read.All` |