# Microsoft 365 ## How add the Mago enterprise application in your Microsoft 365 tenant and grant admin consent When using Mago with Microsoft 365 room resources and users, the Mago app for display and Mago mobile app access Microsoft 365 services through the Microsoft Graph and Azure Communication Services APIs. To enable these features, a tenant administrator must grant consent to the Mago enterprise application. {% hint style="success" %} Mago is a verified enterprise application in the **Microsoft Entra app gallery** (application ID `17781659-6867-4c77-9ba3-40670305181c)` and it is listed under the official **Azure Marketplace** (see ). {% endhint %} {% stepper %} {% step %} ### Add the Mago application to your tenant Open [admin.mago.io](https://admin.mago.io/) and sign in with a Microsoft 365 account that has **Global Administrator**, **Application Administrator**, or **Cloud Application Administrator privileges**. When prompted, review the requested permissions and select "Accept" on behalf of your organization. The Mago application is now registered in your tenant.

Mago Admin Center (https://admin.mago.io)

Mago app Permission Request

{% endstep %} {% step %} ### Grant admin consent to the required scopes To review and grant admin consent to the required scopes in the Mago application permissions: * Open the [**Azure portal**](https://portal.azure.com/) and sign in with a Microsoft 365 Administrator account. * Go to Microsoft Entra ID > Enterprise Applications (or search directly for "**Enterprise Applications**").
* Under the Application list, search for "**Mago**" (Application ID `17781659-6867-4c77-9ba3-40670305181c`).
* Enter the Mago application, go to **Security** > **Permissions** and verify that admin consent has been granted to the required scopes. To grant admin consent to all the required scopes, click the "Grant admin consent for *YourCompanyName*" button.
{% endstep %} {% endstepper %} ## Advanced consent options Below are the official Microsoft guides to grant consent to the Mago app in different ways. ### Tenant-wide consent {% embed url="" %} ### Single user consent {% embed url="" %} ### Microsoft Intune In case the device is managed through **Microsoft Intune**, check the app access policies in the Intune settings and allow access to the "Mago" app. Refer to the following guide: {% embed url="" %} ## Required features and scopes | Mago – Feature | Required Scope Permissions | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | Log in with room account and view room name and email address |

openid

profile

| | Select the room calendar to list upcoming meetings on the display |

Calendars.Read

Calendars.Read.Shared

| | Support meeting access from more than 15 video conferencing systems by analyzing join URLs included in invitation messages in the room account inbox | `Mail.Read` | | Create a new instant meeting as a Host and book the room calendar |

Calendars.ReadWrite

Calendars.ReadWrite.Shared

OnlineMeetings.ReadWrite

| | Search for Azure directory contacts to add recipients to meeting invitations | `User.Read` | | Use the meeting room inbox to send: meeting invitations, Mago Workspace objects (e.g. imported images or files, PDF meeting summaries), room status notifications | `Mail.Send` | | Maintain access without an administrator reauthorizing room access every 60 minutes | `offline_access` | | Browse, import, open and view cloud storage files (OneDrive) during a Mago Workspace or Mago Stage session (file presentation) | `Files.ReadWrite.All` | | Browse, import, and view cloud storage files (SharePoint Sites) during a Mago Stage session (file presentation) | `Sites.Read.All` | | Manage calls in Teams meetings | `Teams.ManageCalls` | | Manage chats in Teams meetings |

Teams.ManageChats
Chat.ReadWrite
ChatMessage.Send

| | Mago mobile app - Feature | Required Scope Permissions | | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | | Sign in to Mago Workspace using a personal Microsoft 365 account, view your account name and email address |

openid

profile

| | Choose a personal calendar to list your personal meetings in the app and start them in the meeting room |

Calendars.Read

Calendars.Read.Shared

| | Support meeting access from more than 15 video conferencing systems by analyzing join URLs included in invitation messages in the room account inbox | `Mail.Read` | | Create a new instant meeting as a Host and book the room calendar |

Calendars.ReadWrite
Calendars.ReadWrite.Shared
OnlineMeetings.ReadWrite

| | Search for Azure directory contacts to add recipients to meeting invitations | `User.Read` | | Use the meeting room inbox to send: meeting invitations, Mago Workspace objects (e.g. imported images or files, PDF summaries of meetings) | `Mail.Send` | | Maintain access without having to reauthorize the app every 60 minutes or if it goes into the background | `offline_access` | | Browse, import, open and view cloud storage files (OneDrive) during a Mago Workspace or Mago Stage session (file presentation) | `Files.ReadWrite.All` | | Browse, import, and view cloud storage files (SharePoint Sites) during a Mago Stage session (file presentation) | `Sites.Read.All` |