This is UMA's preferred method of interacting with Microsoft Graph API as the level of access provides a more feature rich solution for end users.
The full permissions are documented as follows:
Calendars.ReadWrite
Read and write calendars in all mailboxes
We need this permission to write to your users and resource calendars.
This is required when booking or editing a booking through UMA.
Group.Read.All
Read all groups
We need this permission to read your Microsoft 365 groups for user sync.
GroupMember.Read.All
Read all group memberships
We need this permission to read the members of your Microsoft 365 groups for user sync.
Place.Read.All
Read all company places
Allows UMA to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
User.Read.All
Read all users full profiles
Allows UMA to read the full set of profile properties including photos, reports, and managers of other users in your organisation, on behalf of the signed-in user.
Lite permissions
Lite permissions should only be used for where profile photo and group user sync is not required.
The lite permissions are documented as follows:
Calendars.ReadWrite
Read and write calendars in all mailboxes
We need this permission to write to your users and resource calendars.
This is required when booking or editing a booking through UMA.
Places.Read.All
Read all company places
Allows UMA to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user.
