1. Help Center
  2. Account & Settings

How does ahead use and access my company data?

To be useful for intranet users, ahead requires Delegated permissions as well as some Application permissions.

  • ahead uses Delegated permissions to work with your data on behalf of the signed-in user. Either the user or an administrator consents to the permissions that the app requests.
  • Application permissions are necessary to perform tasks where no signed-in user is present.

ahead accesses the following resources which belong to your company:

  • Microsoft Graph
  • Office 365 SharePoint Online
  • Windows Azure Active Directory

For each of these resources the necessary consent is set to ahead’s requirements in that area.

Microsoft Graph

Delegated permissions

  • Read all users’ full profiles
    Required to show the names of ahead users on e.g. comments, reactions as well as their images
  • Read all groups
    Required for the vertical search groups
  • Read directory data
    Required to identify which permissions a user has in ahead
  • Read items in all site collections
    Used for data shown in “My Work” (e.g. your documents)

Application permissions

  • Read directory data
    Required to send emails to ahead users when a News editor wants to notify about the News post

Office 365 SharePoint Online

Delegated permissions

  • Read items in all site collections
    Used to list the user’s followed sites
  • Run search queries as a user
    Performing full-text search over your SharePoint data

Windows Azure Active Directory

Delegated permissions

  • Sign in and read user profile
    This allows your users to log in

If you are interested in the technical background you can read about “Permissions and consent in the Azure Active Directory v2.0 endpoint