Audition AI Productivity Platform
Secure by Design

Azure Entra Enterprise App Integration

AuditionAI uses Azure Entra Enterprise Apps to give you complete control over permissions and data access. Start with minimal permissions and opt-in to capabilities as needed.

Secure by Design

Zero Permissions by Default

When you first add AuditionAI to your organization, the Entra Enterprise App starts with minimal permissions—just enough to read basic user information (name and email).

No data access. No implicit permissions. Complete control.

Auto-Installation

The Entra Enterprise App is automatically provisioned in your Azure tenant when the first user logs in to AuditionAI.

Depending on your Entra configuration, admin approval may be required for the app to become available.

Capability-Driven Scopes

When you enable a feature in AuditionAI (like Outlook integration), the app automatically requests the necessary scopes to make that feature work.

You choose what capabilities to enable—permissions follow.

Granular Admin Control

Admins can fine-tune which scopes are enabled for each capability. For example, enable Outlook read-only or also allow send/move permissions.

Scope dependencies are respected. You're always in control.

How Admins Configure AuditionAI

Two Configuration Paths

AuditionAI Admin Panel
Streamlined configuration

Enable/disable features and manage scopes directly within AuditionAI's admin interface.

  • Simple, feature-focused controls
  • Clear guidance on each capability
  • Recommended for most admins
Azure Portal
Advanced configuration

Configure roles and permissions directly in Azure Entra for advanced scenarios.

  • Full Entra configuration access
  • Supports Privileged Identity Management (PIM)
  • For advanced security scenarios

How Scopes Work with Capabilities

Each AuditionAI capability may require specific Microsoft Graph API scopes to function. Here's how it works:

  1. 1

    You enable a capability

    Example: "Enable Outlook email integration"

  2. 2

    AuditionAI requests necessary scopes

    Example: Mail.Read, Mail.ReadWrite, Mail.Send (depending on your needs)

  3. 3

    You granularly control which scopes to enable

    Example: Allow read and send, but not delete

  4. 4

    Scope dependencies are respected

    Example: Some scopes may have prerequisites that the UI guides you through

Supported Microsoft 365 Resources

Outlook Email

Read, compose, send, move, and manage emails

Contacts

Access and manage your organization's contacts

Calendar

View and manage calendar events and scheduling

Todos

Create and manage todo lists and tasks

OneDrive

Access and manage files in OneDrive

SharePoint

Access and manage SharePoint sites and content

Excel (Real-time AI)

AI-powered real-time editing in Excel

Word (Real-time AI)

AI-powered real-time editing in Word

PowerPoint (Real-time AI)

AI-powered real-time editing in PowerPoint

Multi-Tenant Architecture

How the Entra App Model Works

AuditionAI uses a multi-tenant application model where each organization gets its own dedicated Entra Enterprise Application instance.

Single App Registration

AuditionAI maintains one application registered in Microsoft Entra

Individual Enterprise Apps per Tenant

Each organization that uses AuditionAI gets its own Enterprise Application instance

Per-Tenant Configuration

Role assignments and permissions are configured independently for each tenant

Isolated and Secure

Data and permissions are never shared between tenants

Interactive Workflow Diagram
Scope Request & Approval Flow
graph TD A["👤 Admin Enables Capability<br/>Example: Outlook Email"] -->|in AuditionAI Admin Panel| B["🔑 Scope Requirements Identified<br/>Mail.Read<br/>Mail.ReadWrite<br/>Mail.Send"] B -->|Admin Reviews Available Scopes| C{"⚙️ Granular<br/>Scope Control"} C -->|Allow Mail.Read| D["✅ Read-only email access"] C -->|Allow Mail.ReadWrite| E["✅ Read & write emails"] C -->|Allow Mail.Send| F["✅ Send emails"] D --> G["📋 Scope Dependencies<br/>Checked & Respected"] E --> G F --> G G -->|Configuration Applied| H["🎯 Final Permission Set<br/>Enabled in Entra App<br/>Ready for Users"] H --> I["🔒 Users Access Only<br/>Enabled Scopes<br/>Other Resources Protected"] style A fill:#e3f2fd,stroke:#1976d2,stroke-width:2px,color:#000 style B fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px,color:#000 style C fill:#fff3e0,stroke:#f57c00,stroke-width:2px,color:#000 style D fill:#e8f5e9,stroke:#388e3c,stroke-width:2px,color:#000 style E fill:#e8f5e9,stroke:#388e3c,stroke-width:2px,color:#000 style F fill:#e8f5e9,stroke:#388e3c,stroke-width:2px,color:#000 style G fill:#fce4ec,stroke:#c2185b,stroke-width:2px,color:#000 style H fill:#e0f2f1,stroke:#00796b,stroke-width:2px,color:#000 style I fill:#f1f8e9,stroke:#558b2f,stroke-width:2px,color:#000

Why This Matters

Maximum Security
Minimal default permissions mean reduced attack surface. You control exactly what AuditionAI can access.
Admin Control
Fine-grained permission management in both AuditionAI and Azure Portal. Supports PIM for elevated access scenarios.
Transparency
Clear visibility into what scopes are requested and why. Capability enablement directly maps to permissions.
Enterprise-Ready
Multi-tenant architecture built for large organizations. Each tenant is completely isolated and independently configured.

Ready to Get Started?

See how AuditionAI can integrate securely with your Microsoft 365 environment.