1
2
3

Step 1 of 2 — Approve IT actions

Pashdi needs your Microsoft admin to approve the following permissions. This happens once — your admin clicks approve and your entire team can start using the bot immediately.

User.Read.All
Read all user profiles
User.ReadWrite.All
Unlock accounts, reset passwords
Directory.Read.All
Read directory structure
GroupMember.Read.All
Read group memberships
UserAuthenticationMethod.ReadWrite.All
Manage MFA methods
AuditLog.Read.All
Read sign-in logs
Files.Read.All
Read OneDrive quotas
MailboxSettings.Read
Read mailbox settings
Step 1: Approve IT permissions — admin only

Only a Microsoft Global Administrator or Privileged Role Administrator can approve these permissions.
Questions? hello@pashdi.com

Already set up? Sign in to dashboard →

Mailbox storage details OPTIONAL

The actions above work as soon as Step 1 + Step 2 are complete. Mailbox storage figures (used MB, quota MB, % full, item count) need two extra one-time admin steps because Microsoft Graph only exposes them via the tenant-wide Reports API.

  1. Grant Reports.Read.All to the Pashdi IT support app.
    Azure Portal → App registrations → Pashdi IT Support Bot → API permissions → Add a permission → Microsoft Graph → Application permissions → search Reports.Read.All → Add → click Grant admin consent.
  2. Disable username concealment in usage reports.
    Microsoft 365 admin center → Settings → Org settings → Reports → uncheck "Display concealed user, group, and site names in all reports" → Save. This is tenant-wide and affects every Microsoft 365 usage report, not only Pashdi — most organizations run with concealment off because reports are admin-only anyway, but it's your call.

Both changes take effect on the next Reports API daily refresh (up to 24 hours). Until then, asking the bot for mailbox storage returns a friendly explanation pointing back to these steps.