What are the permissions needed for Microsoft Graph?

Permissions for Microsoft Graph

Graph PermissionApplication or Delegated*Use by PoliteMail
GroupMember.Read.AllBothGet the members of a group
Group.Read.AllBothList and read groups and memberships
MailboxSettings.ReadBothRetrieve working hours, time zone, and language preferences
OrgContact.Read.AllBothRead Org Contacts properties including email address and other properties for personalization and sending
People.Read.AllBothRead People lists and local contacts including email address and other properties for personalization and sending
User.ReadDelegatedRead properties of Users including email address and other properties for personalization and sending
User.Read.AllBothRead properties of Users including email address and other properties for personalization
offline_accessDelegatedAPI Scope Permission that allows a delegated account to log in
openidDelegatedAPI Scope Permission that allows a delegated account to log in
profileDelegatedAPI Scope Permission that allows a delegated account to log in

Permissions for EWS with OAuth

Graph PermissionApplication or Delegated*Location in AzureUse by PoliteMail
full_access_as_app**ApplicationOffice 365, Exchange OnlineUse Exchange Web Services with full access to all mailboxes
EWS.AccessAsUser.All**DelegatedOffice 365, Exchange OnlineAccess mailboxes as the signed-in user via Exchange Web Services

* PoliteMail needs both permissions to support real-time requests for the user and scheduled activities performed by the application including sending and list synchronization

** Further controls are available by using Application Scope to restrict by mailbox.  More information can be found by clicking here.