LMS365 can access data in the name of the User. Known as 'Delegated Permissions'. For that, we are using access scopes provided by the data providers. See below a list of all scopes LMS365 may use.
This data access is always scoped to the signed-in user. It by any means does not enable an ELEARNINGFORCE employee to get access to your data. On the contrary, as we are using the same authentication infrastructure used by Office 365, your data is protected by the Office 365 security framework including multi-factor authentication. The actual sign-in screen is provided and hosted by Microsoft. You can see that as the LMS365 sign-in process displays the identical sign-in screens and flow as if you were to sign in to Office 365.
In other words, users can only access data within LMS365 that they can access based on their existing access rights in Office 365. This also means that a user can not access data of another user via LMS365. It also means that the scopes below will not allow users to see more data than what they are allowed to see in Office 365. So, for instance, the SharePoint 'Sites.Read.All' scope will only allow the user to see the SharePoint data that he or she has access to in SharePoint. It will NOT allow the user to see all data in all Sites in SharePoint as the data remains governed by SharePoint. So regardless what user interface the user is using, the screens provided by SharePoint or the screens provided by the LMS365 App, the user will only get access to the data they have access to within SharePoint and as that access is governed by the Office 365 sign-in infrastructure, that data cannot be accessed by other users than the ones that have access to your Office 365 tenant.
Read all users' basic profiles
To be able to show the users what account was used to sign in, LMS365 needs this permission to show basic profile information.
Read all users' full profiles
To be able to understand who their Manager is, what their Job Title, Department, Office, City & Country is, LMS365 needs some permissions.
Read directory data
LMS365 allows Learners to be added by Azure Active Directory & Office 365 Groups, to be able to to read these Groups Members as well as the current user Azure Role and understand if it is an Office 365 Global Administrator, LMS365 needs some permissions.
Read user files
To allow learners to read the documents that are used inside a Training Course or Plan, for example, documents used in the Learning Modules will only be available to users from that domain, so when a Learner visits the Learning Module he or she will have the permissions to read these documents.
Have full control of all site collections
To allow Office 365 Global Administrators to create LMS365 Course Catalogs and the underlying SharePoint Site Collection.
Read and write items and lists in all site collections
To allow LMS & Course Administrators to upload documents and media used in the Learning Module Builder, Quiz Builder & Assignments to SharePoint.
Sign in and read user profile
To allow the user to sign-in to LMS365 using customer’s Azure AD