Feedback
Last date modified: 2026-May-05
Graph API for communications
Relativity Legal Hold uses Microsoft Graph API to send email communications from your Microsoft tenant. Microsoft Graph API supports two permission models:
- Application permissions
- Delegated permissions
Permission types
Each permission type uses a different authentication model and has different tenant, licensing, and setup considerations. Understanding these differences helps you select the option that aligns with your organization’s environment and compliance requirements.
Application permissions
Application permissions allow Relativity to send Legal Hold email communications as an application, without requiring a Microsoft user to sign in.
Authentication occurs at the application level, and Microsoft sends emails from a configured mailbox. A configured mailbox is the Microsoft 365 email address you entered in the Email From field. This mailbox sends the emails and receives replies.
Relativity supports Application permissions for Commercial environments only.
For more information, see Microsoft Graph API - Application permissions.
Delegated permissions
Delegated permissions allow Relativity to send Legal Hold email communications on behalf of a signed‑in Microsoft user.
This permission type uses user‑based authentication and requires a licensed Microsoft user to sign in during setup.
Relativity supports Application permissions for both Commercial and Government environments, including GCC High.
For more information, see Microsoft Graph API - Delegated permissions
Comparisons
The tables below summarizes the key differences between delegated and application permissions.
Authentication and behavior
View the authentication and behaviors for each permission type.
| Feature | Application permissions | Delegated permissions |
|---|---|---|
| Authentication model | Application‑based | User‑based (signed‑in user) |
| User sign‑in required | No | Yes |
| Credential prompt during setup | No | Yes |
| Emails sent from | Configured mailbox | Signed‑in user’s mailbox |
| Dependency on individual user account | No | Yes |
| Supported tenant types | Commercial only | Commercial and Government |
Licensing and mailbox requirements
View the licensing and mailbox requirements for each permission type.
| Requirement | Application permissions | Delegated permissions |
|---|---|---|
| Microsoft user required | No | Yes |
| License required | No | Yes |
| Minimum license | No license required | E3 (Commercial) or GCC High (Government) |
| Mailbox required | Valid user or shared mailbox | Licensed user mailbox |
Choose the correct permission type
Use the guidance below to choose the permission type applies to your environment:
- Use Delegated permissions if:
- You are a Government tenant, including GCC High.
- Your organization requires user‑based authentication.
- Must send email communications from a signed‑in user’s mailbox.
- Use Application permissions if:
- You are a Commercial tenant.
- You want a non‑interactive, application‑based configuration.
- You want to avoid dependency on individual user accounts for Legal Hold communications.
For configuration steps and detailed requirements, see:
