Required Privilegees
Read Only Integration
For the integration to operate properly, the following read-only privileges are required
TeamMember.Read.All
List team members
IdentityRiskEvent.Read.All
List identity risk events
AuditLog.Read.All
Read Audit Log
Policy.Read.All
Read Policies
Member.Read.Hidden
List Members
Reports.Read.All
List Reports
Application.Read.All
List Applications
DirectoryRecommendations.Read.All
List Directory Recommendadtions
Organization.Read.All
Read Organization Info
IdentityRiskyUser.Read.All
Read Identity Risks
UserAuthenticationMethod.Read.All
List User Auth Methods
TeamSettings.Read.All
List Team Settings
IdentityProvider.Read.All
List Identity Providers
GroupMember.Read.All
List Group Members
Domain.Read.All
List Domain
RoleManagement.Read.All
List Role Management
ReportSettings.Read.All
List Report Settings
User.Read.All
List Users
Directory.Read.All
List Directory
MailboxSettings.Read
List Mailbox Settings
AdministrativeUnit.Read.All
List Admin Units
Group.Read.All
List Groups
SecurityAlert.Read.All
List Security Alerts
Channel.ReadBasic.All
List Channels
IdentityRiskyServicePrincipal.Read.All
List Identity Risks
Policy.Read.PermissionGrant
List Policies
Read-Write Integration
The Required Privileges are in addition to the read-only permissions to enable response & remediation actions
User.ReadWrite.All
Allows the app to read and update user profiles without a signed-in user.
User.ManageIdentities.All
Allows the app to read, update, and delete identities that are associated with a user's account, without a signed-in user. This controls the identities users can sign in with.
Last updated