Required Privilegees

Read Only Integration

For the integration to operate properly, the following read-only privileges are required

Permission	Description
TeamMember.Read.All	List team members
IdentityRiskEvent.Read.All	List identity risk events
AuditLog.Read.All	Read Audit Log
Policy.Read.All	Read Policies
Member.Read.Hidden	List Members
Reports.Read.All	List Reports
Application.Read.All	List Applications
DirectoryRecommendations.Read.All	List Directory Recommendadtions
Organization.Read.All	Read Organization Info
IdentityRiskyUser.Read.All	Read Identity Risks
UserAuthenticationMethod.Read.All	List User Auth Methods
TeamSettings.Read.All	List Team Settings
IdentityProvider.Read.All	List Identity Providers
GroupMember.Read.All	List Group Members
Domain.Read.All	List Domain
RoleManagement.Read.All	List Role Management
ReportSettings.Read.All	List Report Settings
User.Read.All	List Users
Directory.Read.All	List Directory
MailboxSettings.Read	List Mailbox Settings
AdministrativeUnit.Read.All	List Admin Units
Group.Read.All	List Groups
SecurityAlert.Read.All	List Security Alerts
Channel.ReadBasic.All	List Channels
IdentityRiskyServicePrincipal.Read.All	List Identity Risks
Policy.Read.PermissionGrant	List Policies

Permission

Description

TeamMember.Read.All

List team members

IdentityRiskEvent.Read.All

List identity risk events

AuditLog.Read.All

Read Audit Log

Policy.Read.All

Read Policies

Member.Read.Hidden

List Members

Reports.Read.All

List Reports

Application.Read.All

List Applications

DirectoryRecommendations.Read.All

List Directory Recommendadtions

Organization.Read.All

Read Organization Info

IdentityRiskyUser.Read.All

Read Identity Risks

UserAuthenticationMethod.Read.All

List User Auth Methods

TeamSettings.Read.All

List Team Settings

IdentityProvider.Read.All

List Identity Providers

GroupMember.Read.All

List Group Members

Domain.Read.All

List Domain

RoleManagement.Read.All

List Role Management

ReportSettings.Read.All

List Report Settings

User.Read.All

List Users

Directory.Read.All

List Directory

MailboxSettings.Read

List Mailbox Settings

AdministrativeUnit.Read.All

List Admin Units

Group.Read.All

List Groups

SecurityAlert.Read.All

List Security Alerts

Channel.ReadBasic.All

List Channels

IdentityRiskyServicePrincipal.Read.All

List Identity Risks

Policy.Read.PermissionGrant

List Policies

Read-Write Integration

The Required Privileges are in addition to the read-only permissions to enable response & remediation actions

Permission	Description
User.ReadWrite.All	Allows the app to read and update user profiles without a signed-in user.
User.ManageIdentities.All	Allows the app to read, update, and delete identities that are associated with a user's account, without a signed-in user. This controls the identities users can sign in with.

Permission

Description

User.ReadWrite.All

Allows the app to read and update user profiles without a signed-in user.

User.ManageIdentities.All

Allows the app to read, update, and delete identities that are associated with a user's account, without a signed-in user. This controls the identities users can sign in with.

PreviousAzure Integration NextGoogle Workspace

Last updated 4 months ago