Required Privilegees

Read Only Integration

For the integration to operate properly, the following read-only privileges are required

Permission

Description

TeamMember.Read.All

List team members

IdentityRiskEvent.Read.All

List identity risk events

AuditLog.Read.All

Read Audit Log

Policy.Read.All

Read Policies

Member.Read.Hidden

List Members

Reports.Read.All

List Reports

Application.Read.All

List Applications

DirectoryRecommendations.Read.All

List Directory Recommendadtions

Organization.Read.All

Read Organization Info

IdentityRiskyUser.Read.All

Read Identity Risks

UserAuthenticationMethod.Read.All

List User Auth Methods

TeamSettings.Read.All

List Team Settings

IdentityProvider.Read.All

List Identity Providers

GroupMember.Read.All

List Group Members

Domain.Read.All

List Domain

RoleManagement.Read.All

List Role Management

ReportSettings.Read.All

List Report Settings

User.Read.All

List Users

Directory.Read.All

List Directory

MailboxSettings.Read

List Mailbox Settings

AdministrativeUnit.Read.All

List Admin Units

Group.Read.All

List Groups

SecurityAlert.Read.All

List Security Alerts

Channel.ReadBasic.All

List Channels

IdentityRiskyServicePrincipal.Read.All

List Identity Risks

Policy.Read.PermissionGrant

List Policies

Read-Write Integration

The Required Privileges are in addition to the read-only permissions to enable response & remediation actions

Permission

Description

User.ReadWrite.All

Allows the app to read and update user profiles without a signed-in user.

User.ManageIdentities.All

Allows the app to read, update, and delete identities that are associated with a user's account, without a signed-in user. This controls the identities users can sign in with.

PreviousAzure Integration NextUpdate Certificate for Existing Installation

Last updated 1 year ago