Required Privilegees
Read Only Integration
For the integration to operate properly, the following read-only privileges are required
Permission | Description |
---|---|
TeamMember.Read.All | List team members |
IdentityRiskEvent.Read.All | List identity risk events |
AuditLog.Read.All | Read Audit Log |
Policy.Read.All | Read Policies |
Member.Read.Hidden | List Members |
Reports.Read.All | List Reports |
Application.Read.All | List Applications |
DirectoryRecommendations.Read.All | List Directory Recommendadtions |
Organization.Read.All | Read Organization Info |
IdentityRiskyUser.Read.All | Read Identity Risks |
UserAuthenticationMethod.Read.All | List User Auth Methods |
TeamSettings.Read.All | List Team Settings |
IdentityProvider.Read.All | List Identity Providers |
GroupMember.Read.All | List Group Members |
Domain.Read.All | List Domain |
RoleManagement.Read.All | List Role Management |
ReportSettings.Read.All | List Report Settings |
User.Read.All | List Users |
Directory.Read.All | List Directory |
MailboxSettings.Read | List Mailbox Settings |
AdministrativeUnit.Read.All | List Admin Units |
Group.Read.All | List Groups |
SecurityAlert.Read.All | List Security Alerts |
Channel.ReadBasic.All | List Channels |
IdentityRiskyServicePrincipal.Read.All | List Identity Risks |
Policy.Read.PermissionGrant | List Policies |
Read-Write Integration
The Required Privileges are in addition to the read-only permissions to enable response & remediation actions
Permission | Description |
---|---|
User.ReadWrite.All | Allows the app to read and update user profiles without a signed-in user. |
User.ManageIdentities.All | Allows the app to read, update, and delete identities that are associated with a user's account, without a signed-in user. This controls the identities users can sign in with. |
Last updated