Required API Permissions/Roles on a Microsoft Azure application
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2023 09:11 AM
In the DLP documentation
Under the heading 'Required API Permissions/Roles on a Microsoft Azure application' it states the following API Permissions/Roles are required on a MS Azure application and wondered if anyone knows the rationale behind all the Admin consent required, as there is concern over what that will allow what data to be accessed e.g. emails from the CEO, sensitive subject matter etc
You need the following API Permissions/Roles on a Microsoft Azure application to configure it on ServiceNow Microsoft DLP integration.
API Permission name Type Description Is Admin consent required?
| Microsoft Graph API | Files.Read.All | Application | Read files in all site collections. | ✓ |
| Files.ReadWrite.All | Application | Read and write files in all site collections. | ✓ | |
| Mail.Read | Application | Read mail in all mailboxes. | ✓ | |
| Mail.ReadBasic.All | Application | Read basic mail in all mailboxes. | ✓ | |
| Mail.ReadWrite | Application | Read and write mail in all mailboxes. | ✓ | |
| Sites.Read.All | Application | Read items in all site collections. | ✓ | |
| Sites.ReadWrite.All | Application | Read and write items in all site collections | ✓ | |
| User.Read | Delegated | Sign in and read user profile. | x | |
| Office 365 Management API | ActivityFeed.ReadDlp | Application | Read DLP policy events including detected sensitive data. | ✓ |
Labels:
0 REPLIES 0
