Ask the Community
Groups
What Permissions Does My Account Need for Office 365 Apps? - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="does-my-authenticating-account-for-o365-need-to-have-full-admin-permissions">Does my authenticating account for O365 need to have full admin permissions?</h2> <h3 data-id="if-you-are-asking-with-respect-to-privacy-concerns-or-want-to-know-how-we-will-use-your-data">If you are asking with respect to privacy concerns or want to know how we will use your data</h3> <ul><li>We use your data only to provide you with effective cybersecurity</li> <li>Our apps do not have the permissions of the account you use to authenticate. They have only the permissions granted to us (below, also listed on the authorization screen when you set up an Office 365 app).</li> <li>For details, see our <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.rocketcyber.com%2Ftos" rel="noopener nofollow">Terms of Service</a>, particularly the Privacy Policy in Section 3 and the "How We Protect Your Data" addendum</li> </ul><div data-hs-callout-type="caution"> <p>There are two requirements for the authenticating account.</p> <ol><li>In addition to the permissions listed below, the account needs to have either a <strong>Security Reader</strong> or <strong>Report Reader</strong> role. <strong>NOTE</strong> - A global admin <strong>does not</strong> automatically have these roles. See > <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018051418" rel="noopener nofollow">How To Add Security Reader Role in Azure Portal</a> </li> <li>The admin needs to have an Azure AD P1 or P2 license. See > <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018052038" rel="noopener nofollow">How to Add Azure AD Premium P1 or P2</a> </li> </ol></div> <h4 data-id="n-a"> </h4> <div data-hs-callout-type="note"> <div data-hs-callout-type="note"> <p>After adding roles and the P1 or P2, you must re-authenticate via the RocketCyber Office 365 App for the changes to take effect.</p> <p> </p> </div> </div> <h3 data-id="if-you-are-asking-to-verify-account-permissions">If you are asking to verify account permissions</h3> <p><strong>Permissions our apps require are:</strong></p> <pre data-content="css" class="code codeBlock" spellcheck="false" tabindex="0">openid<br>profile<br>email<br>offline_access<br>User.ReadWrite.All<br>SecurityEvents.Read.All<br>AuditLog.Read.All<br>IdentityRiskEvent.Read.All<br>IdentityProvider.Read.All<br>IdentityRiskyUser.Read.All<br>Directory.Read.All<br>ThreatIndicators.ReadWrite.OwnedBy<br>Reports.Read.All<br>MailboxSettings.Read<br>Mail.ReadWrite</pre> <div data-hs-callout-type="note"> <p>These permissions are automatically assigned to the app during the authentication process. You cannot manually add these permissions to the app. If you are experiencing problems you may want to remove the app from your Office 365 Tenant and attempt to re-authenticate.</p> <h4 data-id="how-to-remove-app-from-azure-active-directory"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017776078" rel="noopener nofollow">How To Remove App from Azure Active Directory</a></h4> </div> </article> </main>