What Permissions Does My Account Need for Office 365 Apps?

Does my authenticating account for O365 need to have full admin permissions?

If you are asking with respect to privacy concerns or want to know how we will use your data

  • We use your data only to provide you with effective cyber security
  • Our apps do not have the permissions of the account you use to authenticate.  They have only the permissions granted granted to us (below, also listed on the authorization screen when you set up a Office 365 app).
  • For details, see our Terms of Service, particularly the Privacy Policy in Section 3 and the "How We Protect Your Data" addendum

In addition to the permissions listed below, the account needs to have either a Security Reader or Report Reader role.

NOTE - A global admin does not automatically have these roles.

How to add the Security Reader role

After adding roles, you must re-authenticate via the RocketCyber Office 365 App for the changes to take effect.

If you are asking to verify account permissions

Permissions our apps require are:

openid
profile
email
offline_access
User.ReadWrite.All
SecurityEvents.Read.All
AuditLog.Read.All
IdentityRiskEvent.Read.All
IdentityProvider.Read.All
IdentityRiskyUser.Read.All
Directory.Read.All
ThreatIndicators.ReadWrite.OwnedBy
Reports.Read.All
MailboxSettings.Read
Mail.ReadWrite

These permissions are automatically assigned to the app during the authentication process. You cannot manually add these permissions to the app. If you are experiencing problems you may want to remove the app from your Office 365 Tenant and attempt to re-authenticate.

How To Remove App from Azure Active Directory