What Permissions Does My Account Need for Office 365 Apps?

Does my authenticating account for O365 need to have full admin permissions?

If you are asking with respect to privacy concerns or want to know how we will use your data

  • We use your data only to provide you with effective cyber security
  • Our apps do not have the permissions of the account you use to authenticate.  They have only the permissions granted granted to us (below, also listed on the authorization screen when you set up a Office 365 app).
  • For details, see our Terms of Service, particularly the Privacy Policy in Section 3 and the "How We Protect Your Data" addendum

If you are asking to verify account permissions

Permissions needed for our apps are:

openid
profile
email
offline_access
User.ReadWrite.All
SecurityEvents.Read.All
AuditLog.Read.All
IdentityRiskEvent.Read.All
IdentityProvider.Read.All
IdentityRiskyUser.Read.All
Directory.Read.All
ThreatIndicators.ReadWrite.OwnedBy
Reports.Read.All
MailboxSettings.Read
Mail.ReadWrite

 

In addition, the account needs to have either a Security Reader or Report Reader role.

NOTE - Being an admin does not necessarily automatically have these roles.