Permissions Used by XDR for Microsoft 365 and Azure Integrations
integrations
cloud
microsoft
office 365
azure
The following tables list permissions requested by Secureworks to integrate your Microsoft Azure and 365 data sources. Each table lists the permissions used by each integration as well as a comment on why Secureworks is requesting this permission.
Microsoft 365 Management API
API/Permissions Name |
Type |
Description |
Admin Consent Required? |
Secureworks Comments |
Microsoft Graph API |
|
|
|
|
User.Read |
Delegated |
Sign in and read user profile |
No |
Allows the application to read the profile of signed-in users; required for API usage |
Office 365 Management API |
|
|
|
|
ActivityFeed.Read |
Application |
Read activity data for your organization |
Yes |
Main permission that allows access to read most content types supported by the API, excluding DLP events |
ActivityFeed.ReadDlp |
Application |
Read DLP policy events including detected sensitive data |
Yes |
Enables Secureworks to read the DLP content type |
ServiceHealth.Read |
Application |
Read service health information for your organization |
Yes |
Allows the Secureworks application insight into service health of the tenant that data is being collected from |
Graph Security API
API/Permissions Name |
Type |
Description |
Admin Consent Required? |
Secureworks Comments |
Microsoft Graph API |
|
|
|
|
SecurityActions.Read.All |
Application |
Read your organization's security actions |
Yes |
Intended for future use |
SecurityEvents.Read.All |
Application |
Read your organization's security events |
Yes |
Allows Secureworks access to read security events from the Graph Security API |
User.Read |
Delegated |
Sign in and read user profile |
No |
Allows the application to read the profile of signed-in users; required for API usage |
Azure Active Directory
API/Permissions Name |
Type |
Description |
Admin Consent Required? |
Secureworks Comments |
Microsoft Graph API |
|
|
|
|
AuditLog.Read.All |
Application |
Read all audit log data |
Yes |
Required by the Graph API to request audit logs |
Directory.Read.All |
Application |
Read directory data |
Yes |
Required by the Graph API to read directory data on behalf of the application |
User.Read |
Delegated |
Sign in and read user profile |
No |
Allows the application to read the profile of signed-in users; required for API usage |
Azure Activity Logs
API/Permissions Name |
Type |
Description |
Admin Consent Required? |
Secureworks Comments |
Azure Service Management |
|
|
|
|
user_impersonation |
Delegated |
Access Azure Service Management as organization users |
No |
Required by the API to request activity logs |
Microsoft Graph API |
|
|
|
|
User.Read |
Delegated |
Sign in and read user profile |
No |
Allows the application to read the profile of signed-in users; required for API usage |