🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Permissions Used by Taegis™ XDR for Microsoft 365 and Azure Integrations

integrations cloud microsoft office 365 azure


The following tables list permissions requested by Secureworks to integrate your Microsoft Azure and 365 data sources. Each table lists the permissions used by each integration as well as a comment on why Secureworks is requesting this permission.

Microsoft 365 Management API

API/Permissions Name Type Description Admin Consent Required? Secureworks Comments
Microsoft Graph API
User.Read Delegated Sign in and read user profile No Allows the application to read the profile of signed-in users; required for API usage
Office 365 Management API
ActivityFeed.Read Application Read activity data for your organization Yes Main permission that allows access to read most content types supported by the API, excluding DLP events
ActivityFeed.ReadDlp Application Read DLP policy events including detected sensitive data Yes Enables Secureworks to read the DLP content type
ServiceHealth.Read Application Read service health information for your organization Yes Allows the Secureworks application insight into service health of the tenant that data is being collected from

Graph Security API

API/Permissions Name Type Description Admin Consent Required? Secureworks Comments
Microsoft Graph API
SecurityActions.Read.All Application Read your organization's security actions Yes Intended for future use
SecurityEvents.Read.All Application Read your organization's security events Yes Allows Secureworks access to read security events from the Graph Security API
User.Read Delegated Sign in and read user profile No Allows the application to read the profile of signed-in users; required for API usage

Azure Active Directory

API/Permissions Name Type Description Admin Consent Required? Secureworks Comments
Microsoft Graph API
AuditLog.Read.All Application Read all audit log data Yes Required by the Graph API to request audit logs
Directory.Read.All Application Read directory data Yes Required by the Graph API to read directory data on behalf of the application
User.Read Delegated Sign in and read user profile No Allows the application to read the profile of signed-in users; required for API usage

Azure Activity Logs

API/Permissions Name Type Description Admin Consent Required? Secureworks Comments
Azure Service Management
user_impersonation Delegated Access Azure Service Management as organization users No Required by the API to request activity logs
Microsoft Graph API
User.Read Delegated Sign in and read user profile No Allows the application to read the profile of signed-in users; required for API usage

 

On this page: