☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Permissions Used by XDR for Microsoft 365 and Azure Integrations

integrations cloud microsoft office 365 azure

The following tables list permissions requested by Secureworks to integrate your Microsoft Azure and 365 data sources. Each table lists the permissions used by each integration as well as a comment on why Secureworks is requesting this permission.

Microsoft 365 Management API ⫘

API/Permissions Name	Type	Description	Admin Consent Required?	Secureworks Comments
Microsoft Graph API
User.Read	Delegated	Sign in and read user profile	No	Allows the application to read the profile of signed-in users; required for API usage
Office 365 Management API
ActivityFeed.Read	Application	Read activity data for your organization	Yes	Main permission that allows access to read most content types supported by the API, excluding DLP events
ActivityFeed.ReadDlp	Application	Read DLP policy events including detected sensitive data	Yes	Enables Secureworks to read the DLP content type
ServiceHealth.Read	Application	Read service health information for your organization	Yes	Allows the Secureworks application insight into service health of the tenant that data is being collected from

Graph Security API ⫘

API/Permissions Name	Type	Description	Admin Consent Required?	Secureworks Comments
Microsoft Graph API
SecurityActions.Read.All	Application	Read your organization's security actions	Yes	Intended for future use
SecurityEvents.Read.All	Application	Read your organization's security events	Yes	Allows Secureworks access to read security events from the Graph Security API
User.Read	Delegated	Sign in and read user profile	No	Allows the application to read the profile of signed-in users; required for API usage

Azure Active Directory ⫘

API/Permissions Name	Type	Description	Admin Consent Required?	Secureworks Comments
Microsoft Graph API
AuditLog.Read.All	Application	Read all audit log data	Yes	Required by the Graph API to request audit logs
Directory.Read.All	Application	Read directory data	Yes	Required by the Graph API to read directory data on behalf of the application
User.Read	Delegated	Sign in and read user profile	No	Allows the application to read the profile of signed-in users; required for API usage

Azure Activity Logs ⫘

API/Permissions Name	Type	Description	Admin Consent Required?	Secureworks Comments
Azure Service Management
user_impersonation	Delegated	Access Azure Service Management as organization users	No	Required by the API to request activity logs
Microsoft Graph API
User.Read	Delegated	Sign in and read user profile	No	Allows the application to read the profile of signed-in users; required for API usage

On this page:

Microsoft 365 Management API
Graph Security API
Azure Active Directory
Azure Activity Logs