Required permissions for Office 365 integration

Does my authenticating account for O365 need to have full admin permissions?

If you are asking with respect to privacy concerns or want to know how we will use your data

We use your data only to provide you with effective cybersecurity.
Our apps do not have the permissions of the account you use to authenticate. They have only the permissions granted to us (below, also listed on the authorization screen when you set up an Office 365 app).
For details, see our Terms of Service, particularly the Privacy Policy in Section 3 and the How We Protect Your Data addendum

There are two requirements for the authenticating account:

In addition to the permissions listed below, the account must have either a Security Reader or Report Reader role. NOTE: A global admin does not automatically have these roles. See Adding the Security Reader role in Entra ID Portal.
The admin needs to have an Entra ID P1 or P2 license. Adding Entra ID Premium P1 or P2.

After adding roles and the P1 or P2, you must re-authenticate via the RocketCyber Office 365 App for the changes to take effect. At least one P1 or P2 license per tenant is required for the RocketCyber product to function; please consult your license with Microsoft and Microsoft requirements to determine the appropriate number of P1 or P2 licenses required for your organization.

If you are asking to verify account permissions

Permissions our apps require are the following:

offline_access

openid

profile

User.Read

UserAuthenticationMethod.ReadWrite.All

SecurityAlert.ReadWrite.All

User.ReadWrite.All

SecurityAlert.Read.All

Directory.ReadWrite.All

MailboxSettings.Read

ThreatIndicators.ReadWrite.OwnedBy

User.EnableDisableAccount.All

Directory.Read.All

User.Read.All

ThreatAssessment.Read.All

IdentityProvider.Read.All

IdentityRiskyUser.Read.All

User.ManageIdentities.All

MailboxSettings.ReadWrite

IdentityRiskEvent.Read.All

AuditLog.Read.All

Policy.Read.All

ThreatIndicators.Read.All

Reports.Read.All

These permissions are automatically assigned to the app during the authentication process, and you cannot manually add them. If you are encountering issues, consider removing the app from your Office 365 Tenant and then trying to re-authenticate.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.