Permissions Required

by the Bsure Insights Data Collector Managed Application

When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by the Azure Functions in the Managed Resource Group.

  • Directory.Read.All, used to read user and license information​

  • AuditLog.Read.All, used to get user last signin information​

  • Domain.Read.All, used to get friendly names for tenantid​

  • Reports.Read.All, used to read user MFA registration information

  • Policy.Read.All, used to read signin logs and conditional access policies

The Managed Identity holds these permissions:

Last updated