Permissions Required

by the Bsure Insights Data Collector Managed Application

When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by a Container App in the Managed Resource Group.

Permission

Resource Name

Reason

AuditLog.Read.All

collector

Allows the app to read audit logs to monitor sign-ins and activities for security and compliance (read-only).

DeviceManagementManagedDevices.Read.All

collector

Allows reading Intune-managed device inventory and status to support reporting and troubleshooting (read-only).

Directory.Read.All

collector

Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).

Domain.Read.All

collector

Allows reading domain settings (read-only).

MailboxSettings.Read

collector

Allows reading users’ mailbox settings (type; read-only; no mail access).

Policy.Read.All

collector

Allows reading organization conditional access policies (read-only).

Directory.Read.All

updater

Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).

Permissions Bsure have in your environment:

To monitor jobs and provide updates and new features the solution provider Bsure will be given contributor and owner access during installation to the Managed Resource Group inside the managed application.

PreviousAzure Managed Application NextSecurity + Public SQL

Last updated 17 days ago

Was this helpful?