Permissions Required

by the Bsure Insights Data Collector Managed Application

When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by the Azure Functions in the Managed Resource Group.

Directory.Read.All, used to read user and license information
AuditLog.Read.All, used to get user last signin information
Domain.Read.All, used to get friendly names for tenantid
Reports.Read.All, used to read user MFA registration information
Policy.Read.All, used to read signin logs and conditional access policies
MailboxSettings.Read, used to read user purpose of the user's mailbox

The Managed Identity holds these permissions:

Permissions Bsure have in your environment:

To monitor jobs and provide updates and new features the solution provider Bsure will be given contributor access during setup to the Managed Resource Group inside the managed application.

Bsure can't consume customer data, ref https://docs.bsure.io/technical-description/security#example-bsure-personnel-accessing-the-key-vault

PreviousAzure Managed Application NextSecurity

Last updated 3 months ago

Was this helpful?