Permissions Required
by the Bsure Insights Data Collector Managed Application
When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by a Container App in the Managed Resource Group.
Permission
Resource Name
Reason
AuditLog.Read.All
collector
Allows the app to read audit logs to monitor sign-ins and activities for security and compliance (read-only).
DeviceManagementManagedDevices.Read.All
collector
Allows reading Intune-managed device inventory and status to support reporting and troubleshooting (read-only).
Directory.Read.All
collector
Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).
Domain.Read.All
collector
Allows reading domain settings (read-only).
MailboxSettings.Read
collector
Allows reading users’ mailbox settings (type; read-only; no mail access).
Policy.Read.All
collector
Allows reading organization conditional access policies (read-only).
Directory.Read.All
updater
Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).
Permissions Bsure have in your environment:
To monitor jobs and provide updates and new features the solution provider Bsure will be given contributor and owner access during installation to the Managed Resource Group inside the managed application.
Last updated
Was this helpful?