Comment on page

Permissions Required

by the Bsure Insights Data Collector Managed Application
When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by the Azure Functions in the Managed Resource Group.
  • Directory.Read.All, used to read user and license information​
  • AuditLog.Read.All, used to get user last signin information​
  • Domain.Read.All, used to get friendly names for tenantid​
  • Reports.Read.All, used to read user MFA registration information
  • Policy.Read.All, used to read signin logs and conditional access policies

The Managed Identity holds these permissions: