Permissions Required

by the Bsure Insights Data Collector Managed Application

When you run the permissions script during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by a Container App in the Managed Resource Group.

Permission

Resource Name

Type

Reason

AuditLog.Read.All

collector

Application

Allows the app to read audit logs to monitor sign-ins and activities for security and compliance (read-only).

DeviceManagementManagedDevices.Read.All

collector

Application

Allows reading Intune-managed device inventory and status to support reporting and troubleshooting (read-only).

Directory.Read.All

collector

Application

Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).

Domain.Read.All

collector

Application

Allows reading domain settings (read-only).

MailboxSettings.Read

collector

Application

Allows reading users’ mailbox settings (type; read-only; no mail access).

Policy.Read.All

collector

Application

Allows reading organization conditional access policies (read-only).

Synchronization.Read.All

collector

Application

Allows reading Azure AD synchronization information such as SCIM

Directory.Read.All

updater

Application

Allows reading Azure AD directory data (users, groups, apps) to look up identities and relationships (read-only).

Permissions Bsure have in your environment:

To monitor jobs and provide updates and new features the solution provider Bsure will be given contributor and owner access during installation to the Managed Resource Group inside the managed application.

PreviousAzure Managed Application NextSecurity + Public SQL

Last updated 11 days ago

Was this helpful?

hashtag Permissions Bsure have in your environment:

Permissions Bsure have in your environment: