Overview of access permissions to Microsoft Entra ID data

Views:

View a list of permissions that must be enabled within Microsoft Entra ID to facilitate integration with Trend Vision One.

Permission set	Permissions	Associated apps
Read directory data	Read directory data (Directory.Read.All) Read all groups (Group.Read.All) Read group memberships (GroupMember.Read.All) Sign in and read user profile (User.Read)	Mobile Security Phishing Simulation Assessment User Accounts Zero Trust Secure Access
Read user and device information, cloud app data, and activity data	Microsoft Graph Read directory data (Directory.Read.All) Read all users' relevant people lists (People.Read.All) Sign in and read user profile (User.Read) Read all users' full profiles (User.Read.All) Read items in all site collections (Sites.Read.All) Read all groups (Group.Read.All) Read all audit log data (AuditLog.Read.All) Read identity risk event information (IdentityRiskEvent.Read.All) Read all usage reports (Reports.Read.All) Read your organization's security events (SecurityEvents.Read.All) Read all user mailbox settings (MailboxSettings.Read) Read organization information (Organization.Read.All) Read all hidden memberships (Member.Read.Hidden) Read threat assessment requests (ThreatAssessment.Read.All) Read your organization's policies (Policy.Read.All) Read users' authentication methods (UserAuthenticationMethod.Read.All) Read all company places (Place.read.all) Office 365 Management API Read activity data for your organization (ActivityFeed.Read)	Cyber Risk Exposure Management Email and Collaboration Sensor Identity Security Observed Attack Techniques Search User Accounts Workbench
Read directory data and perform account management actions	Read and write all users' full profiles (User.ReadWrite.All) Manage all user identities (User.ManageIdentities.All) Read and write directory data (Directory.ReadWrite.All)	Cyber Risk Exposure Management Identity Security Observed Attack Techniques Search User Accounts Workbench Zero Trust Secure Access
Read protected content and sensitivity label information	Read all protected content for this tenant (Content.SuperUser) Read all published labels and label policies for an organization (InformationProtectionPolicy.Read.All) Read organization information (Organization.Read.All) Sign in and read user profile (User.Read) Read all unified policies of the tenant (UnifiedPolicy.Tenant.Read?	Zero Trust Secure Access
Read security posture, compliance, and directory data from connected SaaS applications	Microsoft Graph Read calendars in all mailboxes (Calendars.Read) Read the names, descriptions, and settings of all channels (ChannelSettings.Read.All) Read all groups (Group.Read.All) Read mail in all mailboxes (Mail.Read) Read all user mailbox settings (MailboxSettings.Read) Read the members of all teams (TeamMember.Read.All) Read all teams' settings (TeamSettings.Read.All) Read all users' full profiles (User.Read.All) Read organization information (Organization.Read.All) Read all usage reports (Reports.Read.All) Office 365 Exchange Online Read calendars in all mailboxes (Calendars.Read.All) Read contacts in all mailboxes (Contacts.Read) Manage Exchange As Application (Exchange.ManageAsApp) Use Exchange Web Services with full access to all mailboxes (full_access_as_app) Read mail in all mailboxes (Mail.Read) Read all user mailbox settings (MailboxSettings.Read) Read organization information (Organization.Read.All) Read all users' full profiles (User.Read.All) Skype and Teams Tenant Admin API application_access (application_access) SharePoint Have full control of all site collections (Sites.FullControl.All)	Cyber Risk Exposure Management User Accounts