Views:

View a list of permissions that must be granted to Trend Vision One to facilitate email and collaboration security.

Access permissions required for Email Sensor

Associated service
Permissions
Description
Exchange Online
Directory.Read.All
Read directory data
Group.Read.All
Read all groups
Mail.ReadWrite
Read and write mail in all mailboxes
Member.Read.Hidden
Read all hidden memberships
User.Read
sign in and read user profile
People.Read.All
Read all users' relevant people lists
User.Read.All
Read all users' full profiles
Sites.Read.All
Read items in all site collections
AuditLog.Read.All
Read all audit log data
IdentityRiskEvent.Read.All
Read identity risk event information
Reports.Read.All
Read all usage reports
SecurityEvents.Read.All
Read your organization's security events
ActivityFeed.Read
Read activity data for your organization
MailboxSettings.Read
Read all user mailbox settings
Organization.Read.All
Read organization information
ThreatAssessment.Read.All
Read threat assessment requests
Policy.Read.All
Read your organization's policies
UserAuthenticationMethod.Read.All
Read users' authentication methods
Gmail
userinfo.email
See your primary Google Account email address
admin.directory.domain.readonly
View domains related to your customers
admin.directory.group.readonly
View groups on your domain
admin.directory.user.readonly
See information about users on your domain
admin.reports.audit.readonly
View audit reports for your G Suite domain
openid
Associate you with your personal information on Google
apps.licensing
View and manage G Suite licenses for your domain
Google Workspace Marketplace app permissions
Common Cloud Email and Collaboration Protection app permissions in Google Workspace Marketplace for Google Drive and Gmail

Access permissions required for Collaboration Sensor

Associated service
Permissions
Description
Microsoft 365 services
Directory.Read.All
Read directory data
User.Read
sign in and read user profile
People.Read.All
Read all users' relevant people lists
User.Read.All
Read all users' full profiles
Sites.Read.All
Read items in all site collections
Group.Read.All
Read all groups
AuditLog.Read.All
Read all audit log data
IdentityRiskEvent.Read.All
Read identity risk event information
Reports.Read.All
Read all usage reports
SecurityEvents.Read.All
Read your organization's security events
ActivityFeed.Read
Read activity data for your organization
MailboxSettings.Read
Read all user mailbox settings
Organization.Read.All
Read organization information
Member.Read.Hidden
Read all hidden memberships
ThreatAssessment.Read.All
Read threat assessment requests
Policy.Read.All
Read your organization's policies
UserAuthenticationMethod.Read.All
Read users' authentication methods

Access permissions required for Cloud Email and Collaboration Protection

Associated service
Permissions
Description
Exchange Online
Directory.Read.All
Read directory data
Group.Read.All
Read all groups
Mail.ReadWrite
Read and write mail in all mailboxes
Member.Read.Hidden
Read all hidden memberships
User.Read
sign in and read user profile
Exchange Online (Inline Mode)
Domain.Read.All
Read domains
User.Read
sign in and read user profile
Exchange.ManageAsApp
Manage Exchange As Application
SharePoint Online
Directory.Read.All
Read directory data
Sites.FullControl.All
Have full control of all site collections
Sites.Read.All
Read items in all site collections
User.Read
sign in and read user profile
OneDrive
Directory.Read.All
Read directory data
Group.Read.All
Read all groups
Sites.FullControl.All
Have full control of all site collections
Sites.Read.All
Read items in all site collections
User.Read
sign in and read user profile
User.Read.All
Read user profiles
Teams
Directory.Read.All
Read directory data
Group.Read.All
Read all groups
Sites.FullControl.All
Have full control of all site collections
Sites.Manage.All
Create, edit, and delete items and lists in all site collections
Sites.Read.All
Read items in all site collections
User.Read
sign in and read user profile
Teams Chat
Chat.Read.All
Read all chat messages
Chat.UpdatePolicyViolation.All
Flag chat messages for violating policy
Files.ReadWrite.All
Read and write files in all site collections
Group.Read.All
Read all groups
User.Read
sign in and read user profile
User.Read.All
Read all users' full profiles
Microsoft Information Protection (MIP)
Content.SuperUser
Read all protected content for this tenant
Content.Writer
Create protected content
InformationProtectionPolicy.Read.All
Read all published labels and label policies for an organization
Organization.Read.All
Read organization information
Sites.Read.All
Read items in all site collections
User.Read
sign in and read user profile
UnifiedPolicy.Tenant.Read
Read all unified policies of the tenant
Sites.FullControl.All
Have full control of all site collections
Box
root_readwrite
Read and write all files and folders stored in Box
manage_groups
Manage groups of an organization
manage_webhook
Manage webhooks for a user
manage_enterprise_properties
Manage enterprise properties
manage_managed_users
Manage users
manage_app_users
Manage app users
perform actions as users
Make API calls on behalf of users using the As-User header
Dropbox
Team member file access
  • View content of your Dropbox files and folders, view and edit information about your Dropbox files and folders, and permanently delete your Dropbox files and folders
  • View and manage your Dropbox file requests, Dropbox sharing settings and collaborators, and manually added Dropbox contacts
  • View basic information about your Dropbox account such as your username, email, and country
  • View and edit content of, governance data of, and information about your team's files and folders
  • View your team group membership and team membership
  • View your team's activity log and view and manage your team's sessions, devices, and apps
  • View structure of your team's and members' folders
  • View basic information about your team including names, user count, and team settings
Google Drive
admin.reports.audit.readonly
View audit reports for your G Suite domain
admin.directory.orgunit.readonly
View organization units on your domain
apps.licensing
View and manage G Suite licenses for your domain
admin.directory.user.readonly
See information about users on your domain
drive.file
See, edit, create, and delete only the specific Google Drive files you use with this app
Google Workspace Marketplace app permissions
Common Cloud Email and Collaboration Protection app permissions in Google Workspace Marketplace for Google Drive and Gmail
Gmail
admin.reports.audit.readonly
View audit reports for your G Suite domain
admin.directory.domain.readonly
View domains related to your customers
apps.licensing
View and manage G Suite licenses for your domain
admin.directory.group.readonly
View groups on your domain
admin.directory.user.readonly
See information about users on your domain
openid
Associate you with your personal information on Google
userinfo.email
See your primary Google Account email address
Google Workspace Marketplace app permissions
Common Cloud Email and Collaboration Protection app permissions in Google Workspace Marketplace for Google Drive and Gmail
Gmail (Inline Mode)
admin.reports.audit.readonly
View audit reports for your G Suite domain
admin.directory.domain.readonly
View domains related to your customers
apps.licensing
View and manage G Suite licenses for your domain
admin.directory.group.readonly
View groups on your domain
admin.directory.group
View and manage the provisioning of groups on your domain
admin.directory.user.readonly
See information about users on your domain
openid
Associate you with your personal information on Google
userinfo.email
See your primary Google Account email address
Google Workspace Marketplace app permissions
Common Cloud Email and Collaboration Protection app permissions in Google Workspace Marketplace for Google Drive and Gmail

Google Workspace Marketplace app permissions

Permissions
Description
https://mail.google.com/
Read, compose, send, and permanently delete all your email from Gmail
gmail.modify
Read, compose, and send emails from your Gmail account
gmail.readonly
View your email messages and settings
userinfo.email
See your primary Google Account email address
userinfo.profile
See your personal information, including any personal information you've made publicly available
admin.directory.domain.readonly
View domains related to your customers
admin.directory.group.readonly
View groups on your domain
admin.directory.orgunit.readonly
View organization units on your domain
admin.directory.user.readonly
See information about users on your domain
admin.reports.audit.readonly
View audit reports for your G Suite domain
apps.licensing
View and manage G Suite licenses for your domain
drive
See, edit, create, and delete all of your Google Drive files