Overview
When you connect Incydr to Microsoft Office 365 email, you grant certain permissions to Incydr in your Microsoft environment. This article lists the permissions Incydr requires as well as what those permissions allow Incydr to do in your Microsoft environment.
Microsoft Office 365 email permissions
When a monitored user emails an attachment, Incydr collects information about the attached file along with the sender and recipients for the email.
To see this file activity, Incydr requires access to your Office 365 email environment. The Office 365 email permissions we request are:
- ActivityFeed.Read
- Files.Read.All
- Group.Read.All
- Mail.Read
- Mail.ReadBasic
- User.Read
- User.Read.All
This set of permissions means Incydr has read-only access to metadata for emails, attached files, and users within that email service. In other words, Incydr cannot make changes to the emails, data, or users in your email environment.
For more information on the specific metadata and file events visible in Forensic Search, see the File event metadata reference.
External resources
Microsoft documentation: Microsoft Graph permissions reference
Comments
0 comments
Please sign in to leave a comment.