integrations
cloud
microsoft
office 365
azure
Permissions Used by XDR for Microsoft 365 and Azure Integrations
The following tables list permissions requested by Secureworks to integrate your Microsoft Azure and 365 data sources. Each table lists the permissions used by each integration as well as a comment on why Secureworks is requesting this permission.
Microsoft 365 Management API
API/Permissions Name
Type
Description
Admin Consent Required?
Secureworks Comments
Microsoft Graph API
User.Read
Delegated
Sign in and read user profile
No
Allows the application to read the profile of signed-in users; required for API usage
Office 365 Management API
ActivityFeed.Read
Application
Read activity data for your organization
Yes
Main permission that allows access to read most content types supported by the API, excluding DLP events
ActivityFeed.ReadDlp
Application
Read DLP policy events including detected sensitive data
Yes
Enables Secureworks to read the DLP content type
ServiceHealth.Read
Application
Read service health information for your organization
Yes
Allows the Secureworks application insight into service health of the tenant that data is being collected from
Graph Security API
API/Permissions Name
Type
Description
Admin Consent Required?
Secureworks Comments
Microsoft Graph API
SecurityActions.Read.All
Application
Read your organization's security actions
Yes
Intended for future use
SecurityEvents.Read.All
Application
Read your organization's security events
Yes
Allows Secureworks access to read security events from the Graph Security API
User.Read
Delegated
Sign in and read user profile
No
Allows the application to read the profile of signed-in users; required for API usage
Azure Active Directory
API/Permissions Name
Type
Description
Admin Consent Required?
Secureworks Comments
Microsoft Graph API
AuditLog.Read.All
Application
Read all audit log data
Yes
Required by the Graph API to request audit logs
Directory.Read.All
Application
Read directory data
Yes
Required by the Graph API to read directory data on behalf of the application
User.Read
Delegated
Sign in and read user profile
No
Allows the application to read the profile of signed-in users; required for API usage
Azure Activity Logs
API/Permissions Name
Type
Description
Admin Consent Required?
Secureworks Comments
Azure Service Management
user_impersonation
Delegated
Access Azure Service Management as organization users
No
Required by the API to request activity logs
Microsoft Graph API
User.Read
Delegated
Sign in and read user profile
No
Allows the application to read the profile of signed-in users; required for API usage