Azure Web App Permissions for Microsoft Office 365 Outlook
Azure Web App Permissions for Microsoft Office 365 Outlook
Netskope seeks consent for the following Azure web app permissions for Microsoft Office 365 Outlook:
API | Permission Type* | Permission Name | Description | Netskope Use Case |
---|---|---|---|---|
Azure Active Directory Graph API | Delegated | User.Read | Sign in and read the user profile. | User meta information. |
Exchange API | Application | Calendars.Read | Read calendars in all mailboxes. | Mail notification processing. |
Application | Calendars.Read.All | Read calendars in all mailboxes. | Mail notification processing. |
|
Application | Contacts.Read | Read contacts in all mailboxes. | Policy Processing. |
|
Application | Mail.Read | Read mail in all mailboxes. | Mail notification processing. |
|
Application | MailboxSettings.Read | Read all user mailbox settings. | Policy processing. |
|
Microsoft Graph API | Application | Contacts.Read | Read contacts in all mailboxes. | User listing, policy processing. |
Application | Device.ReadWrite.All | Read and write devices. | User listing. |
|
Application | Directory.Read.All | Read directory data. | User listing. |
|
Application | Group.Read.All | Read all groups. | User group information. |
|
Application | Mail.Read | Read mail in all mailboxes. | Mail notification processing. |
|
Application | MailboxSettings.Read | Read all user mailbox settings. | Policy processing. |
|
Application | User.Read.All | Read all users' full profiles. | User meta information. |
|
Office 365 Management API | Delegated | ActivityFeed.Read | Read activity data for your organization. | Audit logs. |
Application | ActivityFeed.Read | Read activity data for your organization. |
||
Application | ActivityFeed.ReadDlp | Read DLP policy events including detected sensitive data. |
||
Application | ServiceHealth.Read | Read service health information for your organization. |
* What type of permission does the Netskope app require?
- Delegated permission: Enables the Netskope app to perform operations on behalf of the signed-in user, such as reading email or modifying the user’s profile.
- Application permission: Permissions that enable the Netskope app to authenticate as itself without user interaction or consent, such as an app used by background services or daemon apps.