Netskope Help

Azure Web App Permissions for Microsoft Office 365 Teams

Netskope seeks consent for the following Azure web app permissions for Microsoft Office 365 Teams:

API

Permission

Description

Netskope Use Case

Microsoft Graph API

ChannelMessage.Read.All

Read all channel messages.

Channel notification/access channel web URL from the UI page.

ChannelMessage.UpdatePolicy Violation.All

Flag channel messages for violating policy.

Block access.

Chat.Read.All

Read all 1:1 or group chat messages in Microsoft Teams, without a signed-in user.

Channel notification/access channel web URL from the UI page.

Chat.ReadBasic.All

Read names and members of all chat threads.

Chat members and exposure.

Chat.ReadWrite.All

Read and write all chat messages

Send alerts in chat. This API is not in use. Netskope may support this API in future use cases.

Chat.UpdatePolicyViolation.All

Flag chat messages for violating policy.

Block access.

Directory.Read.All

Read directory data.

Read access to user group team objects.

Files.Read.All

Read files in all site collections.

Download files from OneDrive.

Files.ReadWrite.All

Read, create, update, and delete all files the signed-in user can access.

Malware threat protection (quarantine & tombstone).

Group.Read.All

Read all groups.

Read teams.

GroupMember.Read.All

Read all group memberships.

Read team members.

Reports.Read.All

Read all usage reports.

This API is not in use. Netskope may support this API in future use cases.

Sites.Read.All

Read items in all site collections (preview).

Download files from sites.

TeamsActivity.Read.All

Read all users' teamwork activity feed

User activities.

TeamsApp.Read.All

Read all users' installed Teams apps.

Read the MS Teams apps installed for all users.

Note

The API does not have the ability to read application-specific settings.

User.Read.All

Read all users' full profiles.

Read user.

Office 365 Management API

ActivityFeed.Read

Read activity data of your organization.

Audit logs.

ActivityFeed.ReadDlp

Read DLP policy events including detected sensitive data.

ActivityReports.Read

Read activity reports of your organization.

ServiceHealth.Read

Read service health information of your organization.

ThreatIntelligence.Read

Read threat intelligence data of your organization.