Special Note on Directory Writers Role
Special Note on Directory Writers Role
Customers who authorized their Microsoft Office 365 SharePoint instances with Netskope before December 3, 2020, may see a Directory Writers role assigned to the Netskope Activity Feeds for Microsoft SharePoint app in the Microsoft Entra Privileged Identity Management service. Previously, the Netskope app requested the Directory.ReadWrite.All permission for Microsoft Graph APIs. As part of this, Microsoft automatically assigned the Directory Writers role to the app. However, due to a limitation on Microsoft’s end, this role was not removed when Netskope withdrew the Directory.ReadWrite.All permission from the app in 2019. To learn more about the Directory.ReadWrite.All permission and limitations: Directory.ReadWrite.All
Call to Action
You can safely remove this role if you have any concerns about its presence. To do so:
-
Log in portal.azure.com.
-
On the search bar, type Privileged Identity Management and click Microsoft Entra Privileged Identity Management.
-
On the left pane, navigate to Manage > Microsoft Entra roles.
-
On the left pane, navigate to Manage > Roles.
-
Under the list of roles, click Directory Writers and click the Active assignments tab.
-
Search for Netskope Activity Feeds for Microsoft SharePoint and under Action, click Remove.
You have successfully removed the role.