Special Note on Directory Writers Role

Special Note on Directory Writers Role

Customers who authorized their Microsoft Office 365 SharePoint instances with Netskope before December 3, 2020, may see a Directory Writers role assigned to the Netskope Activity Feeds for Microsoft SharePoint app in the Microsoft Entra Privileged Identity Management service. Previously, the Netskope app requested the Directory.ReadWrite.All permission for Microsoft Graph APIs. As part of this, Microsoft automatically assigned the Directory Writers role to the app. However, due to a limitation on Microsoft’s end, this role was not removed when Netskope withdrew the Directory.ReadWrite.All permission from the app in 2019. To learn more about the Directory.ReadWrite.All permission and limitations: Directory.ReadWrite.All

This change applies to the classic API Data Protection platform only.

Call to Action

You can safely remove this role if you have any concerns about its presence. To do so:

  1. Log in portal.azure.com.

  2. On the search bar, type Privileged Identity Management and click Microsoft Entra Privileged Identity Management.

  3. On the left pane, navigate to Manage > Microsoft Entra roles.

  4. On the left pane, navigate to Manage > Roles.

  5. Under the list of roles, click Directory Writers and click the Active assignments tab.

  6. Search for Netskope Activity Feeds for Microsoft SharePoint and under Action, click Remove.

You have successfully removed the role.

Share this Doc

Special Note on Directory Writers Role

Or copy link

In this topic ...