Azure Web App Permissions for Microsoft Office 365 Outlook
Netskope seeks consent for the following Azure web app permissions for Microsoft Office 365 Outlook:
API | Permission Type* | Permission Name | Description | Netskope Use Case |
---|---|---|---|---|
Azure Active Directory Graph API | Delegated | User.Read | Sign in and read the user profile. | User meta information. |
Exchange API | Application | Calendars.Read | Read calendars in all mailboxes. | Mail notification processing. |
Application | Calendars.Read.All | Read calendars in all mailboxes. | Mail notification processing. | |
Application | Contacts.Read | Read contacts in all mailboxes. | Policy Processing. | |
Application | Mail.Read | Read mail in all mailboxes. | Mail notification processing. | |
Application | MailboxSettings.Read | Read all user mailbox settings. | Policy processing. | |
Microsoft Graph API | Application | Contacts.Read | Read contacts in all mailboxes. | User listing, policy processing. |
Application | Device.ReadWrite.All | Read and write devices. | User listing. | |
Application | Directory.Read.All | Read directory data. | User listing. | |
Application | Group.Read.All | Read all groups. | User group information. | |
Application | Mail.Read | Read mail in all mailboxes. | Mail notification processing. | |
Application | MailboxSettings.Read | Read all user mailbox settings. | Policy processing. | |
Application | User.Read.All | Read all users' full profiles. | User meta information. | |
Office 365 Management API | Delegated | ActivityFeed.Read | Read activity data for your organization. | Audit logs. |
Application | ActivityFeed.Read | Read activity data for your organization. | ||
Application | ActivityFeed.ReadDlp | Read DLP policy events including detected sensitive data. | ||
Application | ServiceHealth.Read | Read service health information for your organization. |
* What type of permission does the Netskope app require?
Delegated permission: Enables the Netskope app to perform operations on behalf of the signed-in user, such as reading email or modifying the user's profile.
Application permission: Permissions that enable the Netskope app to authenticate as itself without user interaction or consent, such as an app used by background services or daemon apps.