Skip to main content

Netskope Help

Azure Web App Permissions for Microsoft Office 365 Outlook

Netskope seeks consent for the following Azure web app permissions for Microsoft Office 365 Outlook:

API

Permission Type*

Permission Name

Description

Netskope Use Case

Azure Active Directory Graph API

Delegated

User.Read

Sign in and read the user profile.

User meta information.

Exchange API

Application

Calendars.Read

Read calendars in all mailboxes.

Mail notification processing.

Application

Calendars.Read.All

Read calendars in all mailboxes.

Mail notification processing.

Application

Contacts.Read

Read contacts in all mailboxes.

Policy Processing.

Application

Mail.Read

Read mail in all mailboxes.

Mail notification processing.

Application

MailboxSettings.Read

Read all user mailbox settings.

Policy processing.

Microsoft Graph API

Application

Contacts.Read

Read contacts in all mailboxes.

User listing, policy processing.

Application

Device.ReadWrite.All

Read and write devices.

User listing.

Application

Directory.Read.All

Read directory data.

User listing.

Application

Group.Read.All

Read all groups.

User group information.

Application

Mail.Read

Read mail in all mailboxes.

Mail notification processing.

Application

MailboxSettings.Read

Read all user mailbox settings.

Policy processing.

Application

User.Read.All

Read all users' full profiles.

User meta information.

Office 365 Management API

Delegated

ActivityFeed.Read

Read activity data for your organization.

Audit logs.

Application

ActivityFeed.Read

Read activity data for your organization.

Application

ActivityFeed.ReadDlp

Read DLP policy events including detected sensitive data.

Application

ServiceHealth.Read

Read service health information for your organization.

* What type of permission does the Netskope app require?

  • Delegated permission: Enables the Netskope app to perform operations on behalf of the signed-in user, such as reading email or modifying the user's profile.

  • Application permission: Permissions that enable the Netskope app to authenticate as itself without user interaction or consent, such as an app used by background services or daemon apps.