Azure Web App Permissions for Microsoft Office 365 Teams
Netskope seeks consent for the following Azure web app permissions for Microsoft Office 365 Teams:
API | Permission | Description | Netskope Use Case |
|---|---|---|---|
Microsoft Graph API | ChannelMessage.Read.All | Read all channel messages. | Channel notification/access channel web URL from the UI page. |
ChannelMessage.UpdatePolicy Violation.All | Flag channel messages for violating policy. | Block access. | |
Chat.Read.All | Read all 1:1 or group chat messages in Microsoft Teams, without a signed-in user. | Channel notification/access channel web URL from the UI page. | |
Chat.ReadBasic.All | Read names and members of all chat threads. | Chat members and exposure. | |
Chat.ReadWrite.All | Read and write all chat messages | Send alerts in chat. This API is not in use. Netskope may support this API in future use cases. | |
Chat.UpdatePolicyViolation.All | Flag chat messages for violating policy. | Block access. | |
Directory.Read.All | Read directory data. | Read access to user group team objects. | |
Files.Read.All | Read files in all site collections. | Download files from OneDrive. | |
Files.ReadWrite.All | Read, create, update, and delete all files the signed-in user can access. | Malware threat protection (quarantine & tombstone). | |
Group.Read.All | Read all groups. | Read teams. | |
GroupMember.Read.All | Read all group memberships. | Read team members. | |
Reports.Read.All | Read all usage reports. | This API is not in use. Netskope may support this API in future use cases. | |
Sites.Read.All | Read items in all site collections (preview). | Download files from sites. | |
TeamsActivity.Read.All | Read all users' teamwork activity feed | User activities. | |
TeamsApp.Read.All | Read all users' installed Teams apps. | Read the MS Teams apps installed for all users. Note The API does not have the ability to read application-specific settings. | |
User.Read.All | Read all users' full profiles. | Read user. | |
Office 365 Management API | ActivityFeed.Read | Read activity data of your organization. | Audit logs. |
ActivityFeed.ReadDlp | Read DLP policy events including detected sensitive data. | ||
ActivityReports.Read | Read activity reports of your organization. | ||
ServiceHealth.Read | Read service health information of your organization. | ||
ThreatIntelligence.Read | Read threat intelligence data of your organization. |