Microsoft Cloud Permissions
This documentation outlines the permissions available for integrations included in the Microsoft Cloud Integration Bundle, detailing the actions, methods, URLs, and trigger types associated with each permission.
Microsoft CSP Permissions
User Impersonation
This permission is necessary to pull the list of customers from your CSP tenant and map them to managed Rewst organizations.
Actions:
microsoft_csp.check_if_organization_has_consent
microsoft_csp.list_customers
microsoft_csp.list_customer_subscriptions
microsoft_csp.update_customer_subscription_quantity
Microsoft Exchange Online Permissions
Exchange.Manage
Actions:
microsoft_exo.invoke_command
Exchange.ManageAsApp
Actions:
microsoft_exo.invoke_command
full_access_as_app
Actions:
microsoft_exo.invoke_command
Microsoft Azure Permissions
Key Vault User Impersonation
Actions:
microsoft_azure.list_keys_in_vault
microsoft_azure.create_key_in_vault
microsoft_azure.delete_key_in_vault
Service Management User Impersonation
Actions:
microsoft_azure.generic_request
microsoft_azure.Virtual Machines - InstanceView
microsoft_azure.Virtual Machines - List
microsoft_azure.Virtual Machines - Get
microsoft_azure.Virtual Machines - ListAvailableSizes
microsoft_azure.Virtual Machines - Delete
microsoft_azure.Virtual Machines - ListByLocation
microsoft_azure.Virtual Machines - ListAll
microsoft_azure.create_blob_storage_container
microsoft_azure.create_key_vault
microsoft_azure.get_storage_account
microsoft_azure.create_storage_account
microsoft_azure.create_vm
microsoft_azure.create_virtual_network
microsoft_azure.list_virtual_networks
microsoft_azure.list_blob_storage_containers
microsoft_azure.list_virtual_machines
microsoft_azure.delete_blob_storage_container
microsoft_azure.get_key_vault
microsoft_azure.get_virtual_machine
microsoft_azure.get_virtual_network
microsoft_azure.get_blob_storage_container
microsoft_azure.delete_storage_account
microsoft_azure.delete_key_vault
microsoft_azure.delete_virtual_machine
microsoft_azure.delete_virtual_network
microsoft_azure.list_storage_accounts
microsoft_azure.list_key_vaults
microsoft_azure.list_subscriptions
microsoft_azure.list_resource_groups
Storage User Impersonation
Actions:
microsoft_azure.generic_request
Methods:
GET
POST
PUT
PATCH
DELETE
URLs:
https://{storageAccountName}.blob.core.windows.net/{containerName}
https://{storageAccountName}.table.core.windows.net/{tableName}
Microsoft Graph Permissions
AccessReview.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/identityGovernance/accessReviews/definitions
/identityGovernance/accessReviews/definitions/{definitionId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/decisions
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/decisions/{decisionId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/contacts
/identityGovernance/accessReviews/settings
AccessReview.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/identityGovernance/accessReviews/definitions
/identityGovernance/accessReviews/definitions/{definitionId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/decisions
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/decisions/{decisionId}
/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/contacts
/identityGovernance/accessReviews/settings
ActivityFeed.Read
Actions:
microsoft_graph.graph_api_request
Trigger Types:
microsoft_graph.Management Activity
ActivityFeed.ReadDlp
Actions:
microsoft_graph.graph_api_request
Trigger Types:
microsoft_graph.Management Activity
AppCatalog.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/appCatalogs/teamsApps
AppCatalog.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
DELETE
URLs:
/appCatalogs/teamsApps
/appCatalogs/teamsApps/{id}
/appCatalogs/teamsApps/{id}/appDefinitions
AppCatalog.Submit
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
DELETE
URLs:
/appCatalogs/teamsApps
/appCatalogs/teamsApps/{id}
/appCatalogs/teamsApps/{id}/appDefinitions
AppRoleAssignment.ReadWrite.All
This is a core permission utilized with the Rewst Microsoft Cloud Connector and is necessary for dynamic permissions. It is not necessary when using an Owned App Registration.
Application.ReadWrite.All
This is a core permission utilized with the Rewst Microsoft Cloud Connector and is necessary for dynamic permissions. It is not necessary when using an Owned App Registration.
AuditLog.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/activity/feed/subscriptions/content
/auditLogs/directoryAudits
/auditLogs/directoryAudits/{id}
/auditLogs/provisioning
/auditLogs/signIns
/auditLogs/signIns/{id}
/reports/authenticationMethods/userRegistrationDetails
/reports/authenticationMethods/userRegistrationDetails/{userId}
Trigger Types:
microsoft_graph.New Access from Anonymous Link
microsoft_graph.New Directory Audit Log
microsoft_graph.New Signin
microsoft_graph.Suspicious Login Distance
AuditLogsQuery.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/auditLogs/directoryAudits
/auditLogs/investigationResults
/auditLogs/legacyAudits
/auditLogs/riskyUsers
/auditLogs/signIns
/auditLogs/userAccountActivity
BitlockerKey.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceManagement/managedDevices/{id}/bitlockerKeys
/deviceManagement/managedDevices/{id}/bitlockerKeys/{id}
Bookings.Manage.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/bookings/appointments
/bookings/appointments/{id}
/bookings/businesses
/bookings/businesses/{id}
/bookings/customers
/bookings/customers/{id}
/bookings/services
/bookings/services/{id}
Bookings.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/bookings/appointments
/bookings/appointments/{id}
/bookings/businesses
/bookings/businesses/{id}
/bookings/customers
/bookings/customers/{id}
/bookings/services
/bookings/services/{id}
Bookings.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/bookings/appointments
/bookings/appointments/{id}
/bookings/businesses
/bookings/businesses/{id}
/bookings/customers
/bookings/customers/{id}
/bookings/services
/bookings/services/{id}
BookingsAppointment.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/bookings/appointments
/bookings/appointments/{id}
/bookings/businesses
/bookings/businesses/{id}
/bookings/customers
/bookings/customers/{id}
/bookings/services
/bookings/services/{id}
Calendars.Read
Actions:
microsoft_graph.get_user_calendars
microsoft_graph.get_user_calendar_permissions
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/calendarPermissions
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
Calendars.Read.Shared
Actions:
microsoft_graph.get_user_calendars
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
/users/{id|userPrincipalName}/calendars/{id}
/users/{id|userPrincipalName}/calendars/{id}/events
/users/{id|userPrincipalName}/calendarGroups
/users/{id|userPrincipalName}/calendarGroups/{id}
/users/{id|userPrincipalName}/calendarGroups/{id}/events
/users/{id|userPrincipalName}/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/users/{id|userPrincipalName}/events
/users/{id|userPrincipalName}/events/{id}
Calendars.ReadBasic
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
Calendars.ReadBasic.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
Calendars.ReadWrite
Actions:
microsoft_graph.create_event
microsoft_graph.create_user_calendar_permission
microsoft_graph.delete_user_calendar
microsoft_graph.get_user_calendars
microsoft_graph.get_user_calendar_permissions
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
/users/{id|userPrincipalName}/calendars/{id}
/users/{id|userPrincipalName}/calendars/{id}/events
/users/{id|userPrincipalName}/calendarGroups
/users/{id|userPrincipalName}/calendarGroups/{id}
/users/{id|userPrincipalName}/calendarGroups/{id}/events
/users/{id|userPrincipalName}/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/users/{id|userPrincipalName}/events
/users/{id|userPrincipalName}/events/{id}
Calendars.ReadWrite.Shared
Actions:
microsoft_graph.create_event
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/me/calendars
/me/calendars/{id}
/me/calendars/{id}/events
/me/calendarGroups
/me/calendarGroups/{id}
/me/calendarGroups/{id}/events
/me/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/me/events
/me/events/{id}
/users/{id|userPrincipalName}/calendars
/users/{id|userPrincipalName}/calendars/{id}
/users/{id|userPrincipalName}/calendars/{id}/events
/users/{id|userPrincipalName}/calendarGroups
/users/{id|userPrincipalName}/calendarGroups/{id}
/users/{id|userPrincipalName}/calendarGroups/{id}/events
/users/{id|userPrincipalName}/calendarView?startDateTime={start_datetime}&endDateTime={end_datetime}
/users/{id|userPrincipalName}/events
/users/{id|userPrincipalName}/events/{id}
Channel.Create
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/teams/{teamId}/channels
Channel.Delete.All
Actions:
microsoft_graph.graph_api_request
Methods:
DELETE
URLs:
/teams/{teamId}/channels/{channelId}
ChannelMember.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
/teams/{teamId}/channels/{channelId}/members
/teams/{teamId}/channels/{channelId}/members/{id}
ChannelMember.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
/teams/{teamId}/channels/{channelId}/members
/teams/{teamId}/channels/{channelId}/members/{id}
ChannelMessage.Edit
Actions:
microsoft_graph.graph_api_request
Methods:
PATCH
URLs:
/teams/{teamId}/channels/{channelId}/messages/{messageId}
ChannelMessage.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/teams/{team-id}/channels/{channel-id}/messages
/teams/{team-id}/channels/{channel-id}/messages/delta
/teams/{team-id}/channels/{channel-id}/messages/{message-id}
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/hostedContents
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/hostedContents/{hosted-content-id}
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-id}
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-id}/hostedContents
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-id}/hostedContents/{hosted-content-id}
Trigger Types:
microsoft_graph.Teams Message Subscription
microsoft_graph.Teams Message Subscription by Team and Channel ID
ChannelMessage.ReadWrite
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/subscriptions?resource=teams/getAllMessages
/subscriptions?resource=teams/{team_id}/channels/{channel_id}/messages
/teams/{teamId}/channels/{channelId}/messages/{messageId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/softDelete
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/undoSoftDelete
/teams/{teamId}/channels/{channelId}/messages/{chatMessageId}/softDelete
/teams/{teamId}/channels/{channelId}/messages/{chatMessageId}/undoSoftDelete
Trigger Types:
microsoft_graph.Teams Message Subscription
microsoft_graph.Teams Message Subscription by Team and Channel ID
ChannelMessage.Send
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/setReaction
/teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/unsetReaction
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/setReaction
/teams/{team-id}/channels/{channel-id}/messages
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/unsetReaction
/teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies
ChannelMessage.UpdatePolicyViolation.All
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/teams/(team-id)/channels/{channel-id}/messages/{message-id}
/teams/(team-id)/channels/{channel-id}/messages/{message-id}/replies/{reply-id}
ChannelSettings.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/teams/{teamId}/channels
/teams/{teamId}/channels/{channelId}
/teams/{teamId}/channels/{channelId}/settings
/teams/{teamId}/primaryChannel
ChannelSettings.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
PATCH
URLs:
/teams/{teamId}/channels
/teams/{teamId}/channels/{channelId}
/teams/{teamId}/channels/{channelId}/settings
/teams/{teamId}/primaryChannel
Chat.Create
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/chats
Chat.ManageDeletion.All
Actions:
microsoft_graph.graph_api_request
Methods:
DELETE
URLs:
/chats/{chatId}
/chats/{chatId}/restore
Chat.Read
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}
/chats/{chatId}/messages
/chats/{chatId}/messages/{messageId}
/chats/{chatId}/messages/{messageId}/hostedContents
/chats/{chatId}/messages/{messageId}/hostedContents/{hostedContentId}
/chats/{chatId}/messages/{messageId}/replies
/chats/{chatId}/messages/{messageId}/replies/{replyId}
/chats/{chatId}/messages/{messageId}/replies/{replyId}/hostedContents
/chats/{chatId}/messages/{messageId}/replies/{replyId}/hostedContents/{hostedContentId}
Chat.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats
/chats/{chatId}
/chats/{chatId}/messages
/chats/{chatId}/messages/{messageId}
/chats/{chatId}/messages/{messageId}/hostedContents
/chats/{chatId}/messages/{messageId}/hostedContents/{hostedContentId}
/chats/{chatId}/messages/{messageId}/replies
/chats/{chatId}/messages/{messageId}/replies/{replyId}
/chats/{chatId}/messages/{messageId}/replies/{replyId}/hostedContents
/chats/{chatId}/messages/{messageId}/replies/{replyId}/hostedContents/{hostedContentId}
Trigger Types:
microsoft_graph.Chat Message Subscription
microsoft_graph.Chat Message Subscription by Chat ID
Chat.ReadBasic
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats
/chats/{chatId}/members
/chats/{chatId}/members/{membershipId}
/chats/{chatId}/operations
/chats/{chatId}/operations/{operationId}
/chats/{chatId}
/me/chats/{chatId}
/teams/{id}/channels/{id}/members/{id}
/users/{userId}
Chat.ReadBasic.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats
/chats/{chatId}/members
/chats/{chatId}/members/{membershipId}
/chats/{chatId}/operations
/chats/{chatId}/operations/{operationId}
/chats/{chatId}
/me/chats/{chatId}
/teams/{id}/channels/{id}/members/{id}
/users/{userId}
Chat.ReadWrite
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/chats
/chats/{chatId}
/chats/{chatId}/members
/chats/{chatId}/members/{membershipId}
/chats/{chatId}/members/{membershipId}/operation
/chats/{chatId}/messages
/chats/{chatId}/operations
/me/chats/{chatId}
/me/chats/{chatId}/messages
/teams/{teamId}/channels/{channelId}/messages/{messageId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/hostedContents
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/hostedContents
/teams/{teamId}/channels/{channelId}/messages/{messageId}/hostedContents/{hostedContentId}
Chat.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/chats
/chats/{chatId}
/chats/{chatId}/members
/chats/{chatId}/members/{membershipId}
/chats/{chatId}/members/{membershipId}/operation
/chats/{chatId}/messages
/chats/{chatId}/operations
/me/chats/{chatId}
/me/chats/{chatId}/messages
/subscriptions?resource=chat/getAllMessages
/subscriptions?resource=chat/{chatId}/messages
/teams/{teamId}/channels/{channelId}/messages/{messageId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/hostedContents
/teams/{teamId}/channels/{channelId}/messages/{messageId}/hostedContents/{hostedContentId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/hostedContents
Trigger Types:
microsoft_graph.Chat Message Subscription
microsoft_graph.Chat Message Subscription by Chat ID
Chat.UpdatePolicyViolation.All
Actions:
microsoft_graph.graph_api_request
Methods:
PATCH
URLs:
/teams/{teamId}/channels/{channelId}/messages/{messageId}
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}
ChatMember.Read
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
ChatMember.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
ChatMember.ReadWrite
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
ChatMember.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/chats/{chatId}/members
/chats/{chatId}/members/{id}
ChatMessage.Read
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}/messages
/chats/{chatId}/messages/{id}
ChatMessage.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/chats/{chatId}/messages
/chats/{chatId}/messages/{id}
ChatMessage.Send
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/chats/{chatId}/messages
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/setReaction
/teams/{teamId}/channels/{channelId}/messages/{messageId}/replies/{replyId}/unsetReaction
/teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/setReaction
/teams/{teamsId}/channels/{channelId}/messages/{chatMessageId}/unsetReaction
CloudApp-Discovery.Read.All
Actions:
microsoft_graph.graph_api_request
CloudPC.Read.All
Actions:
microsoft_graph.graph_api_request
CloudPC.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Community.Read.All
Actions:
microsoft_graph.graph_api_request
Community.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Contacts.Read
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/contacts
/me/contactFolders
/me/contactFolders/{id}
/users/{id|userPrincipalName}/contacts
/users/{id|userPrincipalName}/contacts/{id}
Contacts.ReadWrite
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/me/contacts
/me/contactFolders
/me/contactFolders/{id}
/me/contactFolders/{id}/contacts
/me/contactFolders/{id}/contacts/{id}
/users/{id|userPrincipalName}/contacts
/users/{id|userPrincipalName}/contacts/{id}
DelegatedAdminRelationship.Read.All
Actions:
microsoft_graph.graph_api_request
DelegatedAdminRelationship.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
DelegatedPermissionGrant.ReadWrite.All
This is a core permission utilized with the Rewst Microsoft Cloud Connector and is necessary for dynamic permissions. It is not necessary when using an Owned App Registration.
Device.Command
Actions:
microsoft_graph.graph_api_request
Methods:
POST
URLs:
/devices/{id}/command
/me/devices/{id}/command
Device.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/devices
/devices/{id}
/devices/{id}/registeredOwners
/devices/{id}/registeredUsers
/deviceAppManagement/mobileApps/{id}/deviceStatuses
Trigger Types:
microsoft_graph.ms_graph_device_sensor
Device.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/devices
/devices/{id}
/devices/{id}/registeredOwners
/devices/{id}/registeredUsers
/deviceAppManagement/mobileApps/{id}/deviceStatuses
DeviceLocalCredential.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceManagement/deviceLocalCredentialSettings
/deviceManagement/deviceLocalCredentialSettings/{id}
DeviceManagementApps.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceAppManagement/mobileApps
/deviceAppManagement/mobileApps/{id}
/deviceAppManagement/mobileApps/{id}/deviceStatuses
DeviceManagementApps.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceAppManagement/mobileApps
/deviceAppManagement/mobileApps/{id}
/deviceAppManagement/mobileApps/{id}/deviceStatuses
DeviceManagementConfiguration.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceAppManagement/deviceConfigurations
/deviceAppManagement/deviceConfigurations/{id}
/deviceAppManagement/deviceConfigurations/{id}/deviceStatuses
DeviceManagementConfiguration.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceAppManagement/deviceConfigurations
/deviceAppManagement/deviceConfigurations/{id}
/deviceAppManagement/deviceConfigurations/{id}/deviceStatuses
DeviceManagementManagedDevices.PrivilegedOperations.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceManagement/managedDevices
/deviceManagement/managedDevices/{id}/privilegedOperations
DeviceManagementManagedDevices.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceManagement/managedDevices
/deviceManagement/managedDevices/{id}
DeviceManagementManagedDevices.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceManagement/managedDevices
/deviceManagement/managedDevices/{id}
DeviceManagementRBAC.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceAppManagement/rbacDefinitions
/deviceAppManagement/rbacDefinitions/{id}
DeviceManagementRBAC.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceAppManagement/rbacDefinitions
/deviceAppManagement/rbacDefinitions/{id}
DeviceManagementServiceConfig.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/deviceAppManagement/serviceConfigurations
/deviceAppManagement/serviceConfigurations/{id}
DeviceManagementServiceConfig.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/deviceAppManagement/serviceConfigurations
/deviceAppManagement/serviceConfigurations/{id}
Directory.ReadWrite.All
This is a core permission utilized with the Rewst Microsoft Cloud Connector and is necessary for dynamic permissions. It is not necessary when using an Owned App Registration.
Domain.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/domains
/domains/{id}
Domain.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/domains
/domains/{id}
EAS.AccessAsUser.All
Actions:
microsoft_graph.graph_api_request
EWS.AccessAsUser.All
Actions:
microsoft_graph.graph_api_request
Files.Read
Actions:
microsoft_graph.get_onedrive_item_metadata
microsoft_graph.get_users_drive
microsoft_graph.get_users_root_drive_items
Files.Read.All
Actions:
microsoft_graph.get_onedrive_item_metadata
microsoft_graph.get_users_drive
microsoft_graph.get_users_root_drive_items
Trigger Types:
microsoft_graph.ms_onedrive_permissions_sensor
microsoft_graph.ms_onedrive_file_updated
Files.ReadWrite
Actions:
microsoft_graph.copy_onedrive_item
microsoft_graph.create_onedrive_folder
microsoft_graph.delete_onedrive_item
microsoft_graph.get_onedrive_item_metadata
microsoft_graph.get_users_drive
microsoft_graph.get_users_root_drive_items
microsoft_graph.move_onedrive_item
Files.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Group.Create
Actions:
microsoft_graph.create_group
Group.Read.All
Actions:
microsoft_graph.get_group
microsoft_graph.get_mail_groups
microsoft_graph.get_security_groups
microsoft_graph.list_groups
microsoft_graph.list_group_members
Trigger Types:
microsoft_graph.Group Change Subscription
Group.ReadWrite.All
Actions:
microsoft_graph.create_group
microsoft_graph.get_group
microsoft_graph.get_mail_groups
microsoft_graph.get_security_groups
microsoft_graph.list_groups
microsoft_graph.update_group
Trigger Types:
microsoft_graph.Group Change Subscription
GroupMember.Read.All
Actions:
microsoft_graph.get_mail_groups
microsoft_graph.get_security_groups
microsoft_graph.list_group_members
GroupMember.ReadWrite.All
Actions:
microsoft_graph.add_group_member
microsoft_graph.get_mail_groups
microsoft_graph.get_security_groups
microsoft_graph.list_group_members
microsoft_graph.remove_group_member
IdentityProvider.Read.All
Actions:
microsoft_graph.graph_api_request
IdentityProvider.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
IdentityRiskEvent.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/identityProtection/riskDetections
Trigger Types:
microsoft_graph.New Risk Detection
IdentityRiskEvent.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
IdentityRiskyServicePrincipal.Read.All
Actions:
microsoft_graph.graph_api_request
IdentityRiskyServicePrincipal.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
IdentityRiskyUser.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/identityProtection/riskyUsers
/identityProtection/riskyUsers/{id}
Trigger Types:
microsoft_graph.New Risky User
IdentityRiskyUser.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/identityProtection/riskyUsers
/identityProtection/riskyUsers/{id}
Trigger Types:
microsoft_graph.New Risky User
IdentityUserFlow.Read.All
Actions:
microsoft_graph.graph_api_request
IdentityUserFlow.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Insights-UserMetric.Read.All
Actions:
microsoft_graph.graph_api_request
LicenseAssignment.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Mail.Read
Actions:
microsoft_graph.graph_api_request
Mail.Read.Shared
Actions:
microsoft_graph.graph_api_request
Mail.ReadWrite
Actions:
microsoft_graph.delete_subscription
Mail.ReadWrite.Shared
Actions:
microsoft_graph.graph_api_request
Mail.Send
Actions:
microsoft_graph.send_mail_as_user
MailboxSettings.Read
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/mailboxSettings
/users/{id|userPrincipalName}/mailboxSettings
MailboxSettings.ReadWrite
Actions:
microsoft_graph.graph_api_request
Methods:
GET
PATCH
DELETE
URLs:
/me/mailboxSettings
/users/{id|userPrincipalName}/mailboxSettings
Notes.Create
Actions:
microsoft_graph.graph_api_request
Notes.Read
Actions:
microsoft_graph.graph_api_request
Notes.Read.All
Actions:
microsoft_graph.graph_api_request
Notes.ReadWrite
Actions:
microsoft_graph.graph_api_request
Notes.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
OnlineMeetingArtifact.Read.All
Actions:
microsoft_graph.graph_api_request
OnlineMeetings.Read
Actions:
microsoft_graph.graph_api_request
OnlineMeetings.ReadWrite
Actions:
microsoft_graph.graph_api_request
OnlineMeetings.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Place.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/places
Place.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/places
/places/{id}
Policy.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/policies
/policies/activityBasedTimeoutPolicies
/policies/adminConsentRequestPolicy
/policies/appManagementPolicies
/policies/authenticationFlowsPolicy
/policies/authenticationMethodsPolicy
/policies/authenticationMethodsPolicy/authenticationMethodConfigurations
/policies/authenticationStrengthPolicy
/policies/authorizationPolicy
/policies/claimsMappingPolicies
/policies/conditionalAccessPolicies
/policies/crossTenantAccessPolicy
/policies/defaultAppManagementPolicy
/policies/featureRolloutPolicies
/policies/identitySecurityDefaultsEnforcementPolicy
/policies/homeRealmDiscoveryPolicies
/policies/permissionGrantPolicies
/policies/roleManagementPolicies
/policies/roleManagementPolicyAssignments
/policies/tokenIssuancePolicies
/policies/tokenLifetimePolicies
Trigger Types:
microsoft_graph.Policy Change
Policy.ReadWrite.AuthenticationMethod
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/policies/authenticationMethodsPolicy
/policies/authenticationMethodsPolicy/authenticationMethodConfigurations
/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
Policy.ReadWrite.ConditionalAccess
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/policies/conditionalAccessPolicies
/policies/conditionalAccessPolicies/{id}
Policy.ReadWrite.CrossTenantAccess
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
DELETE
URLs:
/policies/crossTenantAccessPolicy
Policy.ReadWrite.DeviceConfiguration
Actions:
microsoft_graph.graph_api_request
RecordsManagement.Read.All
Actions:
microsoft_graph.graph_api_request
RecordsManagement.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Reports.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/reports
/reports/authenticationMethods
/reports/dailyUsageByPrinter
/reports/dailyPrintUsageByUser
/reports/microsoft.graph.deviceConfigurationDeviceActivity()
/reports/microsoft.graph.deviceConfigurationUserActivity()
/reports/microsoft.graph.getEmailActivityCounts(period='{period}')
/reports/microsoft.graph.getEmailActivityUserCounts(period='{period}')
/reports/microsoft.graph.getEmailActivityUserDetail(date='{date}')
/reports/microsoft.graph.getEmailActivityUserDetail(period='{period}')
/reports/microsoft.graph.getEmailAppUsageAppsUserCounts(period='{period}')
/reports/microsoft.graph.getEmailAppUsageUserCounts(period='{period}')
/reports/microsoft.graph.getEmailAppUsageUserDetail(date='{date}')
/reports/microsoft.graph.getEmailAppUsageUserDetail(period='{period}')
/reports/microsoft.graph.getEmailAppUsageVersionsUserCounts(period='{period}')
/reports/microsoft.graph.getGroupArchivedPrintJobs(groupId='{groupId}',startDateTime='{startDateTime}',endDateTime='{endDateTime}')
/reports/microsoft.graph.getM365AppPlatformUserCounts(period='{period}')
/reports/microsoft.graph.getM365AppUserCounts(period='{period}')
/reports/microsoft.graph.getM365AppUserDetail(date='{date}')
/reports/microsoft.graph.getM365AppUserDetail(period='{period}')
/reports/security/microsoft.graph.getAttackSimulationRepeatOffenders()
/reports/security/microsoft.graph.getAttackSimulationSimulationUserCoverage()
/reports/security/microsoft.graph.getAttackSimulationTrainingUserCoverage()
RoleManagement.Read.All
Actions:
microsoft_graph.graph_api_request
RoleManagement.ReadWrite.CloudPC
Actions:
microsoft_graph.graph_api_request
RoleManagement.ReadWrite.Directory
Actions:
microsoft_graph.graph_api_request
RoleManagement.ReadWrite.Exchange
Actions:
microsoft_graph.graph_api_request
Schedule.Read.All
Actions:
microsoft_graph.graph_api_request
Schedule.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
SecurityActions.Read.All
Actions:
microsoft_graph.graph_api_request
SecurityActions.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
SecurityAlert.Read.All
Actions:
microsoft_graph.graph_api_request
SecurityAlert.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
SecurityEvents.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/security/alerts
/security/secureScores
Trigger Types:
microsoft_graph.New Secure Score
microsoft_graph.New Security Alert
microsoft_graph.Security Alert Subscription
SecurityEvents.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/security/alerts
/subscriptions?resource=security/alerts
Trigger Types:
microsoft_graph.New Secure Score
microsoft_graph.New Security Alert
microsoft_graph.Security Alert Subscription
SecurityIncident.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/security/incidents
/security/incidents/{id}
SecurityIncident.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
ServiceHealth.Read
Actions:
microsoft_graph.graph_api_request
Trigger Types:
microsoft_graph.Management Activity
ServiceHealth.Read.All
Actions:
microsoft_graph.graph_api_request
ServiceMessage.Read.All
Actions:
microsoft_graph.graph_api_request
ServicePrincipalEndpoint.ReadWrite.All
This is a core permission utilized with the Rewst Microsoft Cloud Connector and is necessary for dynamic permissions. It is not necessary when using an Owned App Registration.
Sites.FullControl.All
Actions:
microsoft_graph.sharepoint_delete_anon_links
microsoft_graph.graph_api_request
Methods:
GET
POST
PUT
PATCH
DELETE
URLs:
/sites
/sites/{id}
/sites/{id}/analytics
/sites/{id}/lists
/sites/{id}/operations
Sites.Manage.All
Actions:
microsoft_graph.graph_api_request
Sites.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/sites
/sites/{id}
/sites/{id}/analytics
/sites/{id}/lists
/sites/{id}/lists/{id}
/sites/{id}/operations
Sites.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PUT
PATCH
DELETE
URLs:
/sites
/sites/{id}
/sites/{id}/analytics
/sites/{id}/lists
/sites/{id}/lists/{id}
/sites/{id}/operations
Subscription.Read.All
Actions:
microsoft_graph.list_subscriptions
Team.Create
Actions:
microsoft_graph.graph_api_request
TeamMember.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/teams/{id}/members
/teams/{id}/members/{id}
TeamMember.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
DELETE
URLs:
/teams/{id}/members
/teams/{id}/members/{id}
/teams/{id}/members/microsoft.graph.add
TeamSettings.Read.All
Actions:
microsoft_graph.graph_api_request
TeamSettings.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Teamwork.Migrate.All
Actions:
microsoft_graph.graph_api_request
Teamwork.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/teamwork
/teamwork/deletedTeams
/teamwork/microsoft.graph.sendActivityNotificationToRecipients
/teamwork/teamsAppSettings
/teamwork/workforceIntegrations
TeamworkTag.Read
Actions:
microsoft_graph.graph_api_request
TeamworkTag.Read.All
Actions:
microsoft_graph.graph_api_request
TeamworkTag.ReadWrite
Actions:
microsoft_graph.graph_api_request
TeamworkTag.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
ThreatAssessment.Read.All
Actions:
microsoft_graph.graph_api_request
ThreatAssessment.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
ThreatHunting.Read.All
Actions:
microsoft_graph.graph_api_request
ThreatIndicators.Read.All
Actions:
microsoft_graph.graph_api_request
ThreatIntelligence.Read.All
Actions:
microsoft_graph.graph_api_request
ThreatSubmission.Read.All
Actions:
microsoft_graph.graph_api_request
ThreatSubmission.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
User.ManageIdentities.All
Actions:
microsoft_graph.graph_api_request
User.Read
This permission is necessary for Rewst to be able to authenticate with your Microsoft tenant. It will always be required, even for Owned App Registrations.
User.Read.All
Actions:
microsoft_graph.get_user
microsoft_graph.list_users
Trigger Types:
microsoft_graph.User Change Subscription
User.ReadWrite.All
Actions:
microsoft_graph.assign_license
microsoft_graph.assign_license_to_group
microsoft_graph.create_invitation
microsoft_graph.create_user
microsoft_graph.invalidate_sign_in_sessions
microsoft_graph.get_user
microsoft_graph.list_users
microsoft_graph.remove_license
microsoft_graph.remove_license_from_group
microsoft_graph.set_user_manager
microsoft_graph.update_user
Trigger Types:
microsoft_graph.User Change Subscription
UserAuthenticationMethod.Read.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
URLs:
/me/authentication/emailMethods
/me/authentication/fido2Methods
/me/authentication/methods
/me/authentication/microsoftAuthenticatorMethods
/me/authentication/operations
/me/authentication/passwordMethods
/me/authentication/phoneMethods
/me/authentication/softwareOathMethods
/me/authentication/temporaryAccessPassMethods
/me/authentication/windowsHelloForBusinessMethods
/users/{id}/authentication/emailMethods
/users/{id}/authentication/fido2Methods
/users/{id}/authentication/methods
/users/{id}/authentication/microsoftAuthenticatorMethods
/users/{id}/authentication/operations
/users/{id}/authentication/passwordMethods
/users/{id}/authentication/phoneMethods
/users/{id}/authentication/softwareOathMethods
/users/{id}/authentication/temporaryAccessPassMethods
/users/{id}/authentication/windowsHelloForBusinessMethods
UserAuthenticationMethod.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Methods:
GET
POST
PATCH
PUT
DELETE
URLs:
/me/authentication/emailMethods
/me/authentication/fido2Methods
/me/authentication/methods
/me/authentication/microsoftAuthenticatorMethods
/me/authentication/operations
/me/authentication/passwordMethods
/me/authentication/phoneMethods
/me/authentication/softwareOathMethods
/me/authentication/temporaryAccessPassMethods
/me/authentication/windowsHelloForBusinessMethods
/users/{id}/authentication/emailMethods
/users/{id}/authentication/fido2Methods
/users/{id}/authentication/methods
/users/{id}/authentication/microsoftAuthenticatorMethods
/users/{id}/authentication/operations
/users/{id}/authentication/passwordMethods
/users/{id}/authentication/phoneMethods
/users/{id}/authentication/softwareOathMethods
/users/{id}/authentication/temporaryAccessPassMethods
/users/{id}/authentication/windowsHelloForBusinessMethods
VirtualEvent.Read
Actions:
microsoft_graph.graph_api_request
VirtualEvent.Read.All
Actions:
microsoft_graph.graph_api_request
eDiscovery.ReadWrite.All
Actions:
microsoft_graph.graph_api_request
Last updated
