M365 CSP/GDAP Permission Checker Crate
Last updated
Was this helpful?
Last updated
Was this helpful?
This Crate gives you a simple way to help validate that your GDAP roles and permissions are correct and assigned to the appropriate account. Your Rewst service account that is used to manage your Microsoft tenants requires specific GDAP roles in order to perform it's various actions. The workflow in this Crate is designed to identify if any of these roles are missing at a specified client location.
For more information on the recommended GDAP roles, see the Best Practices for Microsoft Integration page in our documentation.
The Microsoft Graph integration must first be set up before unpacking this Crate.
Navigate to Crates > Crate Marketplace in the left side menu of the Rewst platform.
Search for M365 CSP/GDAP Permission Checker.
Click on the Crate tile to begin unpacking.
Click Unpack Crate.
Click Continue.
Enter your time estimate into the Time Saved (seconds) field.
Expand the Always Pass accordion menu. Ensure that Activate for all current and future managed organizations is toggled on to allow you to run the Crate ad-hoc for any of your client accounts.
Click Unpack.
Using this Crate involves investigating the workflow within it.
Navigate to Automations > Workflows.
Search for [ROC] M365: CSP/CPV Permission Checker. Click on the workflow to open it in the workflow builder.
Within the [ROC] M365: CSP/CPV Permission Checker main workflow, click Test.
Select the tenant you want to check permissions for from the Trigger Context Organization dropdown menu. This list is derived from the organizations enabled in your trigger configuration.
Enter the domain associated with the managing organization's tenant in the Primary Domain of the MSP field.
Click Test.
Click View Results.
Click Load Context.
Click to expand all s in the context code. The errors messages contained within this record will indicate if roles are present or missing. For example:
