Comment on page

Permissions Required

by the Bsure Insights Data Collector Managed Application

When you run the permissions script​ during the installation process, you give the Microsoft Graph permissions below to a Managed Identity used by the Azure Functions in the Managed Resource Group.
Directory.Read.All, used to read user and license information​
AuditLog.Read.All, used to get user last signin information​
Domain.Read.All, used to get friendly names for tenantid​
Reports.Read.All, used to read user MFA registration information
Policy.Read.All, used to read signin logs and conditional access policies
The Managed Identity holds these permissions:

Technical Description - Previous

Azure Managed Application

Next - Technical Description

Security

Last modified 6mo ago