戻る
-
タイトル
Microsoft Permissions for Reporting -
説明
To be granted access to Nova Reporting, you need to accept Microsoft permissions during the on-boarding process of connecting your tenant. The following are Microsoft's permissions. -
対策
Permission Description Sign and and read user profile Allow users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. Read all access reviews Allows the app the read access reviews, reviewers, decisions and settings in the organization, without a signed-in user. Read all administrative units Allows the app to read administrative units and administrative unit membership without a signed-in user. Read all admin consent approval requests Allows the app to read admin consent requests, business flows and governance policy templates without a signed-in users. Read all customer lockbox approval requestsAllows the app to read customer lockbox requests, business flows, and governance policy templates without a signed-in user. Read all entitlement management approval requests Allows the app to read entitlement requests, business flows, and governance policy templates without a signed-in user. Read all privileged access approval requestsAllows the app to read privileged access requests, business flows, and governance policy templates without a signed-in user. Read all audit log data Allows the app to read and query your audit log activities, without a signed-in user. Read all channel messages Allows the app to read all channel messages in Microsoft Teams. Read all chat messages Allows the app to read all 1-to-1 or group chat messages in Microsoft Teams. Read Microsoft Intune apps Allows the app to read the properties, group assignments and status of apps, app configurations, and app protection policies managed by Microsoft Intune, without a signed-in users. Read Microsoft Intune device configurations and policies Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. Read Microsoft Intune devices Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user. Read Microsoft Intune RBAC settings Allows the app to read the properties relating to the Microsoft Intune Role-Based-Access-Control (RBAC) settings, without a signed-in user. Read Microsoft Intune configuration Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user. Read Directory Data Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. Read Education App settings Read the state and settings of all Microsoft education apps. Read class assignments with grades Allows the app to read assignments and their grades for all users. Read class assignments without grades Allows the app to read assignments without grades for all users. Read the organization's roster Allows the app to read the structure of schools and classes in the organization's roster and education-specific information about all users to be read. Read files in all site collections Allows the app to read all files in all site collections without a signed-in user. Read all groups Allows the app to read group properties and memberships, and read the calender and conversations for all groups, without a signed-in user. Read identity providers Allows the app to read your organization's identity (authentication) providers' properties without a signed-in user. Read all identity risk information Allows the app to read the identity risk event information for your organization without a signed-in user.Read all identity risky user information Allows the app to read the identity risk user information for your organization without a signed-in user. Read all identity user flows Allows the app to read your organization's user flows, without a signed-in user. Read all user mailbox settings Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. Read all hidden memberships Allows the app to read the memberships of hidden groups and administrative units without a signed-in user. Read all OneNote notebooks Allows the app to read all the OneNote notebooks in your organization, without a signed-in user. Read online meetings details Allows the app o read online meeting details in your organization, without a signed-in user. Read organization information Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information. Read organizational contacts Allows the app to read all organizational contacts without a signed-in user. These contacts are managed by the organization and are different from a user's personal contacts. Real all users' relevant people lists Allows the app to read any user's scored list of relevant people, without a signed-in user. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype). Read all company places Allows the app to read company places (conference rooms and room lists) for calendar events and other applications, without a signed-in user. Read your organization's policies Allows the app to read all your organization's policies without a signed-in user. Read privileged access to Azure AD roles Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user. Read privileged access to Azure AD groups Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user. Read privileged access to Azure resourcesAllows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user. Read all programs Allows the app to read programs and program controls in the organization, without a signed-in user. Read all usage reportsAllows an app to read all service usage reports without a signed-in user. Services the provide usage reports include Office 365 and Azure Active Directory. Read all directory RBAC settings Allows the app to read the role-based-access-control (RBAC) settings for your company's directory, without a signed-in user. This includes reading directory role templates, directory roles and memberships. Read your organization's security actions Allows the app to read security actions, without a signed-in user. Read your organization's security events Allows the app to read your organization's security events without a signed-in user. Read items in all site collections Allows the app to read documents and list items in all site collections without a signed-in user. Read all users' teamwork activity feed Allows the app to read all users' teamwork activity feed, without a signed-in user. Read all users' installed Teams apps Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings. Read all threat indicators Allows the app to read all the indicators for your organization, without a signed-in user. Read all users' full profiles Allows the app to read user profiles without a signed-in user. Read activity data for your organization Allows the application to read activity data for your organization. Read DLP policy events including detected sensitive data Allows the application to read DLP policy events, including sensitive data, for you organization. Read service health information for your organization Allows the application to read service health information for your organization. View all content in tenant The app can view all content in the tenant without a signed-in user.Get data warehouse information for Microsoft Intune Grants access to the Intune data warehouse API. Get device state and compliance information from Microsoft IntuneAllow the app to receive information about devices (such as compliance and enrollment state) that are managed by Intune.