ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Required permission in Office365 for Email Auto-Remediation feature

book

Article ID: 173460

calendar_today

Updated On:

Products

Email Threat Detection and Response

Issue/Introduction

Customer would like to confirm which permission is granted for Symantec Auto-Remediation agent in Office365

Resolution

Auto-Remediation agent requires to have Directory.Read.All permission. It is minimum requirement to perform “Permanent Delete” action.

 

Requirements:

  1. Get list of domains under a tenant

Reference: https://docs.microsoft.com/en-us/graph/api/domain-list?view=graph-rest-1.0

 

  1. Get the display name of the tenant

Reference: https://docs.microsoft.com/en-us/graph/api/organization-get?view=graph-rest-1.0

 

To satisfy both requirements, Auto-Remediation agent needs Directory.Read.All permission as least privilege.