Required permission in Office365 for Email Auto-Remediation feature
Article ID: 173460
Updated On:
Products
Email Threat Detection and Response
Issue/Introduction
Customer would like to confirm which permission is granted for Symantec Auto-Remediation agent in Office365
Resolution
Auto-Remediation agent requires to have Directory.Read.All permission. It is minimum requirement to perform “Permanent Delete” action.
Requirements:
- Get list of domains under a tenant
Reference: https://docs.microsoft.com/en-us/graph/api/domain-list?view=graph-rest-1.0
- Get the display name of the tenant
Reference: https://docs.microsoft.com/en-us/graph/api/organization-get?view=graph-rest-1.0
To satisfy both requirements, Auto-Remediation agent needs Directory.Read.All permission as least privilege.
Feedback
Yes
No
Powered by
