Help CenterUnderstanding required API permissions
When connecting Griffin31 to a Microsoft 365 tenant, specific permissions are required to enable access to necessary resources for security assessments.
Griffin31 operates without any write permissions in your Microsoft 365 tenant, ensuring it cannot alter any settings or configurations within the environment. Additionally, Griffin31 does not have access to any user data, such as files andemails stored within the tenant.
The platform is designed for read-only security assessments, focusing solely on identifying misconfigurations and vulnerabilities while maintaining strict adherence to data privacy and security protocols. This ensures that your organization's data remains fully protected and inaccessible to Griffin31.
API permissions descriptions
Here’s a breakdown of each permission listed in the image and why they are required to connect Griffin31 to a Microsoft 365 tenant:
1. AppCatalog.Read.All: This permission allows the reading of all app catalogs. Griffin31 requires this to monitor and assess the apps being used in the tenant, ensuring no unapproved apps compromise security.
2. Application.Read.All: Allows reading of all applications. This is important for security evaluations, providing visibility into all apps integrated with Microsoft 365 to detect potential vulnerabilities.
3. AuditLog.Read.All: Grants the ability to read all audit log data. Griffin31 needs this to track changes, monitor user activities, and generate security audit trails.
4. Channel.ReadBasic.All: This permission allows reading of channel names and descriptions in Teams. It’s necessary to track collaboration within Teams and ensure no unauthorized channels are created.
5. ChannelMember.Read.All: Allows reading of members within Teams channels. Griffin31 needs this to ensure that only authorized users have access to specific Teams channels.
6. ChannelSettings.Read.All: Provides the ability to read Teams channel settings. This is important for ensuring proper configuration and permissions within Teams to prevent security lapses.
7. DeviceManagementApps.Read.All: Reads Intune apps. Griffin31 requires this to ensure that only compliant and secure applications are managed on devices.
8. DeviceManagementConfiguration.Read.All: Allows reading of Intune device configuration and policies. This is necessary to monitor compliance and security configurations for devices within the tenant.
9. Directory.Read.All: Grants access to read directory data (users, groups, devices). Griffin31 requires this to maintain an updated overview of all directory assets and assess access permissions.
10. Domain.Read.All: Enables reading of domain information. This permission is essential for Griffin31 to monitor the domains within the tenant and ensure they are properly configured and secure.
11. Group.Read.All: Reads all group data. Griffin31 needs this to review and monitor group memberships and access controls across the tenant.
12. IdentityProvider.Read.All: This permission allows reading of identity providers. Griffin31 uses this to evaluate the security and integrity of identity sources and configurations within the tenant.
13. MailboxSettings.Read: Allows reading of user mailbox settings. Griffin31 requires this for monitoring email configurations, especially to detect misconfigurations in security.
14. Organization.Read.All: Allows reading of organization information. This permission is necessary to assess the organizational structure and understand how policies are implemented across the tenant.
15. Policy.Read.All: Grants access to read organizational policies. Griffin31 needs this to ensure that security and compliance policies are properly configured and enforced.
16. SharePointTenantSettings.Read.All: Allows reading of SharePoint and OneDrive tenant settings. This is important to monitor for secure configurations and ensure that file-sharing practices adhere to organizational policies.
17. Team.ReadBasic.All: Reads basic information about all Teams. Griffin31 uses this to get an overview of Teams configurations and ensure proper governance of collaboration spaces.
18. TeamSettings.Read.All: Allows reading of all Teams settings. This is important for evaluating security settings within Microsoft Teams, ensuring compliance with organizational policies.
19. User.Read.All: Grants the ability to read all user profiles. Griffin31 requires this to monitor user activity and manage security across all users in the tenant.
20. UserAuthenticationMethod.Read.All: Reads all users’ authentication methods. Griffin31 needs this to assess the strength of authentication protocols like MFA to ensure that strong security measures are enforced.
These permissions provide Griffin31 with the necessary visibility into Microsoft 365's various components to monitor, assess, and ensure robust security practices across the tenant.