✖

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Minimum scope

The roles and permissions, or minimum scope, required by a service account configured for Exchange Online reporting and auditing in Exchange Reporter Plus are listed below.

Table 1: Roles and permissions required by the service account

Module	Role Name	Scope
Reporting and auditing	Global Reader	Get reports on all Microsoft 365 services.
Migration	Privileged Authentication Administrator	Allow technicians to update details of all users (administrators and non-administrators).
	Help Desk Administrator	Allow technicians to update details of non-administrators and other help desk administrators.
	Exchange Administrator	Update mailbox properties.

The roles and permissions, or minimum scope, required by a Microsoft Entra ID application configured for Exchange Online reporting and auditing in Exchange Reporter Plus are listed below.

Table 2: Roles and permissions required by the Microsoft Entra ID application

Module	API Name	Permission	Scope
Reporting	Microsoft Graph	User.Read.All	Get user and group member reports.
		Reports.Read.All	Get usage reports.
		Calendars.Read	Get users' calendar details.
		Organization.Read.All	Get license details.
Auditing	Office 365 Management	ActivityFeed.Read	Read the activity data for the organization.
Content Search	Microsoft Graph	Mail.Read	Read the email content in mailboxes.
Migration	Office 365 Exchange Online	Mail.ReadWrite	Migrate the email content in mailboxes to Exchange Online.
Migration	Office 365 Exchange Online	User.ReadWrite.All	Create user objects.

Previous Topic Next Topic