Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Permissions required for the Microsoft OneDrive connector

Overview

When you connect Code42 to Microsoft OneDrive, you grant certain permissions to Code42 in your Microsoft environment. This article lists the permissions Code42 requires as well as what those permissions allow Code42 to do in your Microsoft environment.

OneDrive permissions

Code42 collects file events from OneDrive. A file event is any activity observed for a file. For example, creating, modifying, sharing, renaming, moving, or deleting a file generates an event for that file. To see this file activity, Code42 requires access to your OneDrive environment. The OneDrive permissions we request are: 

  • Directory.Read.All
  • Files.Read.All
  • Files.ReadWrite.All
  • ActivityFeed.Read

This set of permissions gives Code42 the access to user information, file metadata, and drives needed to monitor file activity. This set includes manage and write permissions required for the Code42 data connection. However, Code42 is committed to data integrity and does not:

  • Write to or modify content in your cloud storage environment
  • Monitor the contents of files in cloud storage
  • Back up files in cloud storage

The Code42 data connection uses the Files.ReadWrite.All permission to allow security analysts to:

More information on file activity
For more information on the specific metadata and file events visible in Forensic Search, see the File event metadata reference.

External resources

Microsoft documentation: Microsoft Graph permissions reference

  • Was this article helpful?