Skip to main content

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

Code42 Support

Permissions required for the Microsoft OneDrive connector


When you connect Code42 to Microsoft OneDrive, you grant certain permissions to Code42 in your Microsoft environment. This article lists the permissions Code42 requires as well as what those permissions allow Code42 to do in your Microsoft environment.

OneDrive permissions

Code42 collects file events from OneDrive. A file event is any activity observed for a file. For example, creating, modifying, sharing, renaming, moving, or deleting a file generates an event for that file. To see this file activity, Code42 requires access to your OneDrive environment. The OneDrive permissions we request are: 

  • Directory.Read.All
  • Files.Read.All
  • Files.ReadWrite.All
  • ActivityFeed.Read

This set of permissions gives Code42 the access to user information, file metadata, and drives needed to monitor file activity. This set includes manage and write permissions required for the Code42 data connection. However, Code42 is committed to data integrity and does not:

  • Write to or modify content in your cloud storage environment
  • Monitor the contents of files in cloud storage
  • Back up files in cloud storage

The Code42 data connection uses the Files.ReadWrite.All permission to allow security analysts to:

More information on file activity
For more information on the specific metadata and file events visible in Forensic Search, see the File event metadata reference.

External resources

Microsoft documentation: Microsoft Graph permissions reference

  • Was this article helpful?