Permissions required for the Microsoft OneDrive connector
Overview
When you connect Code42 to Microsoft OneDrive, you grant certain permissions to Code42 in your Microsoft environment. This article lists the permissions Code42 requires as well as what those permissions allow Code42 to do in your Microsoft environment.
OneDrive permissions
Code42 collects file events from OneDrive. A file event is any activity observed for a file. For example, creating, modifying, sharing, renaming, moving, or deleting a file generates an event for that file. To see this file activity, Code42 requires access to your OneDrive environment. The OneDrive permissions we request are:
- Directory.Read.All
- Files.Read.All
- Files.ReadWrite.All
- ActivityFeed.Read
The Code42 data connection uses the Files.ReadWrite.All permission to allow security analysts to:
- Temporarily view cloud storage files in an investigation
- View a cloud storage file's sharing permissions to assess risk when a file is shared either publicly or with untrusted users
External resources
Microsoft documentation: Microsoft Graph permissions reference