Permissions required by the Microsoft Office 365 email connector


When you connect Code42 to Microsoft Office 365 email, you grant certain permissions to Code42 in your Microsoft environment. This article lists the permissions Code42 requires as well as what those permissions allow Code42 to do in your Microsoft environment.

Microsoft Office 365 email permissions

When a monitored user emails an attachment, Code42 collects information about the attached file along with the sender and recipients for the email.

To see this file activity, Code42 requires access to your Office 365 email environment. The Office 365 email permissions we request are:

  • ActivityFeed.Read
  • Files.Read.All
  • Group.Read.All
  • Mail.Read
  • Mail.ReadBasic
  • User.Read
  • User.Read.All

This set of permissions means Code42 has read-only access to metadata for emails, attached files, and users within that email service. In other words, Code42 cannot make changes to the emails, data, or users in your email environment. In addition, Code42 does not monitor the contents of those files, and does not back up files in the email service.

More information on file activity
For more information on the specific metadata and file events visible in Forensic Search, see the File event metadata reference.

External resources

Microsoft documentation: Microsoft Graph permissions reference