What access permissions does Secure Email Threat Defense request from Microsoft?

For Microsoft 365 Authentication mode, Secure Email Threat Defense requests access permissions from Microsoft. These permissions depend on whether you choose Read and Write or Read mode. Details about the permissions can be found in the linked Microsoft documentation.

MS Graph API Permission ETD Mode ETD Usage
Mail.Read Read

  • EML download

  • Reclassification feedback
Mail.ReadWrite Read and Write

  • All Mail.Read usages

  • Remediation

    • Create quarantine folders

    • Move messages

    • Delete messages
User.Read All Default requesting user permission
Domain.Read.All All Import mail servers
Organization.Read.All All Import domains
User.Read.All All

  • Recipient validation

  • Group based policy exceptions
Group.Read.All All

  • Recipient validation

  • Group based policy exceptions
GroupMember.Read.All All Group based policy exceptions