Below is an index of recommended permissions for each Microsoft Integration offered by Torq. Best practice is to create separate integrations for each application. The listed permissions follow the principle of least access; additional permissions can be added at your discretion.
Read permission allows viewing or accessing files or data, while write permission allows modifying or adding to them. In short, read is for viewing, and write is for editing.
For more information on these permissions and additional Microsoft API permissions, please see the official documentation.
Microsoft 365 (for Defender steps)
Microsoft 365 (for Defender steps)
To create a general Microsoft 365 integration, follow the steps in the Microsoft 365 guide.
Read-only:
ThreatHunting.Read.All
ThreatSubmission.Read.All
Write:
ThreatSubmission.ReadWrite.All
Microsoft Entra ID
Microsoft Entra ID
See Torq's dedicated Entra ID guide for more information.
Read-only:
User.Read.All
GroupMember.Read.All
ProfilePhoto.Read.All
Device.Read.All
IdentityRiskEvent.Read.All
UserAuthenticationMethod.Read.All
AuditLog.Read.All
Application.Read.All
Write:
Group.Create User.ReadWrite.All
GroupMember.ReadWrite.All
Group.ReadWrite.All
User.ManageIdentities.All
IdentityRiskyUser.ReadWrite.All
User.RevokeSessions.All
UserAuthenticationMethod.ReadWrite.All
User.Invite.All
Application.ReadWrite.All
Device.ReadWrite.All
Directory-wide permissions are generally not recommended but may be necessary for steps like Get User Group Memberships. If you need to use these steps, the required directory-wide permissions are:
Directory.Read.All Directory.WriteRead.All
Microsoft Defender
Microsoft Defender
See Torq's dedicated Defender guide for more information.
Read-only:
AdvancedHunting.Read.All
Incident.Read.All
Write:
Incident.ReadWrite.All
Microsoft Intune
Microsoft Intune
To create an Intune integration, follow the steps in the Microsoft 365 guide.
Read-only:
User.ReadBasic.All
User.Read.All
DeviceManagementConfiguration.Read.All
DeviceManagementManagedDevices.Read.All
Write:
DeviceManagementManagedDevices.ReadWrite.All
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementApps.ReadWrite.All
Microsoft Lists
Microsoft Lists
To create a List integration, follow the steps in the Microsoft 365 guide.
Read-only:
Sites.Read.All
List.Read.All
User.Read
Write:
Sites.ReadWrite.All
List.ReadWrite.All
Microsoft Outlook
Microsoft Outlook
To create an Outlook integration, follow the steps in the Microsoft 365 guide.
Read-only:
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
MailboxSettings.Read
User.Read
Write:
Mail.ReadWrite
Mail.Send
MailboxSettings.ReadWrite
Mail.ReadWrite.Shared
Microsoft OneDrive
Microsoft OneDrive
To create a OneDrive integration, follow the steps in the Microsoft 365 guide.
Files.ReadWrite.All
Microsoft SharePoint
Microsoft SharePoint
To create a SharePoint integration, follow the steps in the Microsoft 365 guide.
Files.ReadWrite.All
Microsoft Teams
Microsoft Teams
See Torq's dedicated Teams Bot guide for more information.
Necessary permissions for the Microsoft Teams Bot:
AppCatalog.Read.All
Group.Read.All
TeamsAppInstallation.ReadWriteForTeam.All
TeamsAppInstallation.ReadWriteForUser.All
User.Read.All
Optional permissions (not necessary for basic functionality, but necessary for some steps). These permissions can also be added to a Microsoft 365 integration for use with Microsoft Teams steps (not Microsoft Teams Bot).
Channel.ReadBasic.All
Chat.ReadWrite.All
Team.ReadBasic.All
TeamsAppInstallation.ReadForUser.All