While Global Administrator will have the ability to approve Block64's ability to read your M365 Data, all permissions required must be met to achieve full inventory if you choose to use a lower level of permission than Global Administrator.
Below is a list of required minimum permissions to achieve full inventory of your M365 Data.
/me | Directory.Read.All | |
/users |
Directory.Read.All AuditLog.Read.All for signInActivity |
|
/groups | Directory.Read.All | |
/subscribedSkus | Directory.Read.All | |
/reports/getMailboxUsageDetail | Reports.Read.All | |
/security/secureScores | SecurityEvents.Read.All | |
/security/secureScoreControlProfiles | SecurityEvents.Read.All | |
/organization | Directory.Read.All | |
/reports/getOffice365ActivationsUserDetail | Reports.Read.All | |
/reports/getTeamsUserActivityUserDetail | Reports.Read.All | |
/reports/getSharePointActivityUserDetail | Reports.Read.All | |
/reports/getEmailActivityUserDetail | Reports.Read.All | |
/reports/getEmailActivityUserDetail | Reports.Read.All | |
/reports/getM365AppUserDetail | Reports.Read.All | |
/sites?search=* | Sites.Read.All | |
/sites/{site_id}/drive | Files.Read.All | |
/sites/{site_id}/drive/list/items | Files.Read.All | |
/sites/{site_id}/drive/items/{item_id}/permissions | Files.Read.All | |
/users/{user_id}/drives | Files.Read.All | |
/drives/{drive_id}/list/items |
Files.Read.All |
|
/drives/{drive_id}/items/{item_id}/permissions |
Files.Read.All |
|
/communications/callRecords/getPstnCalls |
CallRecords.Read.All |
|
/security/informationProtection/sensitivityLabels |
InformationProtectionPolicy.Read.All |