Cloud Security Center Permissions
Apart from giving the Cloud Security Center application Reader permissions on the monitored subscriptions, some packs within Cloud Security Center require specific permissions to function correctly. Below is a list of the necessary permissions:
General
| Permission Name |
Description |
| User.Read.All |
Required to read all users in the tenant and their group memberships |
Data & Apps Protection
| Permission Name |
Description |
| Reports.Read.All |
Used to retrieve the Office 365 and Exchange licenses |
Endpoint Protection
| Permission Name |
Description |
| AdvancedHunting.Read.All |
Used to read the results of a query that retrieves all desktop, laptop and mobile devices |
Identity Protection
| Permission Name |
Description |
| GroupMember.Read.All |
Read all users in the tenant |