Skip to main content
Praxis Navigator

Microsoft Graph API Permissions

Praxis Navigator requests read-only access to your Microsoft 365 tenant through the Microsoft Graph API. This page lists every permission we request, what it accesses, and why.

29

Total Permissions

34

API Endpoints

Application

Permission Type

Read-Only

Access Level

All permissions are read-only

Praxis Navigator does not request any write, update, or delete permissions. We do not modify any data in your Microsoft 365 environment. Your Microsoft 365 Global Administrator or Application Administrator reviews and grants these permissions through the standard Microsoft consent flow, and can revoke them at any time from the Entra ID admin portal.

Audit & Sign-in

AuditLog.Read.All Application Read-Only

Track sign-in activities, authentication events, and directory changes to identify potential security risks and unusual access patterns.

/auditLogs/signIns Sign-in activities and authentication logs
/auditLogs/directoryAudits Directory changes and audit events

Directory & Users

Directory.Read.All Application Read-Only

Read directory objects, user profiles, groups, and organizational structure to build comprehensive security culture reports.

/directoryObjects Directory objects and organizational structure
/users User profiles and directory information
/groups Group information and memberships
Organization.Read.All Application Read-Only

Access organization information and tenant details to provide context for security culture assessments.

/organization Organization information and tenant details
OrgContact.Read.All Application Read-Only

Monitor organizational contacts and external interactions for security risk assessment.

/contacts Organizational contacts and external interactions

Identity Protection

IdentityRiskEvent.Read.All Application Read-Only

Monitor identity risk detections, risky sign-ins, and suspicious activities to identify potential security threats.

/identityProtection/riskDetections Identity risk detections and events
/identityProtection/riskySignIns Risky sign-in activities
IdentityRiskyUser.Read.All Application Read-Only

Track users with risky behavior patterns to provide targeted security awareness insights.

/identityProtection/riskyUsers Users with risky behavior patterns
RiskPreventionProviders.Read.All Application Read-Only

Monitor risk prevention providers and configurations to ensure comprehensive security coverage.

/identityProtection/riskPreventionProviders Risk prevention providers and configurations

Security Monitoring

SecurityAlert.Read.All Application Read-Only

Monitor security alerts from Microsoft security services to provide comprehensive threat visibility.

/security/alerts Security alerts from Microsoft security services
SecurityEvents.Read.All Application Read-Only

Monitor security events and threat detection data for comprehensive security monitoring.

/security/events Security events and threat detection data
SecurityActions.Read.All Application Read-Only

Track security actions and responses to monitor incident response effectiveness.

/security/securityActions Security actions and responses
SecurityAnalyzedMessage.Read.All Application Read-Only

Access analyzed email metadata and detection details to monitor phishing and email security threats.

/security/analyzedEmails Analyzed email metadata and detection details
SecurityIdentitiesAccount.Read.All Application Read-Only

Access security identity account data for identity-based threat detection.

/security/identities/accounts Security identity account data

Authentication & Policy

AuthenticationContext.Read.All Application Read-Only

Monitor authentication context and conditional access policies to ensure proper security controls are in place.

/identity/conditionalAccess/authenticationContextClassReferences Authentication context and conditional access
Policy.Read.All Application Read-Only

Access organizational policies to ensure security culture alignment with corporate governance.

/policies Organizational policies and configurations
Reports.Read.All Application Read-Only

Monitor authentication method registration details to track multi-factor authentication adoption.

/reports/authenticationMethods/userRegistrationDetails Authentication method registration details
EventListener.Read.All Application Read-Only

Track authentication event listeners and triggers to monitor security-related authentication events.

/identity/authenticationEventListeners Authentication event listeners and triggers
IdentityUserFlow.Read.All Application Read-Only

Monitor identity user flows and authentication journeys to understand user authentication patterns.

/identity/userFlows Identity user flows and authentication journeys

Information Protection

InformationProtectionConfig.Read.All Application Read-Only

Access information protection policies to monitor data classification and protection compliance.

/informationProtection/policy Information protection policies and configurations
InformationProtectionPolicy.Read.All Application Read-Only

Monitor information protection labels and policies to track data security compliance.

/informationProtection/policy/labels Information protection labels and policies
ThreatAssessment.Read.All Application Read-Only

Access threat assessment requests and results to monitor security threat analysis activities.

/informationProtection/threatAssessmentRequests Threat assessment requests and results

Compliance

Agreement.Read.All Application Read-Only

Monitor user agreement acceptances and policy acknowledgments to ensure compliance with organizational security policies.

/agreementAcceptances Agreement acceptances and policy acknowledgments
ResourceSpecificPermissionGrant.Read.All Application Read-Only

Monitor OAuth2 permission grants and delegations to track application access and potential security risks.

/oauth2PermissionGrants OAuth2 permission grants and delegations

Device & Network

DeviceManagementApps.Read.All Application Read-Only

Access device management audit events to track mobile device and application security compliance.

/deviceManagement/auditEvents Device management audit events
NetworkAccess-Reports.Read.All Application Read-Only

Monitor network access reports and VPN usage to track remote access security patterns.

/networkAccess/reports Network access reports and VPN usage

Usage & Learning

Insights-UserMetric.Read.All Application Read-Only

Access user activity metrics including print jobs and Teams collaboration to understand user behavior patterns.

/reports/getUserArchivedPrintJobs User archived print jobs and activity metrics
/reports/getTeamsUserActivityUserDetail Teams user activity details and collaboration metrics
LearningAssignedCourse.Read.All Application Read-Only

Track security training course assignments and completions to measure security awareness program effectiveness.

/employeeExperience/learningCourseActivities Learning course assignments and completions

Administration

DirectoryRecommendations.Read.All Application Read-Only

Access Azure AD security recommendations to provide actionable security improvement suggestions.

/directory/recommendations Azure AD security recommendations
ReportSettings.Read.All Application Read-Only

Monitor admin report settings to ensure proper security reporting configurations.

/admin/reportSettings Admin report settings and configurations
OrgSettings-Microsoft365Install.Read.All Application Read-Only

Access Microsoft 365 service health and installation settings for comprehensive security monitoring.

/admin/serviceAnnouncement/healthOverviews Microsoft 365 service health and installation settings
← Back to Data Handling & Privacy