O365 Roles Requirements

Owned by Chandler Berry
Last updated: Jan 18, 2023 by Alan Forbes
2 min read

The O365 Roles Required of VitalSigns.

Office 365 Roles

The simplest solution would be to give the VitalSigns credentials a Global Administrator role, but we understand that some businesses are not comfortable giving a program Global Admin rights, nor do we recommend this.  However this is occasionally necessary when troubleshooting to eliminate the possibility of rights issues.

VitalSigns with the full gamut of monitoring needs the roles in the list to the right. However, it can be run on the bare essentials with several features disabled, with just the Exchange administrator role enabled. 

  • Exchange admin
  • Groups admin
  • Helpdesk admin
  • License Admin
  • Password Admin
  • SharePoint Admin
  • Teams Admin
  • User Admin

Office 365 Graph API Requirements

Required for Office365 monitoring and Administration tasks is a Graph API key. To acquire a Graph API key, one must be created from the Azure Portal, as detailed here.

To be able to create a Graph API key, you must have access to the App Registrations page in the Azure Portal, as well as the permissions to Grant Admin Consent to the further rights the Graph API key must be assigned, detailed on the aforementioned page, and the to the left.

If you want VitalSigns to collect information about your tenant (required to populate the O365 tabs), then give it minimal Read rights:

  • Group.Read.All
  • Reports.Read.All
  • Sites.Read.All
  • Files.Read.All (reserved for future features related to reporting on OneDrive usage)

If you want VitalSigns to be able to collect information about your tenant, AND perform end user experience testing then it will require more elevated rights:

  • Calendars.ReadWrite
  • Files.Read.All
  • Group.ReadWrite.All
  • Mail.ReadWrite
  • Mail.Send
  • Reports.Read.All
  • Sites.Read.All