The O365 Roles Required of VitalSigns.

Office 365 Roles

The simplest solution would be to give the VitalSigns credentials a Global Administrator role, but we understand that some businesses are not comfortable giving a program Global Admin rights, nor do we recommend this. However this is occasionally necessary when troubleshooting to eliminate the possibility of rights issues.

VitalSigns with the full gamut of monitoring needs the roles in the list to the right. However, it can be run on the bare essentials with several features disabled, with just the Exchange administrator role enabled.

Exchange admin
Groups admin
Helpdesk admin
License Admin
Password Admin
SharePoint Admin
Teams Admin
User Admin

Office 365 Graph API Requirements

Required for Office365 monitoring and Administration tasks is a Graph API key. To acquire a Graph API key, one must be created from the Azure Portal, as detailed here.

To be able to create a Graph API key, you must have access to the App Registrations page in the Azure Portal, as well as the permissions to Grant Admin Consent to the further rights the Graph API key must be assigned, detailed on the aforementioned page, and the to the left.

If you want VitalSigns to collect information about your tenant (required to populate the O365 tabs), then give it minimal Read rights:

Group.Read.All
Reports.Read.All
Sites.Read.All
Files.Read.All (reserved for future features related to reporting on OneDrive usage)

If you want VitalSigns to be able to collect information about your tenant, AND perform end user experience testing then it will require more elevated rights:

Calendars.ReadWrite
Files.Read.All
Group.ReadWrite.All
Mail.ReadWrite
Mail.Send
Reports.Read.All
Sites.Read.All

Browser not supported