Required permissions for the M365 global administrator

Although a Global Administrator can authorize Block64 to access your M365 Data, all necessary permissions must be fulfilled to complete a full inventory if you opt for a permission level lower than Global Administrator. Here is a list of the minimum permissions required to conduct a comprehensive inventory of your M365 Data.

Get User	/me	Directory.Read.All
Get Users	/users	Directory.Read.All AuditLog.Read.All for signInActivity
Get Groups	/groups	Directory.Read.All
Get Licenses	/subscribedSkus	Directory.Read.All
Get Mailboxes	/reports/getMailboxUsageDetail	Reports.Read.All
Get Secure Scores	/security/secureScores	SecurityEvents.Read.All
Get Secure Score Control Profiles	/security/secureScoreControlProfiles	SecurityEvents.Read.All
Get Organization	/organization	Directory.Read.All
Get User Activation Usage	/reports/getOffice365ActivationsUserDetail	Reports.Read.All
Get Teams Usage	/reports/getTeamsUserActivityUserDetail	Reports.Read.All
Get Sharepoint Usage	/reports/getSharePointActivityUserDetail	Reports.Read.All
Get OneDrive Usage	/reports/getEmailActivityUserDetail	Reports.Read.All
Get Outlook Usage	/reports/getEmailActivityUserDetail	Reports.Read.All
Get M365 App User Details	/reports/getM365AppUserDetail	Reports.Read.All
Get SharePoint Sites	/sites?search=*	Sites.Read.All
Get SharePoint Drives	/sites/{site_id}/drive	Files.Read.All
Get SharePoint Drive Items	/sites/{site_id}/drive/list/items	Files.Read.All
Get SharePoint Drive Item Permissions	/sites/{site_id}/drive/items/{item_id}/permissions	Files.Read.All
Get User's OneDrive	/users/{user_id}/drives	Files.Read.All
Get OneDrive Drive Items	/drives/{drive_id}/list/items	Files.Read.All
Get OneDrive Drive Item Permissions	/drives/{drive_id}/items/{item_id}/permissions	Files.Read.All
Get PSTN Calls	/communications/callRecords/getPstnCalls	CallRecords.Read.All
Get Sensitivity Labels	/security/informationProtection/sensitivityLabels	InformationProtectionPolicy.Read.All