Microsoft Teams Permissions Reference
This section lists the required Microsoft Graph API permissions for SailPoint Entro’s Microsoft Teams integration and their justification.
Permission Categories
| Category | Permissions | Purpose |
|---|---|---|
| Mandatory | User.Read.All, Directory.Read.All | Basic user and directory visibility |
| Secret Detection | TeamsActivity.Read.All, TeamSettings.Read.All, TeamsTab.Read.All, TeamsAppInstallation.ReadForChat.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadForUser.All, Channel.ReadBasic.All, ChannelMember.Read.All, ChannelMessage.Read.All, ChannelSettings.Read.All, Chat.Read.All | Enables secure read-only detection of exposed secrets within Teams resources |
| Messaging & Alerts | TeamsAppInstallation.ReadWriteForTeam.All, TeamsAppInstallation.ReadWriteForUser.All, TeamsAppInstallation.ReadWriteSelfForUser.All | Allows SailPoint Entro Bot to send and manage alert messages securely |
Access Behavior
- SailPoint Entro uses read-only Graph API calls where possible.
- Tokens are AES-256 encrypted and stored within SailPoint Entro’s secure worker environment.
- All actions are logged and traceable within SailPoint Entro’s audit logs.
Security & Compliance
- SOC 2 Type II
- ISO 27001
- GDPR compliance
- TLS 1.2+ for all connections
- No modification or message content persistence