Skip to content

Microsoft Teams Permissions Reference

This section lists the required Microsoft Graph API permissions for SailPoint Entro’s Microsoft Teams integration and their justification.

Permission Categories

Category Permissions Purpose
Mandatory User.Read.All, Directory.Read.All Basic user and directory visibility
Secret Detection TeamsActivity.Read.All, TeamSettings.Read.All, TeamsTab.Read.All, TeamsAppInstallation.ReadForChat.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadForUser.All, Channel.ReadBasic.All, ChannelMember.Read.All, ChannelMessage.Read.All, ChannelSettings.Read.All, Chat.Read.All Enables secure read-only detection of exposed secrets within Teams resources
Messaging & Alerts TeamsAppInstallation.ReadWriteForTeam.All, TeamsAppInstallation.ReadWriteForUser.All, TeamsAppInstallation.ReadWriteSelfForUser.All Allows SailPoint Entro Bot to send and manage alert messages securely

Access Behavior

  • SailPoint Entro uses read-only Graph API calls where possible.
  • Tokens are AES-256 encrypted and stored within SailPoint Entro’s secure worker environment.
  • All actions are logged and traceable within SailPoint Entro’s audit logs.

Security & Compliance

  • SOC 2 Type II
  • ISO 27001
  • GDPR compliance
  • TLS 1.2+ for all connections
  • No modification or message content persistence