Configure Azure for Microsoft 365 and ScubaGear Audits

Click your registered application in Microsoft Entra ID > App Registrations > Your Application > API Permissions.

Select Microsoft Graph.

When adding permissions for Certificate Authentication, select Application permissions.

In the Configured permissions section, click Add a permission.

Add the following permissions:

• Microsoft Graph

  • Directory.Read.All

  • GroupMember.Read.All

  • Organization.Read.All,

  • Policy.Read.All,

  • RoleManagement.Read.Directory,

  • User.Read.All

  • PrivilegedEligibilitySchedule.Read.AzureADGroup

  • PrivilegedAccess.Read.AzureADGroup

  • RoleManagementPolicy.Read.AzureADGroup

  • AuditLog.Read.All

  • Calendars.Read

  • DeviceManagementApps.Read.All

  • DeviceManagementConfiguration.Read.All

  • Directory.Read.All

  • GroupMember.Read.All

  • Organization.Read.All

  • OrgSettings-AppsAndServices.Read.All

  • OrgSettings-Forms.Read.All

  • Policy.Read.All

  • PrivilegedAccess.Read.AzureADGroup

  • PrivilegedEligibilitySchedule.Read.AzureADGroup

  • Reports.Read.All

  • RoleManagement.ReadWrite.Exchange

  • RoleManagementPolicy.Read.AzureADGroup

  • SecurityActions.Read.All

  • SecurityAlert.Read.All

  • SecurityEvents.Read.All

  • SharePointTenantSettings.Read.All

  • Sites.Read.All

  • User.Read

• Microsoft Teams Services

  • AdminAppCatalog.Read.All

• Office 365 Exchange Online

  • Exchange.ManageAsApp

• SharePoint

  • Sites.FullControl.All

In the Manage section of Microsoft Entra ID, click Roles and administrator.