Which Microsoft 365 permissions are required to activate Email Security?

Read all audit log data

Allows reading all audit logs across the organization for investigation and monitoring.

Read audit logs data from all services

Allows the app to read audit logs from all Microsoft 365 services for threat detection and compliance.

Read and write mail in all mailboxes

Grants full read/write access to mail across every user mailbox (used for scanning, remediation, or actions on malicious emails).

Read and write all user mailbox settings

Allows modifying mailbox settings (inbox rules, signatures, forwarding…) for all users.

Read your organization’s conditional access policies

Lets the app read Conditional Access configuration for audit or analysis of security posture.

Read all usage reports

Allows accessing organization-wide usage and activity reports (M365 usage analytics).

Read metadata and detection details for all emails in your organization

Allows the app to access email metadata (headers, detections, threat indicators) without accessing message bodies.

Read all users’ full profiles

Grants full read access to users’ directory profiles (name, job info, attributes…).

Read and write all users’ authentication methods

Allows modifying users’ authentication methods (MFA settings, phone, email…).

Sign in and read user profiles

Allows the app to sign in as a user and access basic profile data.

Read and write all password profiles and reset user passwords

Allows resetting or updating passwords for all users — required for post-incident remediation.

Revoke all sign in sessions for a user

Allows the app to immediately revoke all active user sessions — used for immediate containment.

Read activity data for your organization

Allows Stoïk to read activity feed events in Microsoft 365 to detect suspicious actions or anomalies related to user activity.

Read all applications

Allows the app to read all applications and service principals in the directory — used to analyze configuration and identify anomalies.