Consent management

  • Last update on February 7th, 2024

Table of Contents

To ensure that CoreView functions seamlessly with applications such as Endpoint, BitLocker, and SharePoint, it is essential to grant the necessary permissions to the CoreView app on the Microsoft side.

List of extra consents and permissions to grant

Endpoint

If Endpoint manager permissions are not granted to the CoreView app on the Microsoft side, CoreView cannot perform actions using the Endpoint manager module. This set of permissions is required because Endpoint manager actions do not use PowerShell cmdlets; instead, they utilize Graph APIs, which require a different set of permissions.

Permissions list

CoreView Management Integration requires the following Entra ID application permissions:

  • [Microsoft Graph] Device management managed devices privileged operations all: perform user-impacting remote actions on Microsoft Intune devices
  • [Microsoft Graph] Device management managed devices read write all: read and write Microsoft Intune devices
  • [Microsoft Graph] Device management service config read write all: read and write Microsoft Intune devices

Please note that on the consent authorization screen, the wording will be “CoreView Management Integration” and not “Endpoint”.

 
 
 

SharePoint

To enable SharePoint management actions through CoreView and activate the import process, it is essential to grant additional consent.

Permissions list

CoreView SharePoint Integration requires the following Entra ID application permissions:

  • [Azure Active Directory Graph] User read: enable sign-on and read users' profiles
  • [Microsoft Graph] Directory read all: read directory data
  • [Microsoft Graph] Group read write all: read and write all groups
  • [SharePoint] Sites full control all: have full control of all site collections
 
 

BitLocker

To ensure that data is being displayed in the BitLocker keys report and to enable the ability to view and manage BitLocker keys, it is essential to grant additional consent. This consent allows for the retrieval of data for the BitLocker keys report.

Permissions list

CoreView BitLocker API requires the following Entra ID application permissions:

  • [Microsoft Graph] BitLockerKey read all: read BitLocker keys
  • [Microsoft Graph] User read: sign in and read user profile
 
 

Teams

In case you have purchased the Teams Voice add-on, you need to provide additional consent to import Teams Voice data (calls, PSNT usage) into CoreView. Please refer to the documentation about Teams Voice Connector.

Exchange

Provide consent for the use of multiple Exchange applications to overcome Microsoft's Exchange Service throttling limit. This constraint is causing significant delays in CoreView's import operations.

Permissions list

CoreView Exchange Integration requires the following Entra ID application permissions:

  • Access mailboxes as the signed-in user via Exchange Web Services: Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services.
  • Manage Exchange configuration: allows the app to manage the organization's Exchange environment, such as mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles to the app user.
  • Manage Exchange As Application: allows the app to manage the organization's Exchange environment without any user interaction. This includes mailboxes, groups, and other configuration objects. To enable management actions, an admin must assign the appropriate roles directly to the app.
  • Sign in and read user profile: allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
     
 
 

Check granted consents

To check if you have provided consent for each application:

  • If the “Consent needed” column displays “Permission required”, it indicates that CoreView does not have the necessary consent to manage that application. In such cases, you should grant the consent by following the guide below.
  • If “Consent needed” displays “Granted”, that indicates that CoreView has the consent needed to manage that application.

To provide consent to different applications:

  1. Navigate to the “SETTINGS” > “My organization” > “Consent management” section.
  2. On this page, click on the icon located in the “Consent URL” column that corresponds to the app for which you want to grant consent. As you click, the URL will be automatically copied to your clipboard.
  3. Open a private browser session while using an Microsoft 365 account that has Global Admin permissions.
  4. Paste the copied URL into the address bar of the browser and press enter.

Related Articles

DID THIS PAGE HELP YOU?