What are the benefits of using email based discovery?
How to setup email based discovery?
Email (and other) discovery tools are setup using the Radar tool in the application. See Instructions
What permissions does Mine require for email based discovery?
Please see the table below for the permissions required depending on the provider you use.
Microsoft 365
| Permission Scope | Usage |
|
User.Read.All Allows the app to read user profiles without a signed in user.
|
Sync employees list and show who has access to which system |
|
Organization.Read.All Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information.
|
Sync employees list and show who has access to which system |
|
Mail.Read Allows the app to read mail in all mailboxes without a signed-in user.
|
Analyze email metadata (from,to,subject,date) to detect systems employees are using |
|
Directory.Read.All Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. |
Sync employees list and show who has access to which system |
Microsoft Graph API permissions reference: https://learn.microsoft.com/en-us/graph/permissions-reference
Google Workspaces
| Permission Scope | Usage |
|
admin.directory.user.readonly Scope for only retrieving users or user aliases.
|
Sync employees list and show who has access to which system |
|
gmail.readonly Read all resources and their metadata—no write operations. |
Analyze email metadata (from,to,subject,date) to detect systems employees are using |
Google APIs permissions reference: