Trustifi utilizes Microsoft’s Graph API for enhanced inbound email protection. When customers first connect the Graph API integration in Trustifi, they are requested to provide several types of permissions to the API:
This article provides details on the various permissions required by Graph API and how Trustifi utilizes it.
Permission | Function | Trustifi Utilization |
Read and write mail in all mailboxes. | Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail. | Allows Trustifi to move emails between folders (e.g. moving spam emails to the “Spam” folder) and to remove malicious emails from mailboxes post-delivery. |
Read all groups. | Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user. | Allows Trustifi to view which groups exist in the customer’s organization, which improves email deliverability and provides necessary additional context to establish email patterns and relationships. |
Read all users’ full profiles. | Allows the app to read user profiles without a signed in user. | Provides necessary data about users to Trustifi, which helps normalize user behavior patterns and recognize suspicious activity. Also provides insights regarding roles in the organization and users likely to be targeted by phishing attacks. |
Read users’ relevant people lists. | Allows the app to read a ranked list of relevant people of the signed-in user. The list includes local contacts, contacts from social networking, your organization’s directory, and people from recent communications (such as email and Skype). | Provides Trustifi with necessary data regarding the user’s contacts. Data of user contacts is important prevent spoofing and impersonation attacks, as well as to avoid false-positive detections. |
Read contacts in all mailboxes. |
| Provides Trustifi with necessary data regarding the user’s contacts. Data of user contacts is important prevent spoofing and impersonation attacks, as well as to avoid false-positive detections. |
Read directory data. | Allows the app to read data in your organization’s directory, such as users, groups and apps, without a signed-in user. | Provides Trustifi with additional information about groups in the organization, which improves email deliverability and provides necessary additional context to establish email patterns and relationships. |
| Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. | Allows customers to utilize Single Sign-On (SSO) as a means of user authentication and identity verification. |