Permissions for Communication channels in Cayosoft Guardian

Cayosoft Guardian uses Microsoft 365 APIs to send alerts through Exchange Online, Microsoft Teams, and SMTP.

NOTE: Removing or revoking these permissions may prevent Guardian from delivering alerts or notifications.

SMTP

Used to send email alerts via an authenticated Exchange Online mailbox.

Aspect	Details
Protocol	SMTP via Exchange Online
License	Exchange Online (E1 or higher recommended)
API Claims	None (uses native SMTP authentication through the service account)
Permissions Required	The service account must be allowed to send mail (Send As or Send on Behalf).

Exchange Online

Exchange Online is used when sending email alerts and notifications through Microsoft Graph.

 

• Exchange Online license must be assigned to the user account associated with the communication channel (E1 license recommended).
• The user account must have Read and manage (Full Access) and Send as permissions on the mailbox that is used to send email notifications.

Microsoft Teams

Used to send Teams alerts to configured Microsoft Teams channels.

• Teams license must be assigned to the user account associated with the communication channel (E1 license recommended).
• The user account must be a member of the Team that is used for the communication channel.

API permissions

For the user account that is used to send notifications via Teams and Exchange Online Communication channels the following API permissions are granted on the multi-tenant application 'Cayosoft Guardian' (Application ID: ac560269-2c17-4bac-81e0-376644cf5f99).

Permission Name	Claim Value	Description
Directory.ReadWrite.All	Read and write directory data	Allows Guardian to manage directory objects (e.g., user or group metadata) necessary for sending notifications.
Group.Read.All	Read all groups	Enables Guardian to access Teams group membership and identify channels where notifications are posted.
Mail.Send.Shared	Send mail on behalf of others	Allows Guardian to send email alerts and notifications through Exchange Online using the configured service account.
Mail.ReadWrite.Shared	Read and write user and shared mail	Enables Guardian to access and manage shared mail folders when processing alerts or confirmations.
TeamSettings.ReadWrite.All	Read and change Teams’ settings	Allows Guardian to post messages and manage Teams notification settings within the target channel.
ChannelMessage.Send	Send channel messages	Grants permission to send alert messages directly to Teams channels configured in Guardian.
Files.ReadWrite.All	Have full access to all files user can access	Enables Guardian to include file attachments in Teams notifications when applicable.