Assigning Directory and Audit Permissions for Discovery and Visibility

Perform the following steps to assign directory permissions for the Britive application created in Azure:

1. Login to Azure with administrator privileges. 
2. Select Azure Active Directory. 
3. Select App registrations from the navigation menu. 
4. Select the "Britive" application (that is, the application created in the previous step Registering Britive application in Azure Active Directory).
5. Click API permissions from the navigation menu. 
6. Click + Add a permission. 
7. Select Microsoft Graph. 
8. Select Application permissions. 
9. Search and click on Directory and select the permission "Directory.Read.All".
10. Search and click on Audit and select the permission "AuditLog.Read.All".
11. Click Add permissions button. 
12. Ensure that option Grant admin consent for Default Directory is checked.
13. Select Yes on the warning displayed, whether to grant consent for the required permissions for all accounts in Default Directory. A message is displayed that admin consent has been granted successfully for the requested permission (in this case, Directory.Read.All and AuditLog.Read.All) for all accounts in the default directory. The Directory.Read.All permission reads AD-level roles, AD Users, and AD groups in the Azure application. The AuditLog.Read.All permission along with Azure AD Premium P1/P2 license is needed to read last sign-in date of AD Users in the Azure application. The last sign-in date of the user is not returned who has never signed in or last signed in before April 2020.