Reduced Permissions and Roles Required to Integrate with Microsoft

The Harmony Email & Collaboration Azure application now requires lesser roles and API permission.

Harmony Email & Collaboration requires privileged access to Microsoft 365 to provide the security and productivity features and capabilities.
Until now, we required assigning the Check Point application in your Azure a Global Administrator role and a long list of API permissions.

With the rise in advanced cyber threats and demand to grant applications the absolute least privileged access, the list of roles and permissions is now updated.

Harmony Email & Collaboration now requires only the Exchange Administrator and the Privileged Authentication Administrator roles when onboarding.

The Privileged Authentication Administrator role can be further reduced manually to a lesser role, which might be considered more secure but will not allow the application to block some users in case they are found to be compromised.
In addition, the list of API permissions the application requires is reduced significantly, as documented in this administrator guide chapter.

New customers connecting to Microsoft 365 already enjoy the reduced roles and permissions.
Existing customers that have already connected the Check Point application to their Azure can:

1. Go to Security Settings > SaaS Applications > Office 365 Mail > Configure, click the Re-authorize link and approve the new permissions.
2. Manually reduce the roles assigned to the application from the Azure interface to Exchange Administrator and  Privileged Authentication Administrator.