Preview build — Pull Request #37
SymprexDocumentation

Signature 365 required permissions

Review the Microsoft 365 and platform permissions needed to integrate and use Signature 365 features.

Signature 365 requires the following permissions on the following platforms:

Microsoft 365

To setup Signature 365 to integrate with Microsoft 365 the below permissions are required.

Required permissions for reading directory data

Warning
The permissions in this section are always required to integrate with Microsoft 365.

The permissions below are required to import directory, user and group information:

Read directory data

This allows us to import your directory, including users, groups and domains.

Read all users' full profile

This allows us to import your users and profiles for use in your signatures.

Read all user mailbox settings

This allows us to import your users' mailbox settings.

Sign in and read user profile

This is required to connect to your tenant.

This is a screenshot of the permissions request dialog:

When you click Accept, a Signature 365 enterprise application is created in your Azure AD.

The request is for administrator-level access so Signature 365 can continuously import your directory information in the background. If you are not a Global Administrator when accepting the permissions, you will see a dialog requesting you to login as a Global Administrator.

Required permissions setting up integration with Exchange Online

Warning
The permissions in this section are only required if you want to use server-side signatures with Microsoft 365.

The permissions below are required to allow Signature 365 to add a domain to your Microsoft 365 tenant that matches the certificate we will use to communicate securely with Exchange Online.

Read and write domains

This allows us to add a domain to your Microsoft 365 tenant that matches the certificate we will use to communicate securely with Exchange Online.

Sign in and read user profile

This is required to connect to your tenant.

This is a screenshot of the permissions request dialog:

When you click Accept, a Signature 365 Setup enterprise application is created in your Azure AD.

The request is for administrator-level access. If you are not a Global Administrator when accepting the permissions, you will see a dialog requesting you to login as a Global Administrator.

Note
You may delete the Signature 365 Setup application from your Azure AD after completing the setup.

Request to sign in to application to create connectors and transport rule

You will be asked to sign in to the application Microsoft Exchange REST API Based PowerShell. You must sign in as a Global Administrator and make sure to enter the credentials for the correct Microsoft 365 tenant.

Signature 365 reliability and security

Explore Signature 365 security, certifications, availability, data protection, and Microsoft 365 integration safeguards.

Signature 365 SMTP host list and IP whitelist

Find regional SMTP hosts and IP addresses to whitelist for Signature 365 server-side mail flow.