What permissions does Governably need?

Read-only access to SharePoint/OneDrive file metadata and Azure AD application registrations. We use Sites.Read.All and Directory.Read.All delegated permissions. We never read the content of your files.

Do I need admin consent?

Yes. A Global Administrator or Application Administrator must approve the permissions. If your organisation requires admin consent for all apps, the admin will see a consent prompt.

Yes. Disconnect from the Governably dashboard, or revoke access in Azure Portal → Azure Active Directory → Enterprise Applications → Governably → Properties → Delete.

Connect Microsoft 365

Link your Microsoft 365 to scan SharePoint sharing and Azure AD OAuth grants.

7 April 2026·5 min read

What we scan

SharePoint/OneDrive sharing: files and folders shared externally, anonymous sharing links, and overly permissive access grants
Azure AD OAuth audit: third-party applications (including AI tools) registered or consented to in your tenant

Permissions required

Sites.Read.All — read SharePoint and OneDrive site metadata and sharing settings
Directory.Read.All — read Azure AD directory for application and user data

How to connect

Go to your Governably Dashboard
In the Cloud Integrations section, click Connect Microsoft 365
You'll be redirected to Microsoft's consent screen
If admin consent is required, a Global Administrator must approve
After approval, you'll be redirected back with a green "Connected" badge

Troubleshooting

"Admin consent required": your organisation restricts third-party app consent. Ask a Global Administrator to approve via Azure Portal → Enterprise Applications
"Insufficient privileges": ensure you're signing in with an account that has at least Application Administrator role