Body Content Visibility Requirements
Summary
Within the Observations view for a particular message INKY added the ability to view the body of email directly within the dashboard. As a mail protection provider, INKY takes its responsibility to protect customer data seriously (INKY Privacy Policy). Ensuring we keep with our privacy first approach we’ve implemented a few controls on who can access the body content and when.
If an email is not currently in the user's mail store, then INKY cannot retrieve the message via Microsoft’s Graph API, Google API, or through the “Report This Email” link.
Common scenarios where mail listed on the dashboard cannot be retrieved by INKY:
User already deleted the email
Message is in the User or Admin Quarantine
Logged in admin does not have appropriate level of access on their M365 or Google Workspace Tenant
API Access Requirements
You must enable the appropriate API access for Microsoft 365 or Google Workspace prior to the body content being available within the Observation view.
Microsoft 365
INKY Remediation access must be enabled on the Microsoft Graph API Access settings page
Google Workspace
INKY Domain and Directory and Remediation must be enabled on the Google API Access settings page
View Emails Reported to INKY using the Report This Email link
The first way an INKY admin may have the ability to view the body of a message is when an end user reports a message from their inbox using the “Report This Email” link found in the INKY banner. If the user has the “send raw message” selected when they submit the report, and the report is submitted within the time frame set for encrypted raw storage on the INKY Dashboard, then the following INKY Admins will be able to view the body of the message within the INKY Dashboard.
Allowed INKY Admin Roles:
Viewer
Analyst
Policy Admin
Super Admin
If the check box to “Always send raw message (if available) to Inky for analysis (i.e., do not allow end users to opt-out for specific messages)” is selected then all reports will be made visible to the above admins if they are made within the appropriate timeframe.
View all Body Content if logged in as M365 or Google Admin
There are few admin roles within Microsoft 365 or Google Workspace tenants which allow full read access to emails delivered. In following through with our privacy commitment INKY has passed those administrative roles through to the INKY Dashboard when an INKY admin attempts to view the body of a message.
If an admin of INKY is logged in using an account with one these privileges and are an appropriate level INKY admin then body content is available for all messages within the INKY Dashboard.
Allowed INKY Admin Roles:
Viewer
Analyst
Policy Admin
Super Admin
Microsoft 365 Roles Required for logged in admin: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
Global Administrator: 62e90394-69f5-4237-9190-012177145e10
Exchange Administrator: 29232cdf-9323-42fd-ade2-1d097af3e4de
Security Administrator: 194ae4cb-b126-40b2-bd5b-6091b380977d
Security Operator: 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f
Security Reader: 5d6b6bb7-de71-4623-b4af-96380a352509
Global Reader: f2ef992c-3afb-46b9-b7cf-a126ee74c451
Compliance Administrator: 17315797-102d-40b4-93e0-432062caca18
Compliance Data Administrator: e6d1a23a-da11-4be4-9570-befc86d067a7
OR
Google Workspace Role Required for logged in admin:
Super Admin
Delegated Admins with the following privileges
Security Investigation Tool