From 5894344bedb29d58887172269741d6d687239575 Mon Sep 17 00:00:00 2001
From: Naveen Loganathan <139209432+Hellfire4959@users.noreply.github.com>
Date: Wed, 16 Oct 2024 14:09:11 +0900
Subject: [PATCH] Update ms-office-audit-source.md

During the on-boarding of the o365 sources, requesting global admin role account has raised security risk concerns. To avoid that it is recommended to use the global reader role
---
 .../hosted-collectors/microsoft-source/ms-office-audit-source.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
index d4fbcf3b86..d38d2e8291 100644
--- a/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
+++ b/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source.md
@@ -49,6 +49,7 @@ Office 365 comes with a set of admin roles that you can assign to users in you
 When you configure a Microsoft Office 365 Audit Source in Sumo you will need to authenticate with Microsoft using standard OAuth v2. The user who authenticates must have Microsoft Office 365 admin rights for the content that is being audited. For the sake of the principle of least privilege (PoLP), the authenticating account should be as restrictive as possible while enabling appropriate access. What's appropriate for you depends on which Office 365 edition you use and your security policies.
 
 Using the Global Administrator role is recommended:
+However, you can also use the Global reader role
 
 | Role  |   Description |
 |:-----------------------|:-------------|