Obviously no easy answer but as I went to test this with a tenant, the list of permissions is frankly scary. I know they are needed for functionality but I'm thinking I really should revise my contracts to include something covering this. As an MSP I shouldn't just grant third party access without the clients knowing. If Huntress is every compromised, we are all screwed.

It's a bit ironic too because one of my clients just asked me to authorize Ramp to have complete access to all of their emails just to find expense receipts in them. That sort of third party access doesn't raise any eyebrows and of course read-only email is not nearly the same as this.

Some sort of an example contract clause to cover this would be helpful. So that's my suggestion.