diff --git a/.github/workflows/event.yml b/.github/workflows/event.yml
index 3a88082782..76c184c71c 100644
--- a/.github/workflows/event.yml
+++ b/.github/workflows/event.yml
@@ -1,4 +1,7 @@
-name: GitHub Event Handler
+# NOTE: currently azure-sdk-actions only hosts check enforcer code.
+# If further functionality is added, this name should be updated to reflect
+# the more generic behavior
+name: Check Enforcer
 
 on:
   check_suite:
@@ -6,8 +9,14 @@ on:
   issue_comment:
     types: [created]
 
+permissions: {}
+
 jobs:
   event-handler:
+    permissions:
+      statuses: write # to set status (azure/azure-sdk-actions)
+      pull-requests: read # to read pull requests (azure/azure-sdk-actions)
+      checks: read # to read check status (azure/azure-sdk-actions)
     name: Handle ${{ github.event_name }} ${{ github.event.action }} event
     runs-on: ubuntu-latest
     steps: