From eeb0dda00e75c3953363834ef6d525962e4c8196 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 12 May 2026 03:32:50 +0300 Subject: [PATCH 1/3] Weekly Permissions sync 2026-05-12 --- permissions/new/permissions.json | 191 +++++++++++++++++++++++++- permissions/new/provisioningInfo.json | 34 ++++- 2 files changed, 213 insertions(+), 12 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 851dcee0..83a50840 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -1145,7 +1145,7 @@ "POST" ], "paths": { - "/servicePrincipals/microsoft.graph.agentIdentity": "least=DelegatedWork" + "/servicePrincipals/microsoft.graph.agentIdentity": "least=Application,DelegatedWork" } } ], @@ -1172,8 +1172,6 @@ "POST" ], "paths": { - "/servicePrincipals(appid={value})/microsoft.graph.agentIdentityBlueprintPrincipal/identities": "least=Application", - "/servicePrincipals/{id}/microsoft.graph.agentIdentityBlueprintPrincipal/identities": "least=Application", "/servicePrincipals/microsoft.graph.agentIdentity": "" } } @@ -17742,6 +17740,18 @@ "/devicemanagement/manageddevices/{id}/wipe": "", "/devicemanagement/manageddevices/executeaction": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/devicemanagement/manageddevices/{id}/getsyncstatus": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -28227,6 +28237,56 @@ "ownerSecurityGroup": "GroupsIDCSG" } }, + "Group-NestingSupport.ReadWrite.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read and write groups' disableNesting property", + "adminDescription": "Allows the app to read and write groups' disableNesting property on behalf of the signed-in user.", + "userDisplayName": "Read and write groups' disableNesting property", + "userDescription": "Allows the app to read and write the disableNesting property on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 2 + }, + "Application": { + "adminDisplayName": "Read and write groups' disableNesting property", + "adminDescription": "Allows the app to read and write groups' disableNesting property without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/groups": "least=DelegatedWork,Application", + "/groups/{id}": "least=DelegatedWork,Application", + "/groups/delta": "least=DelegatedWork,Application" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/groups/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "AADGroupsPreAuth" + } + }, "Group-OnPremisesSyncBehavior.ReadWrite.All": { "authorizationType": "oAuth2", "schemes": { @@ -32026,7 +32086,7 @@ "/identitygovernance/lifecycleworkflows/workflows": "", "/identitygovernance/lifecycleworkflows/workflows({id})/previewscope": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows({id})/previewtaskfailures": "least=DelegatedWork,Application", - "/identitygovernance/lifecycleworkflows/workflows/{id}": "least=DelegatedWork,Application", + "/identitygovernance/lifecycleworkflows/workflows/{id}": "", "/identitygovernance/lifecycleworkflows/workflows/{id}/executionscope": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows/{id}/tasks": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows/{id}/tasks/{id}": "least=DelegatedWork,Application", @@ -32069,7 +32129,8 @@ "GET" ], "paths": { - "/identitygovernance/lifecycleworkflows/workflows": "least=DelegatedWork,Application" + "/identitygovernance/lifecycleworkflows/workflows": "least=DelegatedWork,Application", + "/identitygovernance/lifecycleworkflows/workflows/{id}": "least=DelegatedWork,Application" } } ], @@ -33568,6 +33629,72 @@ "ownerSecurityGroup": "stisaprvc" } }, + "MailTips.ReadBasic.All": { + "authorizationType": "oAuth2", + "schemes": { + "Application": { + "adminDisplayName": "Read mail tips for all users", + "adminDescription": "Allows the app to read mail tips for all users in the organization without a signed-in user. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/users/{id}/getmailtips": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "stisaprvc" + } + }, + "MailTips.ReadBasic.Shared": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read mail tips for accessible mailboxes", + "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to, including their own mailbox and shared mailboxes. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "userDisplayName": "Read mail tips for mailboxes you can access", + "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox and shared mailboxes.", + "requiresAdminConsent": false, + "privilegeLevel": 3 + }, + "DelegatedPersonal": { + "adminDisplayName": "Read mail tips for accessible mailboxes", + "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "userDisplayName": "Read mail tips for mailboxes you can access", + "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox.", + "requiresAdminConsent": false, + "privilegeLevel": 2 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "DelegatedPersonal" + ], + "methods": [ + "POST" + ], + "paths": { + "/me/getmailtips": "", + "/users/{id}/getmailtips": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "stisaprvc" + } + }, "ManagedTenants.Read.All": { "authorizationType": "oAuth2", "schemes": { @@ -34236,6 +34363,19 @@ "/networkAccess/tlsInspectionPolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", "/networkAccess/tlsPolicies": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/networkAccess/classifyMcpTools": "least=DelegatedWork,Application", + "/networkAccess/discoverMcpTools": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -34364,12 +34504,14 @@ "POST" ], "paths": { + "/networkAccess/classifyMcpTools": "", "/networkAccess/cloudFirewallPolicies": "least=DelegatedWork,Application", "/networkAccess/cloudFirewallPolicies/{id}/policyRules": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches/{id}/deviceLinks": "least=DelegatedWork,Application", "/networkAccess/contentPolicies": "least=DelegatedWork,Application", "/networkAccess/contentPolicies/{id}/policyRules": "least=DelegatedWork,Application", + "/networkAccess/discoverMcpTools": "", "/networkAccess/fileDlpPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies/{id}/policyRules": "least=DelegatedWork,Application", @@ -37780,6 +37922,7 @@ "/applications/{id}/tokenissuancepolicies": "AlsoRequires=Application.ReadWrite.All", "/applications/{id}/tokenlifetimepolicies": "AlsoRequires=Application.ReadWrite.All", "/identity/conditionalaccess/namedlocations": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies": "least=DelegatedWork,Application", "/serviceprincipals(appid={value})/claimsmappingpolicies": "AlsoRequires=Application.ReadWrite.All", "/serviceprincipals(appid={value})/homerealmdiscoverypolicies": "AlsoRequires=Application.ReadWrite.All", @@ -37931,6 +38074,9 @@ ], "paths": { "/identity/conditionalaccess/namedlocations/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies/{id}": "least=DelegatedWork,Application" } }, @@ -38364,6 +38510,10 @@ ], "paths": { "/identity/conditionalaccess/authenticationcontextclassreferences": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/settings": "least=DelegatedWork,Application" } }, @@ -39215,6 +39365,10 @@ "/identity/conditionalaccess/authenticationstrength/authenticationmethodmodes/{id}": "", "/identity/conditionalaccess/authenticationstrength/combinations": "", "/identity/conditionalaccess/authenticationstrength/policies/{id}/combinationconfigurations": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/policies/authenticationstrengthpolicies": "", "/policies/authenticationstrengthpolicies/{id}/usage": "", "/policies/authenticationstrengthpolicies/findbymethodmode(authenticationmethodmodes={value})": "" @@ -39259,6 +39413,8 @@ "paths": { "/identity/conditionalaccess/evaluate": "", "/identity/conditionalaccess/namedlocations": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies": "", "/policies/authenticationstrengthpolicies/{id}/updateallowedcombinations": "least=DelegatedWork,Application" } @@ -39274,6 +39430,8 @@ ], "paths": { "/identity/conditionalaccess/namedlocations/{id}": "", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies/{id}": "" } }, @@ -43182,6 +43340,17 @@ "paths": { "/admin/reportsettings": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "GET" + ], + "paths": { + "/admin/reportsettings/sharepoint/apiusagereportmetrics": "least=DelegatedWork" + } } ], "ownerInfo": { @@ -43219,6 +43388,18 @@ "paths": { "/admin/reportsettings": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "POST" + ], + "paths": { + "/admin/reportsettings/sharepoint/disableapiusagereport": "least=DelegatedWork", + "/admin/reportsettings/sharepoint/enableapiusagereport": "least=DelegatedWork" + } } ], "ownerInfo": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 2a36d5af..2d6b5dc2 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -677,6 +677,16 @@ "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" } + ], + "AgentIdentityBlueprintPrincipal.UpdateLcpComplianceProperty.All": [ + { + "id": "", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } ], "AgentRegistration.Read.All": [ { @@ -7483,7 +7493,7 @@ "id": "e7f8a3b2-9c1d-4e5f-8a7b-2c3d4e5f6a7b", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "65d91a3d-ab74-42e6-8a2f-0add61688c74" }, @@ -7491,7 +7501,7 @@ "id": "b4c7d8e9-f2a5-4b6c-9d8e-1f2a3b4c5d6e", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "65d91a3d-ab74-42e6-8a2f-0add61688c74" } @@ -9389,7 +9399,7 @@ "id": "", "scheme": "Application", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -9399,7 +9409,7 @@ "id": "", "scheme": "DelegatedWork", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" }, @@ -9407,7 +9417,7 @@ "id": "", "scheme": "DelegatedPersonal", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -14857,6 +14867,16 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], + "AgentIdentity.UpdateLcpComplianceProperty.All": [ + { + "id": "", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "AgentIdentity.ReadWrite.ManagedBy": [ { "id": "", @@ -14885,7 +14905,7 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], - "ServicePrincipal.MigrateToAgentIdentity.OwnedBy": [ + "ServicePrincipal.ConvertToAgentIdentity.OwnedBy": [ { "id": "", "scheme": "Application", @@ -14895,7 +14915,7 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], - "AgentIdentity.RollBackMigration.OwnedBy": [ + "AgentIdentity.ConvertToApplicationSP.OwnedBy": [ { "id": "", "scheme": "Application", From 436f06f20de629d3d636b2cbfd96053b9aca8a11 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 12 May 2026 23:33:17 +0300 Subject: [PATCH 2/3] Weekly Permissions sync 2026-05-12 --- permissions/new/permissions.json | 137 +++++++++++--------------- permissions/new/provisioningInfo.json | 10 +- 2 files changed, 61 insertions(+), 86 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 83a50840..1bf8536a 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -33629,72 +33629,6 @@ "ownerSecurityGroup": "stisaprvc" } }, - "MailTips.ReadBasic.All": { - "authorizationType": "oAuth2", - "schemes": { - "Application": { - "adminDisplayName": "Read mail tips for all users", - "adminDescription": "Allows the app to read mail tips for all users in the organization without a signed-in user. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/users/{id}/getmailtips": "" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "stisaprvc" - } - }, - "MailTips.ReadBasic.Shared": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read mail tips for accessible mailboxes", - "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to, including their own mailbox and shared mailboxes. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", - "userDisplayName": "Read mail tips for mailboxes you can access", - "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox and shared mailboxes.", - "requiresAdminConsent": false, - "privilegeLevel": 3 - }, - "DelegatedPersonal": { - "adminDisplayName": "Read mail tips for accessible mailboxes", - "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", - "userDisplayName": "Read mail tips for mailboxes you can access", - "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox.", - "requiresAdminConsent": false, - "privilegeLevel": 2 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork", - "DelegatedPersonal" - ], - "methods": [ - "POST" - ], - "paths": { - "/me/getmailtips": "", - "/users/{id}/getmailtips": "" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "stisaprvc" - } - }, "ManagedTenants.Read.All": { "authorizationType": "oAuth2", "schemes": { @@ -34363,19 +34297,6 @@ "/networkAccess/tlsInspectionPolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", "/networkAccess/tlsPolicies": "least=DelegatedWork,Application" } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/networkAccess/classifyMcpTools": "least=DelegatedWork,Application", - "/networkAccess/discoverMcpTools": "least=DelegatedWork,Application" - } } ], "ownerInfo": { @@ -34504,14 +34425,12 @@ "POST" ], "paths": { - "/networkAccess/classifyMcpTools": "", "/networkAccess/cloudFirewallPolicies": "least=DelegatedWork,Application", "/networkAccess/cloudFirewallPolicies/{id}/policyRules": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches/{id}/deviceLinks": "least=DelegatedWork,Application", "/networkAccess/contentPolicies": "least=DelegatedWork,Application", "/networkAccess/contentPolicies/{id}/policyRules": "least=DelegatedWork,Application", - "/networkAccess/discoverMcpTools": "", "/networkAccess/fileDlpPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies/{id}/policyRules": "least=DelegatedWork,Application", @@ -46751,6 +46670,62 @@ "ownerSecurityGroup": "ospred" } }, + "ServicePrincipal.AddRemoveCreds.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Update credentials for service principals", + "adminDescription": "Allows the app to update credentials for service principals on behalf of the signed-in user.", + "userDisplayName": "Update credentials for service principals", + "userDescription": "Allows the app to update credentials for service principals on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + }, + "Application": { + "adminDisplayName": "Update credentials for service principals", + "adminDescription": "Allows the app to update credentials for service principals, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/serviceprincipals(appid={value})/addkey": "least=DelegatedWork", + "/serviceprincipals(appid={value})/addpassword": "least=DelegatedWork", + "/serviceprincipals(appid={value})/removekey": "least=DelegatedWork", + "/serviceprincipals(appid={value})/removepassword": "least=DelegatedWork", + "/serviceprincipals/{id}/addkey": "least=DelegatedWork", + "/serviceprincipals/{id}/addpassword": "least=DelegatedWork", + "/serviceprincipals/{id}/removekey": "least=DelegatedWork", + "/serviceprincipals/{id}/removepassword": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/serviceprincipals(appid={value})": "", + "/serviceprincipals/{id}": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "idappcore" + } + }, "SharePointCrossTenantMigration.Manage.All": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 2d6b5dc2..b5262ffd 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -9399,7 +9399,7 @@ "id": "", "scheme": "Application", "environment": "", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -9409,7 +9409,7 @@ "id": "", "scheme": "DelegatedWork", "environment": "", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" }, @@ -9417,7 +9417,7 @@ "id": "", "scheme": "DelegatedPersonal", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -15020,7 +15020,7 @@ "id": "c4d8f3a9-1e72-4b8d-8f6c-7a91d2e5b3f0", "scheme": "DelegatedWork", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, @@ -15028,7 +15028,7 @@ "id": "6e2a9b14-f5c7-4381-a6d2-0c8f4e1b9a73", "scheme": "Application", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" } From 3052c8f93a2abd7ca21ed3d5dbf4fa3abc73832b Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 12 May 2026 23:38:13 +0300 Subject: [PATCH 3/3] Weekly Permissions sync 2026-05-12 --- permissions/new/permissions.json | 164 +++++++++++++++++--------- permissions/new/provisioningInfo.json | 28 ++++- 2 files changed, 131 insertions(+), 61 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 1bf8536a..0258f54b 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -33629,6 +33629,72 @@ "ownerSecurityGroup": "stisaprvc" } }, + "MailTips.ReadBasic.All": { + "authorizationType": "oAuth2", + "schemes": { + "Application": { + "adminDisplayName": "Read mail tips for all users", + "adminDescription": "Allows the app to read mail tips for all users in the organization without a signed-in user. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/users/{id}/getmailtips": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "stisaprvc" + } + }, + "MailTips.ReadBasic.Shared": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read mail tips for accessible mailboxes", + "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to, including their own mailbox and shared mailboxes. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "userDisplayName": "Read mail tips for mailboxes you can access", + "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox and shared mailboxes.", + "requiresAdminConsent": false, + "privilegeLevel": 3 + }, + "DelegatedPersonal": { + "adminDisplayName": "Read mail tips for accessible mailboxes", + "adminDescription": "Allows the app to read mail tips on behalf of the signed-in user for mailboxes they have access to. Mail tips include automatic replies, mailbox status, custom tips, and delivery information.", + "userDisplayName": "Read mail tips for mailboxes you can access", + "userDescription": "Allows the app to read mail tips on your behalf for mailboxes you have access to, including your own mailbox.", + "requiresAdminConsent": false, + "privilegeLevel": 2 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "DelegatedPersonal" + ], + "methods": [ + "POST" + ], + "paths": { + "/me/getmailtips": "", + "/users/{id}/getmailtips": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "stisaprvc" + } + }, "ManagedTenants.Read.All": { "authorizationType": "oAuth2", "schemes": { @@ -34297,6 +34363,19 @@ "/networkAccess/tlsInspectionPolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", "/networkAccess/tlsPolicies": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/networkAccess/classifyMcpTools": "least=DelegatedWork,Application", + "/networkAccess/discoverMcpTools": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -34425,12 +34504,14 @@ "POST" ], "paths": { + "/networkAccess/classifyMcpTools": "", "/networkAccess/cloudFirewallPolicies": "least=DelegatedWork,Application", "/networkAccess/cloudFirewallPolicies/{id}/policyRules": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches": "least=DelegatedWork,Application", "/networkAccess/connectivity/branches/{id}/deviceLinks": "least=DelegatedWork,Application", "/networkAccess/contentPolicies": "least=DelegatedWork,Application", "/networkAccess/contentPolicies/{id}/policyRules": "least=DelegatedWork,Application", + "/networkAccess/discoverMcpTools": "", "/networkAccess/fileDlpPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies": "least=DelegatedWork,Application", "/networkAccess/filteringPolicies/{id}/policyRules": "least=DelegatedWork,Application", @@ -37967,6 +38048,7 @@ "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application", "/policies/defaultappmanagementpolicy": "least=DelegatedWork,Application", "/policies/externalidentitiespolicy": "least=DelegatedWork,Application", + "/policies/federatedtokenvalidationpolicy": "least=DelegatedWork,Application", "/policies/homerealmdiscoverypolicies": "least=DelegatedWork,Application", "/policies/homerealmdiscoverypolicies/{id}": "least=DelegatedWork,Application", "/policies/homerealmdiscoverypolicies/{id}/appliesto": "least=DelegatedWork,Application", @@ -38891,6 +38973,20 @@ "paths": { "/policies/authenticationflowspolicy": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE", + "GET", + "PATCH" + ], + "paths": { + "/policies/federatedtokenvalidationpolicy": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -45382,6 +45478,18 @@ "paths": { "/security/alerts_v2/{id}/comments": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/security/alerts_v2": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -46670,62 +46778,6 @@ "ownerSecurityGroup": "ospred" } }, - "ServicePrincipal.AddRemoveCreds.All": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Update credentials for service principals", - "adminDescription": "Allows the app to update credentials for service principals on behalf of the signed-in user.", - "userDisplayName": "Update credentials for service principals", - "userDescription": "Allows the app to update credentials for service principals on your behalf.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - }, - "Application": { - "adminDisplayName": "Update credentials for service principals", - "adminDescription": "Allows the app to update credentials for service principals, without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/serviceprincipals(appid={value})/addkey": "least=DelegatedWork", - "/serviceprincipals(appid={value})/addpassword": "least=DelegatedWork", - "/serviceprincipals(appid={value})/removekey": "least=DelegatedWork", - "/serviceprincipals(appid={value})/removepassword": "least=DelegatedWork", - "/serviceprincipals/{id}/addkey": "least=DelegatedWork", - "/serviceprincipals/{id}/addpassword": "least=DelegatedWork", - "/serviceprincipals/{id}/removekey": "least=DelegatedWork", - "/serviceprincipals/{id}/removepassword": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "PATCH" - ], - "paths": { - "/serviceprincipals(appid={value})": "", - "/serviceprincipals/{id}": "" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "idappcore" - } - }, "SharePointCrossTenantMigration.Manage.All": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index b5262ffd..5113311d 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -9399,7 +9399,7 @@ "id": "", "scheme": "Application", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -9409,7 +9409,7 @@ "id": "", "scheme": "DelegatedWork", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" }, @@ -9417,7 +9417,7 @@ "id": "", "scheme": "DelegatedPersonal", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0ff1-ce00-000000000000" } @@ -13941,6 +13941,24 @@ "resourceAppId": "" } ], + "SecurityAlert.Create.All": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "fc780465-2017-40d4-a0c5-307022471b92" + }, + { + "id": "", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "fc780465-2017-40d4-a0c5-307022471b92" + } + ], "SecurityAnalyzedMessage.Read.All": [ { "id": "53e6783e-b127-4a35-ab3a-6a52d80a9077", @@ -15020,7 +15038,7 @@ "id": "c4d8f3a9-1e72-4b8d-8f6c-7a91d2e5b3f0", "scheme": "DelegatedWork", "environment": "", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, @@ -15028,7 +15046,7 @@ "id": "6e2a9b14-f5c7-4381-a6d2-0c8f4e1b9a73", "scheme": "Application", "environment": "", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }