From 6d5b712850a668218ffde111afcc03ef3029cde6 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 21 Apr 2026 03:37:13 +0300 Subject: [PATCH 1/3] Weekly Permissions sync 2026-04-21 --- permissions/new/permissions.json | 561 ++++++++++++++++++++++---- permissions/new/provisioningInfo.json | 204 +++++++++- 2 files changed, 671 insertions(+), 94 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 44d0324a..ed196f42 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -1338,6 +1338,54 @@ "ownerSecurityGroup": "idappcore" } }, + "AgentIdentity.UpdateSponsors.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Add or remove sponsors for agent identities", + "adminDescription": "Allows the app to add or remove sponsors for agent identities on behalf of the signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Add or remove sponsors for agent identities", + "adminDescription": "Allows the app to add or remove sponsors for agent identities without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/serviceprincipals/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork", + "/servicePrincipals/graph.agentIdentity/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/serviceprincipals/{id}/sponsors/$ref": "least=Application,DelegatedWork", + "/servicePrincipals/graph.agentIdentity/{id}/sponsors/$ref": "least=Application,DelegatedWork" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "aadlcmeng" + } + }, "AgentIdentityBlueprint.AddRemoveCreds.All": { "authorizationType": "oAuth2", "schemes": { @@ -1597,6 +1645,54 @@ "ownerSecurityGroup": "idappcore" } }, + "AgentIdentityBlueprint.UpdateSponsors.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Add or remove sponsors for agent identity blueprint", + "adminDescription": "Allows the app to add or remove sponsors for agent identity blueprint on behalf of the signed-in user.", + "userDisplayName": "Update agent identity blueprint authorization related properties", + "userDescription": "Update agent identity blueprint authorization related properties on user's' behalf", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Add or remove sponsors for agent identity blueprint", + "adminDescription": "Allows the app to add or remove sponsors for agent identity blueprint without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/applications/graph.agentIdentityBlueprint/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/applications/graph.agentIdentityBlueprint/{id}/sponsors/$ref": "least=Application,DelegatedWork" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "aadlcmeng" + } + }, "AgentIdentityBlueprintPrincipal.Create": { "authorizationType": "oAuth2", "schemes": { @@ -9503,6 +9599,30 @@ "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork", "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=DelegatedWork" } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "GET" + ], + "paths": { + "/teams/{id}/channels/{id}/joinedUsers": "least=DelegatedWork", + "/teams/{id}/channels/{id}/joinedUsers/{id}": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/teams/{id}/channels/{id}/joinedUsers": "least=Application", + "/teams/{id}/channels/{id}/joinedUsers/{id}": "least=Application" + } } ], "ownerInfo": { @@ -9600,6 +9720,8 @@ "/teams/{id}/channels/{id}/allMembers": "", "/teams/{id}/channels/{id}/allMembers/{id}": "", "/teams/{id}/channels/{id}/doesuserhaveaccess": "", + "/teams/{id}/channels/{id}/joinedUsers": "", + "/teams/{id}/channels/{id}/joinedUsers/{id}": "", "/teams/{id}/channels/{id}/members": "", "/teams/{id}/channels/{id}/members/{id}": "", "/teams/{id}/channels/{id}/sharedwithteams": "", @@ -9619,6 +9741,30 @@ "/teams/{id}/channels/{id}/members": "least=DelegatedWork" } }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "POST" + ], + "paths": { + "/teams/{id}/channels/{id}/joinedUsers": "least=DelegatedWork", + "/teams/{id}/channels/{id}/joinedUsers/add": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/teams/{id}/channels/{id}/joinedUsers": "least=Application", + "/teams/{id}/channels/{id}/joinedUsers/add": "least=Application" + } + }, { "schemeKeys": [ "DelegatedWork", @@ -11354,6 +11500,7 @@ "/devicemanagement/monitoring/alertrecords/getportalnotifications": "least=DelegatedWork", "/devicemanagement/monitoring/alertrules": "least=DelegatedWork", "/devicemanagement/monitoring/alertrules/{id}": "least=DelegatedWork", + "/devicemanagement/virtualendpoint/acquireazuremapsaccesstoken": "least=DelegatedWork", "/devicemanagement/virtualendpoint/cloudpcs/{id}/getsupportedcloudpcremoteactions": "least=DelegatedWork", "/devicemanagement/virtualendpoint/crosscloudgovernmentorganizationmapping": "least=DelegatedWork", "/devicemanagement/virtualendpoint/geteffectivepermissions": "least=DelegatedWork", @@ -11627,6 +11774,7 @@ "/devicemanagement/monitoring/alertrecords": "", "/devicemanagement/monitoring/alertrecords/{id}": "", "/devicemanagement/monitoring/alertrecords/getportalnotifications": "", + "/devicemanagement/virtualendpoint/acquireazuremapsaccesstoken": "", "/devicemanagement/virtualendpoint/geteffectivepermissions": "", "/me/cloudpcs": "", "/me/cloudpcs/{id}/getcloudpclaunchinfo": "", @@ -12664,6 +12812,90 @@ "ownerSecurityGroup": "m365adminsvcdevteam" } }, + "CopilotPolicySettings.Read": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read Copilot policy settings", + "adminDescription": "Allows the app to read Copilot policy settings for the organization, on behalf of the signed-in user.", + "userDisplayName": "Read Copilot policy settings", + "userDescription": "Allows the app to read Copilot policy settings for your organization on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read Copilot policy settings", + "adminDescription": "Allows the app to read Copilot policy settings for the organization, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/copilot/admin/policySettings/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "m365adminsvcdevteam" + } + }, + "CopilotPolicySettings.ReadWrite": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read and write Copilot policy settings", + "adminDescription": "Allows the app to read and write Copilot policy settings for the organization, on behalf of the signed-in user.", + "userDisplayName": "Read and write Copilot policy settings", + "userDescription": "Allows the app to read and write Copilot policy settings for your organization on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 3 + }, + "Application": { + "adminDisplayName": "Read and write Copilot policy settings", + "adminDescription": "Allows the app to read and write Copilot policy settings for the organization, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/copilot/admin/policySettings/{id}": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/copilot/admin/policySettings/{id}": "least=DelegatedWork,Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "m365adminsvcdevteam" + } + }, "CopilotSettings-LimitedMode.Read": { "authorizationType": "oAuth2", "schemes": { @@ -23193,6 +23425,7 @@ "/identity/authenticationEventListeners/{id}/microsoft.graph.onFraudProtectionLoadStartListener/handler/microsoft.graph.onFraudProtectionLoadStartExternalUsersAuthHandler/signUp/microsoft.graph.fraudProtectionProviderConfiguration/fraudProtectionProvider": "least=DelegatedWork,Application", "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartBrandingOverrideHandler/brandingTheme": "least=DelegatedWork,Application", "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartCustomExtensionHandler/customExtension": "least=DelegatedWork,Application", + "/identity/authenticationEventListeners/{id}/microsoft.graph.onVerifiedIdClaimValidationListener/handler/microsoft.graph.onVerifiedIdClaimValidationCustomExtensionHandler/customExtension": "least=DelegatedWork,Application", "/identity/authenticationEventsFlows": "least=DelegatedWork,Application", "/identity/authenticationEventsFlows/{id}": "least=DelegatedWork,Application", "/identity/authenticationEventsFlows/{id}/conditions/applications/includeApplications": "least=DelegatedWork,Application", @@ -23274,6 +23507,7 @@ "/identity/authenticationEventListeners/{id}/microsoft.graph.onFraudProtectionLoadStartListener/handler/microsoft.graph.onFraudProtectionLoadStartExternalUsersAuthHandler/signUp/microsoft.graph.fraudProtectionProviderConfiguration/fraudProtectionProvider": "", "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartBrandingOverrideHandler/brandingTheme": "", "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartCustomExtensionHandler/customExtension": "", + "/identity/authenticationEventListeners/{id}/microsoft.graph.onVerifiedIdClaimValidationListener/handler/microsoft.graph.onVerifiedIdClaimValidationCustomExtensionHandler/customExtension": "", "/identity/authenticationEventsFlows/{id}/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollection/microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp/attributes": "", "/identity/authenticationEventsFlows/{id}/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollectionStart/microsoft.graph.onAttributeCollectionStartCustomExtensionHandler/customExtension": "", "/identity/authenticationEventsFlows/{id}/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollectionSubmit/microsoft.graph.onAttributeCollectionSubmitCustomExtensionHandler/customExtension": "", @@ -23296,6 +23530,7 @@ "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartBrandingOverrideHandler/brandingTheme/$ref": "least=DelegatedWork,Application", "/identity/authenticationEventListeners/{id}/microsoft.graph.onPageRenderStartListener/handler/microsoft.graph.onPageRenderStartCustomExtensionHandler/customExtension/$ref": "least=DelegatedWork,Application", "/identity/authenticationEventListeners/{id}/microsoft.graph.onTokenIssuanceStartListener/handler/microsoft.graph.onTokenIssuanceStartCustomExtensionHandler/customExtension/$ref": "least=DelegatedWork,Application", + "/identity/authenticationEventListeners/{id}/microsoft.graph.onVerifiedIdClaimValidationListener/handler/microsoft.graph.onVerifiedIdClaimValidationCustomExtensionHandler/customExtension/$ref": "least=DelegatedWork,Application", "/identity/authenticationEventsFlows/{id}/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollectionStart/microsoft.graph.onAttributeCollectionStartCustomExtensionHandler/customExtension/$ref": "least=DelegatedWork,Application", "/identity/authenticationEventsFlows/{id}/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollectionSubmit/microsoft.graph.onAttributeCollectionSubmitCustomExtensionHandler/customExtension/$ref": "least=DelegatedWork,Application" } @@ -37502,8 +37737,8 @@ "/policies/claimsmappingpolicies": "least=DelegatedWork,Application", "/policies/claimsmappingpolicies/{id}": "least=DelegatedWork,Application", "/policies/claimsmappingpolicies/{id}/appliesto": "least=DelegatedWork,Application", - "/policies/crosstenantaccesspolicy": "least=DelegatedWork,Application", - "/policies/crosstenantaccesspolicy/default": "least=DelegatedWork,Application", + "/policies/crosstenantaccesspolicy": "", + "/policies/crosstenantaccesspolicy/default": "", "/policies/crosstenantaccesspolicy/default/m365Capabilities": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarAvailabilityBasic": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarAvailabilityLimitedDetails": "least=DelegatedWork,Application", @@ -37515,9 +37750,9 @@ "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application", - "/policies/crosstenantaccesspolicy/partners": "least=DelegatedWork,Application", - "/policies/crosstenantaccesspolicy/partners/{id}": "least=DelegatedWork,Application", - "/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "least=DelegatedWork,Application", + "/policies/crosstenantaccesspolicy/partners": "", + "/policies/crosstenantaccesspolicy/partners/{id}": "", + "/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "", "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarAvailabilityBasic": "least=DelegatedWork,Application", "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarAvailabilityLimitedDetails": "least=DelegatedWork,Application", @@ -37905,6 +38140,7 @@ "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/fido2": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/hardwareoath": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/microsoftauthenticator": "least=DelegatedWork,Application", + "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/password": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/sms": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/softwareoath": "least=DelegatedWork,Application", @@ -38527,6 +38763,7 @@ "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/fido2": "", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/hardwareoath": "", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/microsoftauthenticator": "", + "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/password": "", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin": "", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/sms": "", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/softwareoath": "", @@ -38552,6 +38789,7 @@ "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/federatedIdentityCredential": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/fido2": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/microsoftauthenticator": "least=DelegatedWork,Application", + "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/password": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/qrcodepin": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/sms": "least=DelegatedWork,Application", "/policies/authenticationmethodspolicy/authenticationmethodconfigurations/softwareoath": "least=DelegatedWork,Application", @@ -39038,7 +39276,22 @@ "Application" ], "methods": [ - "GET", + "GET" + ], + "paths": { + "/policies/crosstenantaccesspolicy": "", + "/policies/crosstenantaccesspolicy/default": "", + "/policies/crosstenantaccesspolicy/partners": "", + "/policies/crosstenantaccesspolicy/partners/{id}": "", + "/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ "PATCH" ], "paths": { @@ -39064,7 +39317,6 @@ "Application" ], "methods": [ - "GET", "POST" ], "paths": { @@ -39078,7 +39330,6 @@ ], "methods": [ "DELETE", - "GET", "PATCH" ], "paths": { @@ -39092,7 +39343,6 @@ ], "methods": [ "DELETE", - "GET", "PATCH", "PUT" ], @@ -54185,6 +54435,222 @@ "ownerSecurityGroup": "TeamsPermissions" } }, + "TeamworkSection.Read": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read user's teamwork sections (folders) in Teams", + "adminDescription": "Allows the app to read the signed-in user's teamwork sections (folders) for organizing chats and channels in Teams.", + "userDisplayName": "Read your teamwork sections (folders) in Teams", + "userDescription": "Allows the app to read your teamwork sections (folders) for organizing chats and channels in Teams.", + "requiresAdminConsent": false, + "privilegeLevel": 2 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "GET" + ], + "paths": { + "/users/{id}/teamwork/sections": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/hostedContents": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items/{id}": "least=DelegatedWork", + "/users/{id}/teamwork/sections/delta": "least=DelegatedWork" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "TeamsPermissions" + } + }, + "TeamworkSection.Read.All": { + "authorizationType": "oAuth2", + "schemes": { + "Application": { + "adminDisplayName": "Read all users' teamwork sections in Teams", + "adminDescription": "Allows the app to read all users' teamwork sections (folders) for organizing chats and channels in Teams, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/users/{id}/teamwork/sections": "least=Application", + "/users/{id}/teamwork/sections/{id}": "least=Application", + "/users/{id}/teamwork/sections/{id}/hostedContents": "least=Application", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "least=Application", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "least=Application", + "/users/{id}/teamwork/sections/{id}/items": "least=Application", + "/users/{id}/teamwork/sections/{id}/items/{id}": "least=Application", + "/users/{id}/teamwork/sections/delta": "least=Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "TeamsPermissions" + } + }, + "TeamworkSection.ReadWrite": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Read and write user's teamwork sections (folders) in Teams", + "adminDescription": "Allows the app to read and write the signed-in user's teamwork sections (folders) for organizing chats and channels in Teams.", + "userDisplayName": "Read and write your teamwork sections (folders) in Teams", + "userDescription": "Allows the app to read and write your teamwork sections (folders) for organizing chats and channels in Teams.", + "requiresAdminConsent": false, + "privilegeLevel": 2 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "GET" + ], + "paths": { + "/users/{id}/teamwork/sections": "", + "/users/{id}/teamwork/sections/{id}": "", + "/users/{id}/teamwork/sections/{id}/hostedContents": "", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "", + "/users/{id}/teamwork/sections/{id}/items": "", + "/users/{id}/teamwork/sections/{id}/items/{id}": "", + "/users/{id}/teamwork/sections/delta": "" + } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "POST" + ], + "paths": { + "/users/{id}/teamwork/sections": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items/{id}/move": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items/reorder": "least=DelegatedWork", + "/users/{id}/teamwork/sections/reorder": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork", + "/users/{id}/teamwork/sections/{id}/items/{id}": "least=DelegatedWork" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "TeamsPermissions" + } + }, + "TeamworkSection.ReadWrite.All": { + "authorizationType": "oAuth2", + "schemes": { + "Application": { + "adminDisplayName": "Read and write all users' teamwork sections in Teams", + "adminDescription": "Allows the app to read and write all users' teamwork sections (folders) for organizing chats and channels in Teams, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/users/{id}/teamwork/sections": "", + "/users/{id}/teamwork/sections/{id}": "", + "/users/{id}/teamwork/sections/{id}/hostedContents": "", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "", + "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "", + "/users/{id}/teamwork/sections/{id}/items": "", + "/users/{id}/teamwork/sections/{id}/items/{id}": "", + "/users/{id}/teamwork/sections/delta": "" + } + }, + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/users/{id}/teamwork/sections": "least=Application", + "/users/{id}/teamwork/sections/{id}/items": "least=Application", + "/users/{id}/teamwork/sections/{id}/items/{id}/move": "least=Application", + "/users/{id}/teamwork/sections/{id}/items/reorder": "least=Application", + "/users/{id}/teamwork/sections/reorder": "least=Application" + } + }, + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/users/{id}/teamwork/sections/{id}": "least=Application" + } + }, + { + "schemeKeys": [ + "Application" + ], + "methods": [ + "DELETE" + ], + "paths": { + "/users/{id}/teamwork/sections/{id}": "least=Application", + "/users/{id}/teamwork/sections/{id}/items/{id}": "least=Application" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "TeamsPermissions" + } + }, "TeamworkTag.Read": { "authorizationType": "oAuth2", "schemes": { @@ -58105,7 +58571,6 @@ "/users/{id}/authentication/externalauthenticationmethods/{id}": "", "/users/{id}/authentication/federatedIdentityCredentialMethods": "least=Application", "/users/{id}/authentication/federatedIdentityCredentialMethods/{id}": "least=Application", - "/users/{id}/authentication/fido2methods": "", "/users/{id}/authentication/fido2methods/{id}": "", "/users/{id}/authentication/hardwareOathMethods": "", "/users/{id}/authentication/hardwareOathMethods/{id}": "", @@ -58228,7 +58693,6 @@ "paths": { "/me/authentication/fido2methods": "", "/me/authentication/fido2methods/{id}": "", - "/me/authentication/fido2methods/creationOptions": "", "/me/authentication/hardwareoathmethods": "", "/me/authentication/methods": "", "/me/authentication/methods/{id}": "", @@ -58245,7 +58709,7 @@ "/users/{id}/authentication/federatedIdentityCredentialMethods": "", "/users/{id}/authentication/fido2methods": "", "/users/{id}/authentication/fido2methods/{id}": "", - "/users/{id}/authentication/fido2methods/creationOptions": "", + "/users/{id}/authentication/fido2Methods/creationOptions": "", "/users/{id}/authentication/methods": "", "/users/{id}/authentication/methods/{id}": "", "/users/{id}/authentication/methods/{id}/isUpdateSupported": "", @@ -58296,7 +58760,7 @@ "POST" ], "paths": { - "/me/authentication/fido2methods": "", + "/me/authentication/fido2methods": "least=DelegatedWork", "/me/authentication/hardwareOathMethods": "", "/me/authentication/hardwareOathMethods/{id}/activate": "", "/me/authentication/hardwareOathMethods/assignAndActivate": "", @@ -58304,7 +58768,6 @@ "/me/authentication/hardwareOathMethods/deactivate": "", "/me/authentication/phonemethods/{id}/disablesmssignin": "", "/me/authentication/phonemethods/{id}/enablesmssignin": "", - "/users/{id}/authentication/fido2methods": "", "/users/{id}/authentication/hardwareOathMethods/{id}/activate": "", "/users/{id}/authentication/hardwareOathMethods/assignAndActivate": "", "/users/{id}/authentication/hardwareOathMethods/assignAndActivateBySerialNumber": "", @@ -58361,14 +58824,11 @@ "paths": { "/me/authentication/emailmethods": "least=Application", "/me/authentication/fido2methods": "least=Application", - "/me/authentication/fido2methods/creationOptions": "least=DelegatedWork,Application", "/me/authentication/hardwareOathMethods": "least=DelegatedWork,Application", "/me/authentication/phonemethods": "least=Application", "/users/{id}/authentication/emailmethods": "least=Application", "/users/{id}/authentication/externalauthenticationmethods": "", "/users/{id}/authentication/federatedIdentityCredentialMethods": "least=DelegatedWork,Application", - "/users/{id}/authentication/fido2Methods": "least=DelegatedWork,Application", - "/users/{id}/authentication/fido2Methods/creationOptions": "least=DelegatedWork,Application", "/users/{id}/authentication/hardwareOathMethods": "least=DelegatedWork,Application", "/users/{id}/authentication/phonemethods": "least=Application", "/users/{id}/authentication/temporaryaccesspassmethods": "least=DelegatedWork,Application" @@ -58432,6 +58892,7 @@ "/me/authentication/temporaryaccesspassmethods": "", "/me/authentication/windowshelloforbusinessmethods": "", "/users/{id}/authentication/federatedIdentityCredentialMethods": "", + "/users/{id}/authentication/fido2Methods/creationOptions": "", "/users/{id}/authentication/methods": "", "/users/{id}/authentication/methods/{id}": "", "/users/{id}/authentication/microsoftauthenticatormethods": "", @@ -58463,7 +58924,7 @@ "/me/authentication/windowshelloforbusinessmethods/{id}": "least=Application", "/users/{id}/authentication/externalauthenticationmethods/{id}": "", "/users/{id}/authentication/federatedIdentityCredentialMethods/{id}": "least=Application", - "/users/{id}/authentication/fido2methods/{id}": "least=DelegatedWork,Application", + "/users/{id}/authentication/fido2methods/{id}": "least=Application", "/users/{id}/authentication/hardwareOathMethods/{id}": "", "/users/{id}/authentication/microsoftauthenticatormethods/{id}": "least=Application", "/users/{id}/authentication/passwordlessmicrosoftauthenticatormethods/{id}": "least=Application", @@ -58489,6 +58950,7 @@ "/me/authentication/hardwareOathMethods/deactivate": "least=Application", "/me/authentication/phonemethods/{id}/disablesmssignin": "least=Application", "/me/authentication/phonemethods/{id}/enablesmssignin": "least=Application", + "/users/{id}/authentication/fido2methods": "", "/users/{id}/authentication/hardwareOathMethods/{id}/activate": "", "/users/{id}/authentication/hardwareOathMethods/assignAndActivate": "", "/users/{id}/authentication/hardwareOathMethods/assignAndActivateBySerialNumber": "", @@ -59494,19 +59956,6 @@ } }, "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/me/authentication/fido2methods": "", - "/me/authentication/fido2methods/{id}": "", - "/me/authentication/fido2methods/creationOptions": "least=DelegatedWork" - } - }, { "schemeKeys": [ "DelegatedWork", @@ -59518,7 +59967,7 @@ "paths": { "/users/{id}/authentication/fido2methods": "least=Application", "/users/{id}/authentication/fido2methods/{id}": "least=Application", - "/users/{id}/authentication/fido2methods/creationOptions": "least=DelegatedWork,Application" + "/users/{id}/authentication/fido2methods/creationOptions": "least=Application" } } ], @@ -59549,10 +59998,10 @@ "paths": { "/me/authentication/fido2Methods": "", "/me/authentication/fido2Methods/{id}": "", - "/me/authentication/fido2Methods/creationOptions": "", + "/me/authentication/fido2Methods/creationOptions": "least=DelegatedWork", "/users/{id}/authentication/fido2Methods": "", "/users/{id}/authentication/fido2Methods/{id}": "", - "/users/{id}/authentication/fido2Methods/creationOptions": "" + "/users/{id}/authentication/fido2Methods/creationOptions": "least=DelegatedWork" } }, { @@ -59563,8 +60012,7 @@ "POST" ], "paths": { - "/me/authentication/fido2Methods": "least=DelegatedWork", - "/users/{id}/authentication/fido2Methods": "least=DelegatedWork" + "/me/authentication/fido2Methods": "least=DelegatedWork" } }, { @@ -59604,43 +60052,6 @@ } }, "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/me/authentication/fido2methods": "", - "/me/authentication/fido2methods/{id}": "", - "/me/authentication/fido2methods/creationOptions": "" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "POST" - ], - "paths": { - "/me/authentication/fido2methods": "least=DelegatedWork", - "/me/authentication/fido2methods/creationOptions": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "DELETE", - "PATCH" - ], - "paths": { - "/me/authentication/fido2methods/{id}": "least=DelegatedWork" - } - }, { "schemeKeys": [ "DelegatedWork", @@ -59650,7 +60061,6 @@ "GET" ], "paths": { - "/users/{id}/authentication/fido2Methods": "", "/users/{id}/authentication/fido2methods/{id}": "", "/users/{id}/authentication/fido2Methods/creationOptions": "" } @@ -59664,8 +60074,7 @@ "POST" ], "paths": { - "/users/{id}/authentication/fido2Methods": "least=DelegatedWork,Application", - "/users/{id}/authentication/fido2Methods/creationOptions": "least=DelegatedWork,Application" + "/users/{id}/authentication/fido2Methods": "least=Application" } }, { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 0df721d7..9709447c 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -521,16 +521,16 @@ "id": "", "scheme": "Application", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { "id": "", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -3906,15 +3906,15 @@ ], "CopilotPolicySettings.Read": [ { - "id": "", + "id": "b7281c63-cd4d-40c3-b721-73aa8ee7c3a8", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "6b91db1b-f05b-405a-a0b2-e3f60b28d645" }, { - "id": "", + "id": "556d5e2e-1081-4452-8147-26c3a1b06f58", "scheme": "Application", "environment": "public", "isHidden": true, @@ -3924,15 +3924,15 @@ ], "CopilotPolicySettings.ReadWrite": [ { - "id": "", + "id": "e2edbde8-4448-4e49-8ebb-d53ba72df0f3", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "6b91db1b-f05b-405a-a0b2-e3f60b28d645" }, { - "id": "", + "id": "cc147c17-b8e8-4d3f-9f94-aa9e279a079a", "scheme": "Application", "environment": "public", "isHidden": true, @@ -8185,6 +8185,42 @@ "isEnabled": true, "resourceAppId": "f06db492-d3b8-4e06-9586-db69232ec12a" } + ], + "InfoProtectABACPolicy.Read.All": [ + { + "id": "f8c4e3f1-6b9a-4c2e-8d5a-bcf123456789", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "f06db492-d3b8-4e06-9586-db69232ec12a" + }, + { + "id": "a2d4f7c9-3e8b-4a1f-9d6c-def987654321", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "f06db492-d3b8-4e06-9586-db69232ec12a" + } + ], + "InfoProtectABACPolicy.ReadWrite.All": [ + { + "id": "e5b0a9c7-1f4d-4e8c-b3a2-acde13579246", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "f06db492-d3b8-4e06-9586-db69232ec12a" + }, + { + "id": "d1c3f9e5-7a2b-4d6f-8e1c-cdfa02468135", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "f06db492-d3b8-4e06-9586-db69232ec12a" + } ], "InformationProtectionConfig.Notify.All": [ { @@ -11014,6 +11050,24 @@ "resourceAppId": "" } ], + "Policy.Read.CrossTenantAccess": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + }, + { + "id": "", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "Policy.Read.DeviceConfiguration": [ { "id": "3616a4b0-6746-49c4-a678-4c237599074d", @@ -12055,6 +12109,22 @@ "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" } ], + "PrivilegedAssignmentSchedule.Read.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "PrivilegedAssignmentSchedule.Read.AzureADGroup": [ { "id": "02a32cc4-7ab5-4b58-879a-0586e0f7c495", @@ -12089,6 +12159,22 @@ "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" } ], + "PrivilegedAssignmentSchedule.ReadWrite.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup": [ { "id": "06dbc45d-6708-4ef0-a797-f797ee68bf4b", @@ -12141,6 +12227,22 @@ "resourceAppId": "" } ], + "PrivilegedEligibilitySchedule.Read.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "PrivilegedEligibilitySchedule.Read.AzureADGroup": [ { "id": "8f44f93d-ecef-46ae-a9bf-338508d44d6b", @@ -12175,6 +12277,22 @@ "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" } ], + "PrivilegedEligibilitySchedule.ReadWrite.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup": [ { "id": "ba974594-d163-484e-ba39-c330d5897667", @@ -13233,6 +13351,22 @@ "resourceAppId": "" } ], + "RoleManagementPolicy.Read.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "RoleManagementPolicy.Read.AzureADGroup": [ { "id": "7e26fdff-9cb1-4e56-bede-211fe0e420e8", @@ -13303,6 +13437,22 @@ "resourceAppId": "" } ], + "RoleManagementPolicy.ReadWrite.EntraAppAuthorization": [ + { + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + }, + { + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e" + } + ], "RoleManagementPolicy.ReadWrite.AzureADGroup": [ { "id": "0da165c7-3f15-4236-b733-c0b0f6abe41d", @@ -13544,7 +13694,7 @@ "id": "87a3258d-8c34-49e2-ab91-9b8bdbd79177", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13554,7 +13704,7 @@ "id": "70dbe5e8-39b9-40f3-8c65-3ec7b00ad804", "scheme": "DelegatedWork", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13564,7 +13714,7 @@ "id": "e9e1b87a-726e-4628-8fab-d1fc58d4d9ad", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13574,7 +13724,7 @@ "id": "fd99f9da-42d6-4d00-8a41-4161bea42309", "scheme": "Application", "environment": "public", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -14582,16 +14732,16 @@ "id": "", "scheme": "Application", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { "id": "", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": true, - "isEnabled": false, + "isHidden": false, + "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -27620,6 +27770,24 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000", "scheme": "DelegatedWork" } + ], + "PreAuthorizationGrant.Read.All": [ + { + "id": "", + "scheme": "DelegatedWork", + "environment": "", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + }, + { + "id": "", + "scheme": "Application", + "environment": "", + "isHidden": true, + "isEnabled": true, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } ] } } From b125a6735c90e0914e0f953906fa70e9a347ca53 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 21 Apr 2026 23:23:55 +0300 Subject: [PATCH 2/3] Weekly Permissions sync 2026-04-21 --- permissions/new/provisioningInfo.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 9709447c..54f6a8be 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -17247,7 +17247,7 @@ { "id": "f266d9c0-ccb9-4fb8-a228-01ac0d8d6627", "scheme": "DelegatedWork", - "environment": "public", + "environment": "PPE;public", "isHidden": false, "isEnabled": true, "resourceAppId": "" @@ -17255,7 +17255,7 @@ { "id": "e0b77adb-e790-44a3-b0a0-257d06303687", "scheme": "Application", - "environment": "public", + "environment": "PPE;public", "isHidden": false, "isEnabled": true, "resourceAppId": "" From 5fe346f0045c9230534c1b764431aac1e4921281 Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Tue, 21 Apr 2026 23:26:53 +0300 Subject: [PATCH 3/3] Weekly Permissions sync 2026-04-21 --- permissions/new/permissions.json | 364 -------------------------- permissions/new/provisioningInfo.json | 28 +- 2 files changed, 14 insertions(+), 378 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index ed196f42..e3b81983 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -1338,54 +1338,6 @@ "ownerSecurityGroup": "idappcore" } }, - "AgentIdentity.UpdateSponsors.All": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Add or remove sponsors for agent identities", - "adminDescription": "Allows the app to add or remove sponsors for agent identities on behalf of the signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 3 - }, - "Application": { - "adminDisplayName": "Add or remove sponsors for agent identities", - "adminDescription": "Allows the app to add or remove sponsors for agent identities without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "DELETE" - ], - "paths": { - "/serviceprincipals/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork", - "/servicePrincipals/graph.agentIdentity/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/serviceprincipals/{id}/sponsors/$ref": "least=Application,DelegatedWork", - "/servicePrincipals/graph.agentIdentity/{id}/sponsors/$ref": "least=Application,DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "aadlcmeng" - } - }, "AgentIdentityBlueprint.AddRemoveCreds.All": { "authorizationType": "oAuth2", "schemes": { @@ -1645,54 +1597,6 @@ "ownerSecurityGroup": "idappcore" } }, - "AgentIdentityBlueprint.UpdateSponsors.All": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Add or remove sponsors for agent identity blueprint", - "adminDescription": "Allows the app to add or remove sponsors for agent identity blueprint on behalf of the signed-in user.", - "userDisplayName": "Update agent identity blueprint authorization related properties", - "userDescription": "Update agent identity blueprint authorization related properties on user's' behalf", - "requiresAdminConsent": true, - "privilegeLevel": 3 - }, - "Application": { - "adminDisplayName": "Add or remove sponsors for agent identity blueprint", - "adminDescription": "Allows the app to add or remove sponsors for agent identity blueprint without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "DELETE" - ], - "paths": { - "/applications/graph.agentIdentityBlueprint/{id}/sponsors/{id}/$ref": "least=Application,DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/applications/graph.agentIdentityBlueprint/{id}/sponsors/$ref": "least=Application,DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "aadlcmeng" - } - }, "AgentIdentityBlueprintPrincipal.Create": { "authorizationType": "oAuth2", "schemes": { @@ -9599,30 +9503,6 @@ "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork", "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=DelegatedWork" } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/teams/{id}/channels/{id}/joinedUsers": "least=DelegatedWork", - "/teams/{id}/channels/{id}/joinedUsers/{id}": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "GET" - ], - "paths": { - "/teams/{id}/channels/{id}/joinedUsers": "least=Application", - "/teams/{id}/channels/{id}/joinedUsers/{id}": "least=Application" - } } ], "ownerInfo": { @@ -9720,8 +9600,6 @@ "/teams/{id}/channels/{id}/allMembers": "", "/teams/{id}/channels/{id}/allMembers/{id}": "", "/teams/{id}/channels/{id}/doesuserhaveaccess": "", - "/teams/{id}/channels/{id}/joinedUsers": "", - "/teams/{id}/channels/{id}/joinedUsers/{id}": "", "/teams/{id}/channels/{id}/members": "", "/teams/{id}/channels/{id}/members/{id}": "", "/teams/{id}/channels/{id}/sharedwithteams": "", @@ -9741,30 +9619,6 @@ "/teams/{id}/channels/{id}/members": "least=DelegatedWork" } }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "POST" - ], - "paths": { - "/teams/{id}/channels/{id}/joinedUsers": "least=DelegatedWork", - "/teams/{id}/channels/{id}/joinedUsers/add": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/teams/{id}/channels/{id}/joinedUsers": "least=Application", - "/teams/{id}/channels/{id}/joinedUsers/add": "least=Application" - } - }, { "schemeKeys": [ "DelegatedWork", @@ -11500,7 +11354,6 @@ "/devicemanagement/monitoring/alertrecords/getportalnotifications": "least=DelegatedWork", "/devicemanagement/monitoring/alertrules": "least=DelegatedWork", "/devicemanagement/monitoring/alertrules/{id}": "least=DelegatedWork", - "/devicemanagement/virtualendpoint/acquireazuremapsaccesstoken": "least=DelegatedWork", "/devicemanagement/virtualendpoint/cloudpcs/{id}/getsupportedcloudpcremoteactions": "least=DelegatedWork", "/devicemanagement/virtualendpoint/crosscloudgovernmentorganizationmapping": "least=DelegatedWork", "/devicemanagement/virtualendpoint/geteffectivepermissions": "least=DelegatedWork", @@ -11774,7 +11627,6 @@ "/devicemanagement/monitoring/alertrecords": "", "/devicemanagement/monitoring/alertrecords/{id}": "", "/devicemanagement/monitoring/alertrecords/getportalnotifications": "", - "/devicemanagement/virtualendpoint/acquireazuremapsaccesstoken": "", "/devicemanagement/virtualendpoint/geteffectivepermissions": "", "/me/cloudpcs": "", "/me/cloudpcs/{id}/getcloudpclaunchinfo": "", @@ -54435,222 +54287,6 @@ "ownerSecurityGroup": "TeamsPermissions" } }, - "TeamworkSection.Read": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read user's teamwork sections (folders) in Teams", - "adminDescription": "Allows the app to read the signed-in user's teamwork sections (folders) for organizing chats and channels in Teams.", - "userDisplayName": "Read your teamwork sections (folders) in Teams", - "userDescription": "Allows the app to read your teamwork sections (folders) for organizing chats and channels in Teams.", - "requiresAdminConsent": false, - "privilegeLevel": 2 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/users/{id}/teamwork/sections": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/hostedContents": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items/{id}": "least=DelegatedWork", - "/users/{id}/teamwork/sections/delta": "least=DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "TeamsPermissions" - } - }, - "TeamworkSection.Read.All": { - "authorizationType": "oAuth2", - "schemes": { - "Application": { - "adminDisplayName": "Read all users' teamwork sections in Teams", - "adminDescription": "Allows the app to read all users' teamwork sections (folders) for organizing chats and channels in Teams, without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "GET" - ], - "paths": { - "/users/{id}/teamwork/sections": "least=Application", - "/users/{id}/teamwork/sections/{id}": "least=Application", - "/users/{id}/teamwork/sections/{id}/hostedContents": "least=Application", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "least=Application", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "least=Application", - "/users/{id}/teamwork/sections/{id}/items": "least=Application", - "/users/{id}/teamwork/sections/{id}/items/{id}": "least=Application", - "/users/{id}/teamwork/sections/delta": "least=Application" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "TeamsPermissions" - } - }, - "TeamworkSection.ReadWrite": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read and write user's teamwork sections (folders) in Teams", - "adminDescription": "Allows the app to read and write the signed-in user's teamwork sections (folders) for organizing chats and channels in Teams.", - "userDisplayName": "Read and write your teamwork sections (folders) in Teams", - "userDescription": "Allows the app to read and write your teamwork sections (folders) for organizing chats and channels in Teams.", - "requiresAdminConsent": false, - "privilegeLevel": 2 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "GET" - ], - "paths": { - "/users/{id}/teamwork/sections": "", - "/users/{id}/teamwork/sections/{id}": "", - "/users/{id}/teamwork/sections/{id}/hostedContents": "", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "", - "/users/{id}/teamwork/sections/{id}/items": "", - "/users/{id}/teamwork/sections/{id}/items/{id}": "", - "/users/{id}/teamwork/sections/delta": "" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "POST" - ], - "paths": { - "/users/{id}/teamwork/sections": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items/{id}/move": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items/reorder": "least=DelegatedWork", - "/users/{id}/teamwork/sections/reorder": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "PATCH" - ], - "paths": { - "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork" - } - }, - { - "schemeKeys": [ - "DelegatedWork" - ], - "methods": [ - "DELETE" - ], - "paths": { - "/users/{id}/teamwork/sections/{id}": "least=DelegatedWork", - "/users/{id}/teamwork/sections/{id}/items/{id}": "least=DelegatedWork" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "TeamsPermissions" - } - }, - "TeamworkSection.ReadWrite.All": { - "authorizationType": "oAuth2", - "schemes": { - "Application": { - "adminDisplayName": "Read and write all users' teamwork sections in Teams", - "adminDescription": "Allows the app to read and write all users' teamwork sections (folders) for organizing chats and channels in Teams, without a signed-in user.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "GET" - ], - "paths": { - "/users/{id}/teamwork/sections": "", - "/users/{id}/teamwork/sections/{id}": "", - "/users/{id}/teamwork/sections/{id}/hostedContents": "", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}": "", - "/users/{id}/teamwork/sections/{id}/hostedContents/{id}/$value": "", - "/users/{id}/teamwork/sections/{id}/items": "", - "/users/{id}/teamwork/sections/{id}/items/{id}": "", - "/users/{id}/teamwork/sections/delta": "" - } - }, - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "POST" - ], - "paths": { - "/users/{id}/teamwork/sections": "least=Application", - "/users/{id}/teamwork/sections/{id}/items": "least=Application", - "/users/{id}/teamwork/sections/{id}/items/{id}/move": "least=Application", - "/users/{id}/teamwork/sections/{id}/items/reorder": "least=Application", - "/users/{id}/teamwork/sections/reorder": "least=Application" - } - }, - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "PATCH" - ], - "paths": { - "/users/{id}/teamwork/sections/{id}": "least=Application" - } - }, - { - "schemeKeys": [ - "Application" - ], - "methods": [ - "DELETE" - ], - "paths": { - "/users/{id}/teamwork/sections/{id}": "least=Application", - "/users/{id}/teamwork/sections/{id}/items/{id}": "least=Application" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "TeamsPermissions" - } - }, "TeamworkTag.Read": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 54f6a8be..837f4dee 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -521,16 +521,16 @@ "id": "", "scheme": "Application", "environment": "PPE;public", - "isHidden": false, - "isEnabled": true, + "isHidden": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { "id": "", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": false, - "isEnabled": true, + "isHidden": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -13694,7 +13694,7 @@ "id": "87a3258d-8c34-49e2-ab91-9b8bdbd79177", "scheme": "DelegatedWork", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13704,7 +13704,7 @@ "id": "70dbe5e8-39b9-40f3-8c65-3ec7b00ad804", "scheme": "DelegatedWork", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13714,7 +13714,7 @@ "id": "e9e1b87a-726e-4628-8fab-d1fc58d4d9ad", "scheme": "Application", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -13724,7 +13724,7 @@ "id": "fd99f9da-42d6-4d00-8a41-4161bea42309", "scheme": "Application", "environment": "public", - "isHidden": false, + "isHidden": true, "isEnabled": true, "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b" } @@ -14732,16 +14732,16 @@ "id": "", "scheme": "Application", "environment": "PPE;public", - "isHidden": false, - "isEnabled": true, + "isHidden": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, { "id": "", "scheme": "DelegatedWork", "environment": "PPE;public", - "isHidden": false, - "isEnabled": true, + "isHidden": true, + "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], @@ -17247,7 +17247,7 @@ { "id": "f266d9c0-ccb9-4fb8-a228-01ac0d8d6627", "scheme": "DelegatedWork", - "environment": "PPE;public", + "environment": "public", "isHidden": false, "isEnabled": true, "resourceAppId": "" @@ -17255,7 +17255,7 @@ { "id": "e0b77adb-e790-44a3-b0a0-257d06303687", "scheme": "Application", - "environment": "PPE;public", + "environment": "public", "isHidden": false, "isEnabled": true, "resourceAppId": ""