From a38cb17f4f4040af35270fcb34e1fd2725cb966e Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Sat, 9 May 2026 03:33:56 +0300 Subject: [PATCH] Weekly Permissions sync 2026-05-09 --- permissions/new/permissions.json | 116 ++++++++++++++++++++++++-- permissions/new/provisioningInfo.json | 28 ++++++- 2 files changed, 135 insertions(+), 9 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 851dcee0..e8c9ab53 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -1145,7 +1145,7 @@ "POST" ], "paths": { - "/servicePrincipals/microsoft.graph.agentIdentity": "least=DelegatedWork" + "/servicePrincipals/microsoft.graph.agentIdentity": "least=Application,DelegatedWork" } } ], @@ -1172,8 +1172,6 @@ "POST" ], "paths": { - "/servicePrincipals(appid={value})/microsoft.graph.agentIdentityBlueprintPrincipal/identities": "least=Application", - "/servicePrincipals/{id}/microsoft.graph.agentIdentityBlueprintPrincipal/identities": "least=Application", "/servicePrincipals/microsoft.graph.agentIdentity": "" } } @@ -17742,6 +17740,18 @@ "/devicemanagement/manageddevices/{id}/wipe": "", "/devicemanagement/manageddevices/executeaction": "" } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "GET" + ], + "paths": { + "/devicemanagement/manageddevices/{id}/getsyncstatus": "least=DelegatedWork,Application" + } } ], "ownerInfo": { @@ -32026,7 +32036,7 @@ "/identitygovernance/lifecycleworkflows/workflows": "", "/identitygovernance/lifecycleworkflows/workflows({id})/previewscope": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows({id})/previewtaskfailures": "least=DelegatedWork,Application", - "/identitygovernance/lifecycleworkflows/workflows/{id}": "least=DelegatedWork,Application", + "/identitygovernance/lifecycleworkflows/workflows/{id}": "", "/identitygovernance/lifecycleworkflows/workflows/{id}/executionscope": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows/{id}/tasks": "least=DelegatedWork,Application", "/identitygovernance/lifecycleworkflows/workflows/{id}/tasks/{id}": "least=DelegatedWork,Application", @@ -32069,7 +32079,8 @@ "GET" ], "paths": { - "/identitygovernance/lifecycleworkflows/workflows": "least=DelegatedWork,Application" + "/identitygovernance/lifecycleworkflows/workflows": "least=DelegatedWork,Application", + "/identitygovernance/lifecycleworkflows/workflows/{id}": "least=DelegatedWork,Application" } } ], @@ -37780,6 +37791,7 @@ "/applications/{id}/tokenissuancepolicies": "AlsoRequires=Application.ReadWrite.All", "/applications/{id}/tokenlifetimepolicies": "AlsoRequires=Application.ReadWrite.All", "/identity/conditionalaccess/namedlocations": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies": "least=DelegatedWork,Application", "/serviceprincipals(appid={value})/claimsmappingpolicies": "AlsoRequires=Application.ReadWrite.All", "/serviceprincipals(appid={value})/homerealmdiscoverypolicies": "AlsoRequires=Application.ReadWrite.All", @@ -37931,6 +37943,9 @@ ], "paths": { "/identity/conditionalaccess/namedlocations/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies/{id}": "least=DelegatedWork,Application" } }, @@ -38364,6 +38379,10 @@ ], "paths": { "/identity/conditionalaccess/authenticationcontextclassreferences": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/settings": "least=DelegatedWork,Application" } }, @@ -39215,6 +39234,10 @@ "/identity/conditionalaccess/authenticationstrength/authenticationmethodmodes/{id}": "", "/identity/conditionalaccess/authenticationstrength/combinations": "", "/identity/conditionalaccess/authenticationstrength/policies/{id}/combinationconfigurations": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/policies/authenticationstrengthpolicies": "", "/policies/authenticationstrengthpolicies/{id}/usage": "", "/policies/authenticationstrengthpolicies/findbymethodmode(authenticationmethodmodes={value})": "" @@ -39259,6 +39282,8 @@ "paths": { "/identity/conditionalaccess/evaluate": "", "/identity/conditionalaccess/namedlocations": "", + "/identity/conditionalaccess/plans": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies": "", "/policies/authenticationstrengthpolicies/{id}/updateallowedcombinations": "least=DelegatedWork,Application" } @@ -39274,6 +39299,8 @@ ], "paths": { "/identity/conditionalaccess/namedlocations/{id}": "", + "/identity/conditionalaccess/plans/{id}": "least=DelegatedWork,Application", + "/identity/conditionalaccess/plans/{id}/rules/{id}": "least=DelegatedWork,Application", "/identity/conditionalaccess/policies/{id}": "" } }, @@ -43182,6 +43209,17 @@ "paths": { "/admin/reportsettings": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "GET" + ], + "paths": { + "/admin/reportsettings/sharepoint/apiusagereportmetrics": "least=DelegatedWork" + } } ], "ownerInfo": { @@ -43219,6 +43257,18 @@ "paths": { "/admin/reportsettings": "least=DelegatedWork,Application" } + }, + { + "schemeKeys": [ + "DelegatedWork" + ], + "methods": [ + "POST" + ], + "paths": { + "/admin/reportsettings/sharepoint/disableapiusagereport": "least=DelegatedWork", + "/admin/reportsettings/sharepoint/enableapiusagereport": "least=DelegatedWork" + } } ], "ownerInfo": { @@ -46570,6 +46620,62 @@ "ownerSecurityGroup": "ospred" } }, + "ServicePrincipal.AddRemoveCreds.All": { + "authorizationType": "oAuth2", + "schemes": { + "DelegatedWork": { + "adminDisplayName": "Update credentials for service principals", + "adminDescription": "Allows the app to update credentials for service principals on behalf of the signed-in user.", + "userDisplayName": "Update credentials for service principals", + "userDescription": "Allows the app to update credentials for service principals on your behalf.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + }, + "Application": { + "adminDisplayName": "Update credentials for service principals", + "adminDescription": "Allows the app to update credentials for service principals, without a signed-in user.", + "requiresAdminConsent": true, + "privilegeLevel": 4 + } + }, + "pathSets": [ + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "POST" + ], + "paths": { + "/serviceprincipals(appid={value})/addkey": "least=DelegatedWork", + "/serviceprincipals(appid={value})/addpassword": "least=DelegatedWork", + "/serviceprincipals(appid={value})/removekey": "least=DelegatedWork", + "/serviceprincipals(appid={value})/removepassword": "least=DelegatedWork", + "/serviceprincipals/{id}/addkey": "least=DelegatedWork", + "/serviceprincipals/{id}/addpassword": "least=DelegatedWork", + "/serviceprincipals/{id}/removekey": "least=DelegatedWork", + "/serviceprincipals/{id}/removepassword": "least=DelegatedWork" + } + }, + { + "schemeKeys": [ + "DelegatedWork", + "Application" + ], + "methods": [ + "PATCH" + ], + "paths": { + "/serviceprincipals(appid={value})": "", + "/serviceprincipals/{id}": "" + } + } + ], + "ownerInfo": { + "ownerSecurityGroup": "idappcore" + } + }, "SharePointCrossTenantMigration.Manage.All": { "authorizationType": "oAuth2", "schemes": { diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index 2a36d5af..4863745a 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -677,6 +677,16 @@ "isEnabled": false, "resourceAppId": "00000002-0000-0000-c000-000000000000" } + ], + "AgentIdentityBlueprintPrincipal.UpdateLcpComplianceProperty.All": [ + { + "id": "", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } ], "AgentRegistration.Read.All": [ { @@ -14857,6 +14867,16 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], + "AgentIdentity.UpdateLcpComplianceProperty.All": [ + { + "id": "", + "scheme": "Application", + "environment": "PPE;public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "AgentIdentity.ReadWrite.ManagedBy": [ { "id": "", @@ -14885,7 +14905,7 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], - "ServicePrincipal.MigrateToAgentIdentity.OwnedBy": [ + "ServicePrincipal.ConvertToAgentIdentity.OwnedBy": [ { "id": "", "scheme": "Application", @@ -14895,7 +14915,7 @@ "resourceAppId": "00000002-0000-0000-c000-000000000000" } ], - "AgentIdentity.RollBackMigration.OwnedBy": [ + "AgentIdentity.ConvertToApplicationSP.OwnedBy": [ { "id": "", "scheme": "Application", @@ -15000,7 +15020,7 @@ "id": "c4d8f3a9-1e72-4b8d-8f6c-7a91d2e5b3f0", "scheme": "DelegatedWork", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }, @@ -15008,7 +15028,7 @@ "id": "6e2a9b14-f5c7-4381-a6d2-0c8f4e1b9a73", "scheme": "Application", "environment": "", - "isHidden": true, + "isHidden": false, "isEnabled": true, "resourceAppId": "00000002-0000-0000-c000-000000000000" }