From 98c3905adff2e66ffa28092ff270bee50cf39eeb Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Wed, 27 Aug 2025 03:29:39 +0300
Subject: [PATCH 01/12] Weekly Permissions sync 2025-08-27

---
 permissions/new/ProvisioningInfo.json |   4 +-
 permissions/new/permissions.json      | 103 +++++++++++++++++++++++++-
 2 files changed, 104 insertions(+), 3 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index 6a3c4afc..a16511e5 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -12979,7 +12979,7 @@
         "id": "2104a4db-3a2f-4ea0-9dba-143d457dc666",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b"
       },
@@ -12987,7 +12987,7 @@
         "id": "4437522e-9a86-4a41-a7da-e380edd4a97d",
         "scheme": "Application",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b"
       }
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index cde2e999..57f5e030 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -1268,6 +1268,7 @@
           "paths": {
             "/applications(appid={value})/federatedidentitycredentials": "least=DelegatedWork,Application",
             "/applications(appid={value})/owners": "least=DelegatedWork,Application",
+            "/applications(appid={value})/sponsors": "least=DelegatedWork,Application",
             "/applications(appid={value})/tokenRevocations": "least=DelegatedWork,Application",
             "/applications/{id}/federatedidentitycredentials": "least=DelegatedWork,Application",
             "/applications/{id}/onPremisesPublishing": "least=DelegatedWork,Application",
@@ -1278,6 +1279,7 @@
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}": "least=DelegatedWork,Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}/perResourceAllowedScopes": "least=DelegatedWork,Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}/perResourceAllowedScopes/{resourceAppId}": "least=DelegatedWork,Application",
+            "/applications/{id}/sponsors": "least=DelegatedWork,Application",
             "/applications/{id}/tokenRevocations": "least=DelegatedWork,Application",
             "/applications/delta": "",
             "/policies/appmanagementpolicies/{id}/appliesto": "least=DelegatedWork,Application",
@@ -1296,6 +1298,7 @@
             "/serviceprincipals(appid={value})/memberof": "least=DelegatedWork,Application",
             "/serviceprincipals(appid={value})/ownedobjects": "least=DelegatedWork,Application",
             "/serviceprincipals(appid={value})/owners": "least=DelegatedWork,Application",
+            "/serviceprincipals(appid={value})/sponsors": "least=DelegatedWork,Application",
             "/serviceprincipals(appid={value})/tokenRevocations": "least=DelegatedWork,Application",
             "/serviceprincipals(appid={value})/transitivememberof": "least=DelegatedWork,Application",
             "/serviceprincipals/{id}": "least=DelegatedWork,Application",
@@ -1311,6 +1314,7 @@
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/approvedclientapps/{id}": "least=DelegatedWork,Application",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups": "least=DelegatedWork,Application",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups/{id}": "least=DelegatedWork,Application",
+            "/serviceprincipals/{id}/sponsors": "least=DelegatedWork,Application",
             "/serviceprincipals/{id}/tokenRevocations": "least=DelegatedWork,Application",
             "/serviceprincipals/{id}/transitivememberof": "least=DelegatedWork,Application",
             "/serviceprincipals/delta": ""
@@ -1474,9 +1478,11 @@
           ],
           "paths": {
             "/applications(appid={value})/addkey": "least=DelegatedWork",
+            "/applications(appid={value})/extendlifecycle": "",
             "/applications(appid={value})/removekey": "least=DelegatedWork",
             "/applications(appid={value})/repair": "least=DelegatedWork",
             "/applications/{id}/addkey": "least=DelegatedWork",
+            "/applications/{id}/extendlifecycle": "",
             "/applications/{id}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments": "least=DelegatedWork,Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig": "least=DelegatedWork,Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}/perResourceAllowedScopes": "least=DelegatedWork,Application",
@@ -1509,6 +1515,7 @@
             "/serviceprincipals(appid={value})/addtokensigningcertificate": "least=DelegatedWork",
             "/serviceprincipals(appid={value})/createpasswordsinglesignoncredentials": "least=DelegatedWork,Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals(appid={value})/deletepasswordsinglesignoncredentials": "least=DelegatedWork,Application;AlsoRequires=Directory.Read.All",
+            "/serviceprincipals(appid={value})/extendlifecycle": "",
             "/serviceprincipals(appid={value})/getpasswordsinglesignoncredentials": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
             "/serviceprincipals(appid={value})/permanentDelete": "least=DelegatedWork",
             "/serviceprincipals(appid={value})/removekey": "least=DelegatedWork",
@@ -1521,6 +1528,7 @@
             "/serviceprincipals/{id}/checkmemberobjects": "",
             "/serviceprincipals/{id}/createpasswordsinglesignoncredentials": "least=DelegatedWork,Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals/{id}/deletepasswordsinglesignoncredentials": "least=DelegatedWork,Application;AlsoRequires=Directory.Read.All",
+            "/serviceprincipals/{id}/extendlifecycle": "",
             "/serviceprincipals/{id}/getmembergroups": "",
             "/serviceprincipals/{id}/getmemberobjects": "",
             "/serviceprincipals/{id}/getpasswordsinglesignoncredentials": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
@@ -1599,9 +1607,13 @@
           ],
           "paths": {
             "/applications(appid={value})/owners": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
+            "/applications(appid={value})/sponsors": "least=DelegatedWork;AlsoRequires=User.Read.All,Group.Read.All",
             "/applications/{id}/owners": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
+            "/applications/{id}/sponsors": "least=DelegatedWork;AlsoRequires=User.Read.All,Group.Read.All",
             "/serviceprincipals(appid={value})/owners": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
-            "/serviceprincipals/{id}/owners": "least=DelegatedWork;AlsoRequires=Directory.Read.All"
+            "/serviceprincipals(appid={value})/sponsors": "least=DelegatedWork;AlsoRequires=User.Read.All,Group.Read.All",
+            "/serviceprincipals/{id}/owners": "least=DelegatedWork;AlsoRequires=Directory.Read.All",
+            "/serviceprincipals/{id}/sponsors": "least=DelegatedWork;AlsoRequires=User.Read.All,Group.Read.All"
           }
         },
         {
@@ -1614,16 +1626,20 @@
           ],
           "paths": {
             "/applications(appid={value})/owners/{id}": "least=DelegatedWork",
+            "/applications(appid={value})/sponsors/{id}": "",
             "/applications/{id}/owners/{id}": "least=DelegatedWork",
+            "/applications/{id}/sponsors/{id}": "",
             "/applications/{id}/tokenissuancepolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/applications/{id}/tokenlifetimepolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/claimsmappingpolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/homerealmdiscoverypolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/owners/{id}": "least=DelegatedWork",
+            "/serviceprincipals(appid={value})/sponsors/{id}": "",
             "/serviceprincipals(appid={value})/tokenlifetimepolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/claimsmappingpolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/homerealmdiscoverypolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/owners/{id}": "least=DelegatedWork",
+            "/serviceprincipals/{id}/sponsors/{id}": "",
             "/serviceprincipals/{id}/tokenlifetimepolicies/{id}": "least=DelegatedWork;AlsoRequires=Policy.Read.All"
           }
         },
@@ -1687,8 +1703,10 @@
           ],
           "paths": {
             "/applications(appid={value})/owners": "",
+            "/applications(appid={value})/sponsors": "",
             "/applications/{id}/onPremisesPublishing/segmentsConfiguration/microsoft.graph.ipSegmentConfiguration/applicationSegments": "least=DelegatedWork,Application",
             "/applications/{id}/owners": "",
+            "/applications/{id}/sponsors": "",
             "/applications/delta": "",
             "/serviceprincipals(appid={value})/approleassignedto": "",
             "/serviceprincipals(appid={value})/approleassignments": "",
@@ -1696,6 +1714,7 @@
             "/serviceprincipals(appid={value})/memberof": "",
             "/serviceprincipals(appid={value})/ownedobjects": "",
             "/serviceprincipals(appid={value})/owners": "",
+            "/serviceprincipals(appid={value})/sponsors": "",
             "/serviceprincipals(appid={value})/transitivememberof": "",
             "/serviceprincipals/{id}/approleassignedto": "",
             "/serviceprincipals/{id}/approleassignments": "",
@@ -1705,6 +1724,7 @@
             "/serviceprincipals/{id}/owners": "",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/approvedclientapps": "",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups": "",
+            "/serviceprincipals/{id}/sponsors": "",
             "/serviceprincipals/{id}/transitivememberof": "",
             "/serviceprincipals/delta": ""
           }
@@ -1820,29 +1840,36 @@
           "paths": {
             "/applications(appid={value})/addkey": "least=Application",
             "/applications(appid={value})/addpassword": "least=Application",
+            "/applications(appid={value})/extendlifecycle": "least=Application",
             "/applications(appid={value})/owners": "least=Application;AlsoRequires=Directory.Read.All",
             "/applications(appid={value})/removekey": "least=Application",
             "/applications(appid={value})/removepassword": "least=Application",
             "/applications(appid={value})/repair": "least=Application",
+            "/applications(appid={value})/sponsors": "least=Application;AlsoRequires=User.Read.All,Group.Read.All",
             "/applications/{id}}/repair": "least=Application",
             "/applications/{id}/addkey": "least=Application",
             "/applications/{id}/addpassword": "least=Application",
+            "/applications/{id}/extendlifecycle": "least=Application",
             "/applications/{id}/owners": "least=Application;AlsoRequires=Directory.Read.All",
             "/applications/{id}/removekey": "least=Application",
             "/applications/{id}/removepassword": "least=Application",
+            "/applications/{id}/sponsors": "least=Application;AlsoRequires=User.Read.All,Group.Read.All",
             "/applications/{id}/synchronization/acquireaccesstoken": "least=Application",
             "/applicationtemplates/{id}/instantiate": "least=Application",
             "/serviceprincipals(appid={value})/addkey": "least=Application",
             "/serviceprincipals(appid={value})/addpassword": "least=Application",
             "/serviceprincipals(appid={value})/addtokensigningcertificate": "least=Application",
+            "/serviceprincipals(appid={value})/extendlifecycle": "",
             "/serviceprincipals(appid={value})/getpasswordsinglesignoncredentials": "least=Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals(appid={value})/owners": "least=Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals(appid={value})/permanentDelete": "least=Application",
             "/serviceprincipals(appid={value})/removekey": "least=Application",
             "/serviceprincipals(appid={value})/removepassword": "least=Application",
+            "/serviceprincipals(appid={value})/sponsors": "least=Application;AlsoRequires=User.Read.All,Group.Read.All",
             "/serviceprincipals/{id}/addkey": "least=Application",
             "/serviceprincipals/{id}/addpassword": "least=Application",
             "/serviceprincipals/{id}/addtokensigningcertificate": "least=Application",
+            "/serviceprincipals/{id}/extendlifecycle": "",
             "/serviceprincipals/{id}/getpasswordsinglesignoncredentials": "least=Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals/{id}/owners": "least=Application;AlsoRequires=Directory.Read.All",
             "/serviceprincipals/{id}/permanentDelete": "least=Application",
@@ -1850,6 +1877,7 @@
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups": "",
             "/serviceprincipals/{id}/removekey": "least=Application",
             "/serviceprincipals/{id}/removepassword": "least=Application",
+            "/serviceprincipals/{id}/sponsors": "least=Application;AlsoRequires=User.Read.All,Group.Read.All",
             "/serviceprincipals/{id}/synchronization/acquireaccesstoken": "least=Application",
             "/serviceprincipals/{id}/synchronization/jobs/{id}/pause": "least=Application",
             "/serviceprincipals/{id}/synchronization/jobs/{id}/provisionondemand": "least=Application",
@@ -1883,20 +1911,24 @@
           ],
           "paths": {
             "/applications(appid={value})/owners/{id}": "least=Application",
+            "/applications(appid={value})/sponsors/{id}": "least=Application",
             "/applications(appid={value})/tokenissuancepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/applications(appid={value})/tokenlifetimepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/applications/{id}/owners/{id}": "least=Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}": "least=Application",
             "/applications/{id}/pairwisebrokerembeddedappconfig/{trustedHostPairwiseBrokerId}/perResourceAllowedScopes/{resourceAppId}": "least=Application",
+            "/applications/{id}/sponsors/{id}": "least=Application",
             "/applications/{id}/tokenissuancepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/applications/{id}/tokenlifetimepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/claimsmappingpolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/homerealmdiscoverypolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals(appid={value})/owners/{id}": "least=Application",
+            "/serviceprincipals(appid={value})/sponsors/{id}": "least=Application",
             "/serviceprincipals(appid={value})/tokenlifetimepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/claimsmappingpolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/homerealmdiscoverypolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All",
             "/serviceprincipals/{id}/owners/{id}": "least=Application",
+            "/serviceprincipals/{id}/sponsors/{id}": "least=Application",
             "/serviceprincipals/{id}/tokenlifetimepolicies/{id}": "least=Application;AlsoRequires=Policy.Read.All"
           }
         },
@@ -1922,7 +1954,9 @@
           ],
           "paths": {
             "/applications(appid={value})/owners": "least=Application",
+            "/applications(appid={value})/sponsors": "least=Application",
             "/applications/{id}/owners": "least=Application",
+            "/applications/{id}/sponsors": "least=Application",
             "/applications/{id}/synchronization/templates": "least=Application",
             "/applications/{id}/synchronization/templates/{id}/schema/filteroperators": "least=Application",
             "/applications/{id}/synchronization/templates/{id}/schema/functions": "least=Application",
@@ -1932,6 +1966,7 @@
             "/serviceprincipals(appid={value})/delegatedpermissionclassifications": "",
             "/serviceprincipals(appid={value})/ownedobjects": "",
             "/serviceprincipals(appid={value})/owners": "",
+            "/serviceprincipals(appid={value})/sponsors": "",
             "/serviceprincipals/{id}/approleassignedto": "",
             "/serviceprincipals/{id}/approleassignments": "",
             "/serviceprincipals/{id}/createdobjects": "",
@@ -1942,6 +1977,7 @@
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration": "",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/approvedclientapps": "",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups": "",
+            "/serviceprincipals/{id}/sponsors": "",
             "/serviceprincipals/{id}/synchronization/jobs/{id}/schema/filteroperators": "least=Application",
             "/serviceprincipals/{id}/synchronization/jobs/{id}/schema/functions": "least=Application",
             "/serviceprincipals/{id}/synchronization/templates": "least=Application",
@@ -8544,6 +8580,7 @@
             "/devicemanagement/virtualendpoint/externalpartnersettings/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/galleryimages": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/galleryimages/{id}": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualEndpoint/managedLicenses": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/onpremisesconnections": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/provisioningpolicies": "least=DelegatedWork,Application",
@@ -8687,6 +8724,7 @@
             "/devicemanagement/virtualendpoint/deviceimages/getsourceimages": "",
             "/devicemanagement/virtualendpoint/galleryimages": "",
             "/devicemanagement/virtualendpoint/galleryimages/{id}": "",
+            "/devicemanagement/virtualEndpoint/managedLicenses": "",
             "/devicemanagement/virtualendpoint/onpremisesconnections": "",
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}": "",
             "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence": "least=DelegatedWork,Application",
@@ -23874,6 +23912,7 @@
             "/storage/fileStorage/containers/{id}/columns": "least=DelegatedWork,DelegatedPersonal,Application",
             "/storage/fileStorage/containers/{id}/permanentDelete": "least=DelegatedWork,DelegatedPersonal,Application",
             "/storage/fileStorage/containers/{id}/permissions": "least=DelegatedWork,DelegatedPersonal,Application",
+            "/storage/fileStorage/containers/{id}/recycleBin/items(driveItemId={driveItemId})/restore": "least=DelegatedWork,DelegatedPersonal,Application",
             "/storage/fileStorage/containers/{id}/recycleBin/items/delete": "least=DelegatedWork,DelegatedPersonal,Application",
             "/storage/fileStorage/containers/{id}/recycleBin/items/restore": "least=DelegatedWork,DelegatedPersonal,Application",
             "/storage/fileStorage/deletedContainers/{id}/restore": "least=DelegatedWork,DelegatedPersonal,Application"
@@ -29950,6 +29989,7 @@
             "/networkAccess/connectivity/branches/{id}/connectivityConfiguration": "least=DelegatedWork,Application",
             "/networkAccess/connectivity/branches/{id}/deviceLinks": "least=DelegatedWork,Application",
             "/networkAccess/connectivity/branches/{id}/deviceLinks/{id}": "least=DelegatedWork,Application",
+            "/networkAccess/connectivity/getWebCategoryByUrl(url={value})": "least=DelegatedWork,Application",
             "/networkAccess/connectivity/webCategories": "least=DelegatedWork,Application",
             "/networkAccess/contentPolicies": "least=DelegatedWork,Application",
             "/networkAccess/contentPolicies/{id}/policyRules": "least=DelegatedWork,Application",
@@ -45266,6 +45306,56 @@
         "ownerSecurityGroup": "TeamsPermissions"
       }
     },
+    "TeamMember.ReadWriteNonOwnerRole.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Add and remove non-owner members from teams",
+          "adminDescription": "Add and remove non-owner members from teams, on behalf of the signed-in user. Does not allow changing a member's role to or from owner.",
+          "userDisplayName": "Add and remove non-owner members from teams",
+          "userDescription": "Add and remove non-owner members from teams, on your behalf. Does not allow changing a member's role to or from owner.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        },
+        "Application": {
+          "adminDisplayName": "Add and remove non-owner members from all teams",
+          "adminDescription": "Add and remove non-owner members from all teams, without a signed-in user. Does not allow changing a member's role to or from owner.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/teams/{id}/members": "least=DelegatedWork,Application",
+            "/teams/{id}/members/add": "least=DelegatedWork,Application"
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "DELETE",
+            "PATCH"
+          ],
+          "paths": {
+            "/teams/{id}/members/{id}": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "TeamsPermissions"
+      }
+    },
     "TeamsActivity.Read": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -50293,6 +50383,7 @@
       }
     },
     "User-ConvertToInternal.ReadWrite.All": {
+      "authorizationType": "oAuth2",
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Convert an external user to internal memeber user",
@@ -50328,6 +50419,7 @@
       }
     },
     "User-Mail.ReadWrite.All": {
+      "authorizationType": "oAuth2",
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Update other mails property for all users",
@@ -50363,6 +50455,7 @@
       }
     },
     "User-PasswordProfile.ReadWrite.All": {
+      "authorizationType": "oAuth2",
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Update password profile property and reset password for all users",
@@ -50398,6 +50491,7 @@
       }
     },
     "User-Phone.ReadWrite.All": {
+      "authorizationType": "oAuth2",
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Update business phones and mobile phone properties for all users",
@@ -50735,6 +50829,7 @@
             "/me/settings": "least=DelegatedWork",
             "/me/settings/contactmergesuggestions": "least=DelegatedWork",
             "/me/settings/iteminsights": "least=DelegatedWork",
+            "/me/sponsorof": "least=DelegatedWork",
             "/me/sponsors": "least=DelegatedWork",
             "/me/transitivememberof": "least=DelegatedWork",
             "/organization": "",
@@ -50771,6 +50866,7 @@
             "/users/{id}/registereddevices": "least=DelegatedWork",
             "/users/{id}/settings/contactmergesuggestions": "least=DelegatedWork",
             "/users/{id}/settings/iteminsights": "least=DelegatedWork",
+            "/users/{id}/sponsorof": "least=DelegatedWork",
             "/users/{id}/sponsors": "least=DelegatedWork",
             "/users/{id}/transitivememberof": "least=DelegatedWork",
             "/users/{id}/usagerights": "least=DelegatedWork"
@@ -51052,6 +51148,7 @@
             "/users/{id}/ownedobjects": "least=Application",
             "/users/{id}/registereddevices": "least=Application",
             "/users/{id}/settings": "least=DelegatedWork,Application",
+            "/users/{id}/sponsorof": "least=Application",
             "/users/{id}/sponsors": "least=Application",
             "/users/{id}/transitivememberof": "least=Application",
             "/users/{id}/transitivereports/$count": "",
@@ -51134,6 +51231,7 @@
             "/me/registereddevices": "",
             "/me/responsibilities": "",
             "/me/settings": "",
+            "/me/sponsorof": "",
             "/me/sponsors": "",
             "/me/transitivememberof": "",
             "/organization/{id}/branding": "",
@@ -51855,6 +51953,7 @@
             "/users/{id}/checkmemberobjects": "",
             "/users/{id}/cloudLicensing/assignments/reprocessAssignments": "",
             "/users/{id}/convertExternalToInternalMemberUser": "",
+            "/users/{id}/extendlifecycle": "least=DelegatedWork,Application",
             "/users/{id}/getmemberobjects": "",
             "/users/{id}/reprocesslicenseassignment": "least=DelegatedWork,Application",
             "/users/{id}/revokesigninsessions": "",
@@ -51904,6 +52003,7 @@
             "/me/owneddevices": "",
             "/me/ownedobjects": "",
             "/me/registereddevices": "",
+            "/me/sponsorof": "",
             "/me/sponsors": ""
           }
         },
@@ -51936,6 +52036,7 @@
             "/users/{id}/owneddevices": "",
             "/users/{id}/ownedobjects": "",
             "/users/{id}/registereddevices": "",
+            "/users/{id}/sponsorof": "",
             "/users/{id}/usagerights": "",
             "/users/delta": ""
           }

From 90c1cb1d0895742781e6497dd1696f78b1440216 Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Thu, 28 Aug 2025 23:13:43 +0300
Subject: [PATCH 02/12] Weekly Permissions sync 2025-08-07 (#1217)

---
 permissions/new/ProvisioningInfo.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index a16511e5..8c2b6db2 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -153,7 +153,7 @@
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-000000000000"
       }
-    ],      
+    ],
     "AgentIdentityBlueprint.CreateAsManager": [
       {
         "id": "ecf9c9c0-b7d6-48c0-8ad6-7b00493a2efb",
@@ -11514,7 +11514,7 @@
         "scheme": "DelegatedWork",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": true,        
+        "isEnabled": true,
         "resourceAppId": "fc780465-2017-40d4-a0c5-307022471b92"
       },
       {
@@ -12235,7 +12235,7 @@
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       }
-    ],    
+    ],
     "ServicePrincipal.Manage.OwnedBy": [
       {
         "id": "6930b171-5cf8-4865-ba0f-cfce959d1bca",

From d8aa1f9d258a299e08637f2c72c17b309ed8f522 Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Thu, 28 Aug 2025 23:57:38 +0300
Subject: [PATCH 03/12] Weekly Permissions sync 2025-08-28 (#1240)

Co-authored-by: Jason Johnston <jasonjoh@users.noreply.github.com>
---
 permissions/new/ProvisioningInfo.json | 32 +++++++++++++++++++++++
 permissions/new/permissions.json      | 37 +++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index 8c2b6db2..b8fb99d5 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -16531,6 +16531,38 @@
         "isEnabled": true,
         "resourceAppId": "f0574968-bd32-4379-a169-50a2695e68f5"
       }
+    ],
+    "IdentityRiskyAgent.Read.All": [
+      {
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a3dfc3c6-2c7d-4f42-aeec-b2877f9bce97"
+      },
+      {
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a3dfc3c6-2c7d-4f42-aeec-b2877f9bce97"
+      }
+    ],
+    "IdentityRiskyAgent.ReadWrite.All": [
+      {
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a3dfc3c6-2c7d-4f42-aeec-b2877f9bce97"
+      },
+      {
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a3dfc3c6-2c7d-4f42-aeec-b2877f9bce97"
+      }
     ]
   }
 }
\ No newline at end of file
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index 57f5e030..e1522440 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -25817,6 +25817,8 @@
             "GET"
           ],
           "paths": {
+            "/identityProtection/agentRiskDetections": "least=DelegatedWork,Application",
+            "/identityProtection/agentRiskDetections/{id}": "least=DelegatedWork,Application",
             "/identityprotection/riskdetections": "least=DelegatedWork,Application",
             "/identityprotection/riskdetections/{id}": "least=DelegatedWork,Application",
             "/identityprotection/serviceprincipalriskdetections": "least=DelegatedWork,Application",
@@ -31700,11 +31702,46 @@
             "GET"
           ],
           "paths": {
+            "/copilot/communications/realTimeActivityFeed/meetings/{meetingId}/transcripts": "",
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": "",
             "/users/{id}/onlinemeetings/{id}/transcripts": "",
             "/users/{id}/onlinemeetings/{id}/transcripts/{id}": "",
             "/users/{id}/onlinemeetings/{id}/transcripts/{id}/content": "",
             "/users/{id}/onlinemeetings/{id}/transcripts/{id}/metadataContent": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "PATCH"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "DELETE"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": ""
+          }
         }
       ],
       "ownerInfo": {

From 547dc7de98d6b6c45ef7a2f3fbab56ce11326811 Mon Sep 17 00:00:00 2001
From: Jason Johnston <jasonjoh@users.noreply.github.com>
Date: Fri, 29 Aug 2025 12:03:04 -0400
Subject: [PATCH 04/12] Added path filter to validate.yml (#1242)

* Added path filter to validate.yml

So now the validation will only run if relevant files are changed. There's no reason to run validation on sample queries if only permissions files are changed, for example.

Also added an opposite-filtered version of the workflow in validate-patch.yml. This will allow us to make this a required status check on PRs without blocking PRs that don't touch relevant files. See https://github.com/orgs/community/discussions/44490 for context.

* Apply suggestions from code review

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/validate-patch.yml | 29 ++++++++++++++++++++++++++++
 .github/workflows/validate.yml       | 20 ++++++++++++++++---
 2 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/validate-patch.yml

diff --git a/.github/workflows/validate-patch.yml b/.github/workflows/validate-patch.yml
new file mode 100644
index 00000000..6ea8be62
--- /dev/null
+++ b/.github/workflows/validate-patch.yml
@@ -0,0 +1,29 @@
+# This file mirrors validate.yml and is designed to be a
+# "stand-in" that always passes so that pull requests are not
+# blocked waiting on the "Validate sample queries" workflow.
+# For context, validate.yml will only run if specific files are
+# updated in the PR. If a PR doesn't touch any of those files,
+# validate.yml will never run, but since it's a required status
+# check for PRs, the PR will be stuck waiting for the workflow to run.
+# This file solves that problem. For more info, see
+# https://github.com/orgs/community/discussions/44490
+name: Validate sample queries
+on:
+  pull_request:
+    paths-ignore:
+      - sample-queries/sample-queries.json
+      - scripts/**
+      - tests/**
+      - package.json
+      - package-lock.json
+
+jobs:
+  validate-json-schema:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No validation required"'
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "No tests required"'
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 6b7009f8..26b670ff 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,5 +1,19 @@
 name: Validate sample queries
-on: [pull_request,push]
+on:
+  push:
+    paths:
+      - sample-queries/sample-queries.json
+      - scripts/**
+      - tests/**
+      - package.json
+      - package-lock.json
+  pull_request:
+    paths:
+      - sample-queries/sample-queries.json
+      - scripts/**
+      - tests/**
+      - package.json
+      - package-lock.json
 
 jobs:
   validate-json-schema:
@@ -18,8 +32,8 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
-      - name: Install 
-        run: npm install   
+      - name: Install
+        run: npm install
 
       - name: Run test
         run: npm run test

From c8f64ae79fef6b0cb42bb7f008b5e10432bba7f0 Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Fri, 29 Aug 2025 23:01:22 +0300
Subject: [PATCH 05/12] Weekly Permissions sync 2025-08-29 (#1241)

* Weekly Permissions sync 2025-08-29

* Apply suggestions from code review

---------

Co-authored-by: Jason Johnston <jasonjoh@users.noreply.github.com>
---
 permissions/new/ProvisioningInfo.json | 16 ++++++++--------
 permissions/new/permissions.json      |  4 ++++
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index b8fb99d5..b5a56c2a 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -12320,37 +12320,37 @@
     ],
     "SharePointCrossTenantMigration.Read.All": [
       {
-        "id": "",
+        "id": "00dcb678-f9af-4e73-acb1-4f1657364629",
         "scheme": "DelegatedWork",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": false,
+        "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       },
       {
-        "id": "",
+        "id": "f5fa52a5-b9ab-4dc3-885e-9e5b4a67068e",
         "scheme": "Application",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": false,
+        "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       }
     ],
     "SharePointCrossTenantMigration.Manage.All": [
       {
-        "id": "",
+        "id": "c608c170-08b5-466b-a8fe-0b4074b01613",
         "scheme": "DelegatedWork",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": false,
+        "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       },
       {
-        "id": "",
+        "id": "a0521574-fcd8-4742-b29c-f796df57ea70",
         "scheme": "Application",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": false,
+        "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       }
     ],
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index e1522440..659c6a2f 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -2543,6 +2543,10 @@
             "/reports/conditionalaccess/protectedapps": "least=DelegatedWork,Application",
             "/reports/conditionalaccess/securityalerts": "least=DelegatedWork,Application",
             "/reports/conditionalaccess/unprotectedapps": "least=DelegatedWork,Application",
+            "/reports/identityCorrelation": "least=DelegatedWork,Application",
+            "/reports/identityCorrelation/{id}": "least=DelegatedWork,Application",
+            "/reports/identityCorrelation/{id}/identities": "least=DelegatedWork,Application",
+            "/reports/identityCorrelation/{id}/identities/{id}": "least=DelegatedWork,Application",
             "/reports/reconciliations/provisioning": "least=DelegatedWork,Application",
             "/reports/reconciliations/provisioning/{id}": "least=DelegatedWork,Application",
             "/reports/reconciliations/provisioning/{id}/identities": "least=DelegatedWork,Application",

From f77dc595b91e4a35d9a821eb6d2df58e989d2889 Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Tue, 2 Sep 2025 18:41:47 +0300
Subject: [PATCH 06/12] Weekly Permissions sync 2025-08-30 (#1250)

* Weekly Permissions sync 2025-08-30

* Weekly Permissions sync 2025-09-02 (#1253)

* Weekly Permissions sync 2025-09-01 (#1252)

* Weekly Permissions sync 2025-08-31 (#1251)

* Apply suggestions from code review

---------

Co-authored-by: Jason Johnston <jasonjoh@users.noreply.github.com>
---
 permissions/new/permissions.json | 124 ++++++++++++++++---------------
 1 file changed, 63 insertions(+), 61 deletions(-)

diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index 659c6a2f..29742a87 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -1763,6 +1763,17 @@
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/approvedclientapps/{id}": "",
             "/serviceprincipals/{id}/remotedesktopsecurityconfiguration/targetdevicegroups/{id}": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/serviceTreeAttributionServices": "least=DelegatedWork"
+          }
         }
       ],
       "ownerInfo": {
@@ -2013,6 +2024,17 @@
             "/applications/{id}/synchronization/templates/{id}/schema": "least=Application",
             "/serviceprincipals/{id}/synchronization/jobs/{id}/schema": "least=Application"
           }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/serviceTreeAttributionServices": "least=Application"
+          }
         }
       ],
       "ownerInfo": {
@@ -6775,15 +6797,14 @@
             "GET"
           ],
           "paths": {
-            "/chats/{id}/members/{id}": "",
             "/teams/{id}/channels/{id}/allMembers": "least=DelegatedWork",
             "/teams/{id}/channels/{id}/allMembers/{id}": "least=DelegatedWork",
-            "/teams/{id}/channels/{id}/doesuserhaveaccess": "least=DelegatedWork,Application",
-            "/teams/{id}/channels/{id}/members": "",
+            "/teams/{id}/channels/{id}/doesuserhaveaccess": "least=DelegatedWork",
+            "/teams/{id}/channels/{id}/members": "least=DelegatedWork",
             "/teams/{id}/channels/{id}/members/{id}": "least=DelegatedWork",
-            "/teams/{id}/channels/{id}/sharedwithteams": "least=DelegatedWork,Application",
-            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork,Application",
-            "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=DelegatedWork,Application"
+            "/teams/{id}/channels/{id}/sharedwithteams": "least=DelegatedWork",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=DelegatedWork"
           }
         }
       ],
@@ -6812,8 +6833,12 @@
           "paths": {
             "/teams/{id}/channels/{id}/allMembers": "least=Application",
             "/teams/{id}/channels/{id}/allMembers/{id}": "least=Application",
+            "/teams/{id}/channels/{id}/doesuserhaveaccess": "least=Application",
             "/teams/{id}/channels/{id}/members": "least=Application",
-            "/teams/{id}/channels/{id}/members/{id}": "least=Application"
+            "/teams/{id}/channels/{id}/members/{id}": "least=Application",
+            "/teams/{id}/channels/{id}/sharedwithteams": "least=Application",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=Application",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=Application"
           }
         }
       ],
@@ -6840,10 +6865,7 @@
           "methods": [
             "GET"
           ],
-          "paths": {
-            "/chats/{id}/members/{id}": "",
-            "/teams/{id}/channels/{id}/members/{id}": ""
-          }
+          "paths": {}
         }
       ],
       "ownerInfo": {
@@ -6869,17 +6891,6 @@
         }
       },
       "pathSets": [
-        {
-          "schemeKeys": [
-            "Application"
-          ],
-          "methods": [
-            "GET"
-          ],
-          "paths": {
-            "/chats/{id}/members/{id}": ""
-          }
-        },
         {
           "schemeKeys": [
             "DelegatedWork",
@@ -6889,8 +6900,13 @@
             "GET"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/allMembers": "",
+            "/teams/{id}/channels/{id}/allMembers/{id}": "",
             "/teams/{id}/channels/{id}/doesuserhaveaccess": "",
+            "/teams/{id}/channels/{id}/members": "",
+            "/teams/{id}/channels/{id}/members/{id}": "",
             "/teams/{id}/channels/{id}/sharedwithteams": "",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "",
             "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": ""
           }
         },
@@ -6900,26 +6916,12 @@
             "Application"
           ],
           "methods": [
-            "GET",
             "POST"
           ],
           "paths": {
             "/teams/{id}/channels/{id}/members": "least=DelegatedWork"
           }
         },
-        {
-          "schemeKeys": [
-            "DelegatedWork",
-            "Application"
-          ],
-          "methods": [
-            "GET"
-          ],
-          "paths": {
-            "/teams/{id}/channels/{id}/allMembers": "",
-            "/teams/{id}/channels/{id}/allMembers/{id}": ""
-          }
-        },
         {
           "schemeKeys": [
             "DelegatedWork",
@@ -6927,7 +6929,6 @@
           ],
           "methods": [
             "DELETE",
-            "GET",
             "PATCH"
           ],
           "paths": {
@@ -6940,11 +6941,10 @@
             "Application"
           ],
           "methods": [
-            "DELETE",
-            "GET"
+            "DELETE"
           ],
           "paths": {
-            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork,Application"
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork"
           }
         }
       ],
@@ -6968,11 +6968,17 @@
             "Application"
           ],
           "methods": [
-            "GET",
-            "POST"
+            "GET"
           ],
           "paths": {
-            "/teams/{id}/channels/{id}/members": "least=Application"
+            "/teams/{id}/channels/{id}/allMembers": "",
+            "/teams/{id}/channels/{id}/allMembers/{id}": "",
+            "/teams/{id}/channels/{id}/doesuserhaveaccess": "",
+            "/teams/{id}/channels/{id}/members": "",
+            "/teams/{id}/channels/{id}/members/{id}": "",
+            "/teams/{id}/channels/{id}/sharedwithteams": "",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "",
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": ""
           }
         },
         {
@@ -6980,11 +6986,10 @@
             "Application"
           ],
           "methods": [
-            "GET"
+            "POST"
           ],
           "paths": {
-            "/teams/{id}/channels/{id}/allMembers": "",
-            "/teams/{id}/channels/{id}/allMembers/{id}": ""
+            "/teams/{id}/channels/{id}/members": "least=Application"
           }
         },
         {
@@ -6993,12 +6998,22 @@
           ],
           "methods": [
             "DELETE",
-            "GET",
             "PATCH"
           ],
           "paths": {
             "/teams/{id}/channels/{id}/members/{id}": "least=Application"
           }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "DELETE"
+          ],
+          "paths": {
+            "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=Application"
+          }
         }
       ],
       "ownerInfo": {
@@ -24698,7 +24713,7 @@
             "/planner/tasks/{id}/details": "",
             "/planner/tasks/{id}/progresstaskboardformat": "",
             "/policies/ownerlessGroupPolicy": "least=DelegatedWork",
-            "/teams/{id}/channels/{id}/members": "least=DelegatedWork",
+            "/teams/{id}/channels/{id}/members": "",
             "/teams/{id}/schedule": "",
             "/teams/{id}/schedule/offershiftrequests/{id}": "",
             "/teams/{id}/schedule/openshiftchangerequests": "",
@@ -45239,7 +45254,6 @@
           ],
           "paths": {
             "/chats/{id}/members/{id}": "",
-            "/teams/{id}/channels/{id}/members/{id}": "",
             "/teams/{id}/members": "least=Application",
             "/teams/{id}/members/{id}": "least=Application"
           }
@@ -45268,18 +45282,6 @@
         }
       },
       "pathSets": [
-        {
-          "schemeKeys": [
-            "DelegatedWork",
-            "Application"
-          ],
-          "methods": [
-            "PATCH"
-          ],
-          "paths": {
-            "/teams/{id}/channels/{id}/members/{id}": ""
-          }
-        },
         {
           "schemeKeys": [
             "DelegatedWork",

From d94d6e3e990eab78c9e9cdeaa5dc1e610942641b Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Sep 2025 13:14:03 -0400
Subject: [PATCH 07/12] Add npm run test step to README.md workflows for local
 testing before committing (#1244)

* Initial plan

* Add npm run test step to README.md workflows

Co-authored-by: jasonjoh <8966342+jasonjoh@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jasonjoh <8966342+jasonjoh@users.noreply.github.com>
---
 README.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 9770ffa4..f9fdc1c1 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ POST Example includes headers, post body and a tip <br>
 When done making the changes on the document,
 1. Save the document on your machine
 1. Create a Git branch on this repo and name it using your initials + describe the changes ie. bn/add-xyz-samples
+1. Run `npm run test` to test your changes locally
 1. Commit the changes to your branch
 1. Create a PR (the PR is automatically updated with the relevant reviewers).
 
@@ -114,15 +115,18 @@ Then in the new Git command line window, paste in this command to create and che
 ### 4. Update your sample query
 Now you can add, update or delete your sample query in the `sample-queries.json` file that opened up in VS Code earlier.
 
-### 5. Add, commit and push your changes back to the remote repo with the following commands
+### 5. Test your changes locally
+Run `npm run test` to test your changes locally before committing.
+
+### 6. Add, commit and push your changes back to the remote repo with the following commands
 - Add the changes to you local repo: `git add sample-queries.json`
 - Commit your changes: `git commit -m "{add-reason-for-update}"`
 - Push your changes to the remote repo: `git push origin {your-branch-name}`
 
-### 6. Login to GitHub
+### 7. Login to GitHub
 Follow the instructions to login to GitHub using your credentials.
 
-### 7. If you get error 403
+### 8. If you get error 403
 Follow the instructions specified, then run this command again:<br/>
 `git push origin {your-branch-name}`
 

From d21aa12e4b30f674df099fed11919b85f2024b72 Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Tue, 2 Sep 2025 13:14:17 -0400
Subject: [PATCH 08/12] Add ConsistencyLevel header to count guest users sample
 (#1245)

* Initial plan

* Add ConsistencyLevel header to guest users count sample

Co-authored-by: jasonjoh <8966342+jasonjoh@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jasonjoh <8966342+jasonjoh@users.noreply.github.com>
---
 sample-queries/sample-queries.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sample-queries/sample-queries.json b/sample-queries/sample-queries.json
index 0265b513..9f600cb4 100644
--- a/sample-queries/sample-queries.json
+++ b/sample-queries/sample-queries.json
@@ -125,6 +125,12 @@
       "humanName": "count the guest users in your organization",
       "requestUrl": "/v1.0/users/$count?$filter=userType eq 'guest'",
       "docLink": "https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-beta&tabs=http#example-6-get-only-a-count-of-users",
+      "headers": [
+        {
+          "name": "ConsistencyLevel",
+          "value": "eventual"
+        }
+      ],
       "tip": "We’d like to hear from you. Please leave your feedback on this API here: https://aka.ms/UsersAPIFeedback",
       "skipTest": false
     },

From c665dfe620c9f4fb4003286406e79575590460ac Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Thu, 4 Sep 2025 16:37:56 +0300
Subject: [PATCH 09/12] Weekly Permissions sync 2025-09-04 (#1256)

---
 permissions/new/ProvisioningInfo.json |  6 +--
 permissions/new/permissions.json      | 54 +++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index b5a56c2a..7dfc5717 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -153,7 +153,7 @@
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-000000000000"
       }
-    ],
+    ],      
     "AgentIdentityBlueprint.CreateAsManager": [
       {
         "id": "ecf9c9c0-b7d6-48c0-8ad6-7b00493a2efb",
@@ -11514,7 +11514,7 @@
         "scheme": "DelegatedWork",
         "environment": "public",
         "isHidden": true,
-        "isEnabled": true,
+        "isEnabled": true,        
         "resourceAppId": "fc780465-2017-40d4-a0c5-307022471b92"
       },
       {
@@ -12235,7 +12235,7 @@
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
       }
-    ],
+    ],    
     "ServicePrincipal.Manage.OwnedBy": [
       {
         "id": "6930b171-5cf8-4865-ba0f-cfce959d1bca",
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index 29742a87..b93944e0 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -20243,6 +20243,19 @@
           "paths": {
             "/external/connections/{id}/schema": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/external/connections/{id}/fullRefresh/end": "",
+            "/external/connections/{id}/fullRefresh/start": ""
+          }
         }
       ],
       "ownerInfo": {
@@ -20331,6 +20344,19 @@
           "paths": {
             "/external/connections/{id}/schema": "least=DelegatedWork,Application"
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/external/connections/{id}/fullRefresh/end": "least=DelegatedWork,Application",
+            "/external/connections/{id}/fullRefresh/start": "least=DelegatedWork,Application"
+          }
         }
       ],
       "ownerInfo": {
@@ -20426,6 +20452,8 @@
             "POST"
           ],
           "paths": {
+            "/external/connections/{id}/fullRefresh/groups": "",
+            "/external/connections/{id}/fullRefresh/groups/{id}/members": "",
             "/external/connections/{id}/groups": "",
             "/external/connections/{id}/groups/{id}/members": ""
           }
@@ -20470,6 +20498,18 @@
           "paths": {
             "/external/connections/{id}/items/{id}": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/external/connections/{id}/fullRefresh/items": ""
+          }
         }
       ],
       "ownerInfo": {
@@ -20515,6 +20555,8 @@
             "POST"
           ],
           "paths": {
+            "/external/connections/{id}/fullRefresh/groups": "least=DelegatedWork,Application",
+            "/external/connections/{id}/fullRefresh/groups/{id}/members": "least=DelegatedWork,Application",
             "/external/connections/{id}/groups": "least=DelegatedWork,Application",
             "/external/connections/{id}/groups/{id}/members": "least=DelegatedWork,Application"
           }
@@ -20559,6 +20601,18 @@
           "paths": {
             "/external/connections/{id}/items/{id}": "least=DelegatedWork,Application"
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/external/connections/{id}/fullRefresh/items": "least=DelegatedWork,Application"
+          }
         }
       ],
       "ownerInfo": {

From 10ba08ca94dbad52b905e01b0a53632005d1d2df Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Mon, 8 Sep 2025 21:53:05 +0300
Subject: [PATCH 10/12] Weekly Permissions sync 2025-09-06 (#1258)

---
 permissions/new/ProvisioningInfo.json |  12 +-
 permissions/new/permissions.json      | 165 +++++++++++++++++++++++---
 2 files changed, 154 insertions(+), 23 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index 7dfc5717..b64b721f 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -2878,7 +2878,7 @@
       {
         "id": "1e4c6c41-0803-4f52-85ef-0a5d63ad8670",
         "scheme": "DelegatedWork",
-        "environment": "PPE;public",
+        "environment": "",
         "isHidden": false,
         "isEnabled": true,
         "resourceAppId": ""
@@ -5814,7 +5814,7 @@
       {
         "id": "37e00479-5776-4659-aecf-4841ec5d590a",
         "scheme": "DelegatedWork",
-        "environment": "PPE;public",
+        "environment": "",
         "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
@@ -10444,12 +10444,12 @@
         "resourceAppId": "74658136-14ec-4630-ad9b-26e160ff0fc6"
       },
       {
-        "id": "",
+        "id": "abafe00f-ea87-4c63-b8a8-0e7bb0a88144",
         "scheme": "Application",
         "environment": "public",
-        "isHidden": true,
-        "isEnabled": false,
-        "resourceAppId": "74658136-14ec-4630-ad9b-26e160ff0fc6"
+        "isHidden": false,
+        "isEnabled": true,
+        "resourceAppId": ""
       }
     ],
     "RecordsManagement.Read.All": [
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index b93944e0..7f29d001 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -22024,7 +22024,6 @@
             "/me/drive/items/{id}/extensions": "",
             "/me/drive/items/{id}/extensions/{id}": "",
             "/me/drive/items/{id}/workbook/application": "least=DelegatedWork",
-            "/me/drive/items/{id}/workbook/comments": "least=DelegatedWork",
             "/me/drive/items/{id}/workbook/comments/{id}": "least=DelegatedWork",
             "/me/drive/items/{id}/workbook/comments/{id}/replies/{id}": "least=DelegatedWork",
             "/me/drive/items/{id}/workbook/operations/{id}": "least=DelegatedWork",
@@ -22037,7 +22036,7 @@
             "/me/drive/items/{id}/workbook/worksheets/{id}/tables/{id}/rows/itemat(index={value})range": "least=DelegatedWork",
             "/me/drive/items/{id}/workbook/worksheets/{id}/usedrange": "least=DelegatedWork",
             "/me/drive/root:/{id}:/workbook/application": "least=DelegatedWork",
-            "/me/drive/root:/{id}:/workbook/comments": "least=DelegatedWork",
+            "/me/drive/root:/{id}:/workbook/comments/{id}": "least=DelegatedWork",
             "/me/drive/root:/{id}:/workbook/comments/{id}/replies/{id}": "least=DelegatedWork",
             "/me/drive/root:/{id}:/workbook/tablerowoperationresult(key={value})": "least=DelegatedWork",
             "/me/drive/root:/{id}:/workbook/tables/{id}/rows/itemat(index={value})/range": "least=DelegatedWork",
@@ -22061,7 +22060,6 @@
             "/sites/{id}/lists/{id}/items/{id}/getactivitiesbyinterval(startdatetime={value},enddatetime={value},interval={value})": "",
             "/users/{id}/drive/following": "",
             "/users/{id}/drive/items/{id}/workbook/application": "least=DelegatedWork",
-            "/users/{id}/drive/items/{id}/workbook/comments": "least=DelegatedWork",
             "/users/{id}/drive/items/{id}/workbook/comments/{id}": "least=DelegatedWork",
             "/users/{id}/drive/items/{id}/workbook/comments/{id}/replies/{id}": "least=DelegatedWork",
             "/users/{id}/drive/items/{id}/workbook/operations/{id}": "least=DelegatedWork",
@@ -22074,7 +22072,7 @@
             "/users/{id}/drive/items/{id}/workbook/worksheets/{id}/tables/{id}/rows/itemat(index={value})range": "least=DelegatedWork",
             "/users/{id}/drive/items/{id}/workbook/worksheets/{id}/usedrange": "least=DelegatedWork",
             "/users/{id}/drive/root:/{id}:/workbook/application": "least=DelegatedWork",
-            "/users/{id}/drive/root:/{id}:/workbook/comments": "least=DelegatedWork",
+            "/users/{id}/drive/root:/{id}:/workbook/comments/{id}": "least=DelegatedWork",
             "/users/{id}/drive/root:/{id}:/workbook/comments/{id}/replies/{id}": "least=DelegatedWork",
             "/users/{id}/drive/root:/{id}:/workbook/tablerowoperationresult(key={value})": "least=DelegatedWork",
             "/users/{id}/drive/root:/{id}:/workbook/tables/{id}/rows/itemat(index={value})/range": "least=DelegatedWork",
@@ -22728,9 +22726,13 @@
             "POST"
           ],
           "paths": {
+            "/me/drive/items/{id}/workbook/comments": "least=DelegatedWork",
             "/me/drive/items/{id}/workbook/comments/{id}/replies": "least=DelegatedWork",
+            "/me/drive/root:/{id}:/workbook/comments": "least=DelegatedWork",
             "/me/drive/root:/{id}:/workbook/comments/{id}/replies": "least=DelegatedWork",
+            "/users/{id}/drive/items/{id}/workbook/comments": "least=DelegatedWork",
             "/users/{id}/drive/items/{id}/workbook/comments/{id}/replies": "least=DelegatedWork",
+            "/users/{id}/drive/root:/{id}:/workbook/comments": "least=DelegatedWork",
             "/users/{id}/drive/root:/{id}:/workbook/comments/{id}/replies": "least=DelegatedWork"
           }
         },
@@ -38158,6 +38160,80 @@
       ],
       "ownerInfo": {}
     },
+    "RealTimeActivityFeed.Read.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Access real-time enriched data in a meeting",
+          "adminDescription": "Allows the app to get direct access to real-time enriched data in a meeting, on behalf of the signed-in user.",
+          "userDisplayName": "Access real-time enriched data in a meeting",
+          "userDescription": "Allows the app to get direct access to real-time enriched data in a meeting, on your behalf.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        },
+        "Application": {
+          "adminDisplayName": "Access real-time enriched data in a meeting",
+          "adminDescription": "Allows the app to get direct access to real-time enriched data in a meeting, without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions": "least=DelegatedWork,Application",
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}/getArtifacts": "least=DelegatedWork,Application"
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/meetings/{meetingId}/transcripts": "least=DelegatedWork,Application",
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": "least=DelegatedWork,Application"
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "PATCH"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": "least=DelegatedWork,Application"
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "DELETE"
+          ],
+          "paths": {
+            "/copilot/communications/realTimeActivityFeed/subscriptions/{id}": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "RtsAvengersSG"
+      }
+    },
     "RecordsManagement.Read.All": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -45808,10 +45884,24 @@
             "DelegatedWork"
           ],
           "methods": [
-            "GET",
+            "GET"
+          ],
+          "paths": {
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
+            "/teams/{id}/installedapps": "",
+            "/teams/{id}/installedapps/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
             "POST"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/$ref": "least=DelegatedWork",
             "/teams/{id}/installedapps": ""
           }
         },
@@ -45820,10 +45910,10 @@
             "DelegatedWork"
           ],
           "methods": [
-            "DELETE",
-            "GET"
+            "DELETE"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/{id}/$ref": "least=DelegatedWork",
             "/teams/{id}/installedapps/{id}": ""
           }
         },
@@ -45873,7 +45963,11 @@
             "GET"
           ],
           "paths": {
-            "/appcatalogs/teamsapps/{id}/appdefinitions/{id}/installations": "least=Application"
+            "/appcatalogs/teamsapps/{id}/appdefinitions/{id}/installations": "least=Application",
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
+            "/teams/{id}/installedapps": "",
+            "/teams/{id}/installedapps/{id}": ""
           }
         },
         {
@@ -45881,10 +45975,10 @@
             "Application"
           ],
           "methods": [
-            "GET",
             "POST"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/$ref": "least=Application",
             "/teams/{id}/installedapps": ""
           }
         },
@@ -45893,10 +45987,10 @@
             "Application"
           ],
           "methods": [
-            "DELETE",
-            "GET"
+            "DELETE"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/{id}/$ref": "least=Application",
             "/teams/{id}/installedapps/{id}": ""
           }
         },
@@ -46087,6 +46181,8 @@
             "/chats/{id}/installedapps": "",
             "/chats/{id}/installedapps/{id}": "",
             "/chats/{id}/permissiongrants": "",
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
             "/teams/{id}/installedapps": "",
             "/teams/{id}/installedapps/{id}": "",
             "/teams/{id}/permissiongrants": "",
@@ -46150,6 +46246,8 @@
           ],
           "paths": {
             "/appCatalogs/teamsApps/{id}/installations": "",
+            "/teams/{id}/channels/{id}/enabledApps": "least=Application",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "least=Application",
             "/teams/{id}/installedapps": "least=Application",
             "/teams/{id}/installedapps/{id}": "least=Application",
             "/teams/{id}/permissiongrants": "least=Application"
@@ -46272,6 +46370,8 @@
             "GET"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps": "least=DelegatedWork",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "least=DelegatedWork",
             "/teams/{id}/installedapps": "least=DelegatedWork",
             "/teams/{id}/installedapps/{id}": "",
             "/teams/{id}/permissiongrants": ""
@@ -46302,6 +46402,8 @@
           ],
           "paths": {
             "/appCatalogs/teamsApps/{id}/installations": "",
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
             "/teams/{id}/installedapps": "",
             "/teams/{id}/installedapps/{id}": "",
             "/teams/{id}/permissiongrants": ""
@@ -46333,6 +46435,7 @@
             "GET"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
             "/teams/{id}/installedapps/{id}": "",
             "/users/{id}/teamwork/installedapps": "least=DelegatedWork",
             "/users/{id}/teamwork/installedapps/{id}": "least=DelegatedWork",
@@ -47221,10 +47324,24 @@
             "DelegatedWork"
           ],
           "methods": [
-            "GET",
+            "GET"
+          ],
+          "paths": {
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
+            "/teams/{id}/installedapps": "",
+            "/teams/{id}/installedapps/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
             "POST"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/$ref": "",
             "/teams/{id}/installedapps": ""
           }
         },
@@ -47233,10 +47350,10 @@
             "DelegatedWork"
           ],
           "methods": [
-            "DELETE",
-            "GET"
+            "DELETE"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/{id}/$ref": "",
             "/teams/{id}/installedapps/{id}": ""
           }
         },
@@ -47284,10 +47401,24 @@
             "Application"
           ],
           "methods": [
-            "GET",
+            "GET"
+          ],
+          "paths": {
+            "/teams/{id}/channels/{id}/enabledApps": "",
+            "/teams/{id}/channels/{id}/enabledApps/{id}": "",
+            "/teams/{id}/installedapps": "",
+            "/teams/{id}/installedapps/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
             "POST"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/$ref": "",
             "/teams/{id}/installedapps": ""
           }
         },
@@ -47296,10 +47427,10 @@
             "Application"
           ],
           "methods": [
-            "DELETE",
-            "GET"
+            "DELETE"
           ],
           "paths": {
+            "/teams/{id}/channels/{id}/enabledApps/{id}/$ref": "",
             "/teams/{id}/installedapps/{id}": ""
           }
         },

From b45c0293d7298c1a57f11fed6b8c1d92026c5a71 Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Mon, 8 Sep 2025 21:56:04 +0300
Subject: [PATCH 11/12] Weekly Permissions sync 2025-09-08 (#1260)

Co-authored-by: Jason Johnston <jasonjoh@users.noreply.github.com>
---
 permissions/new/permissions.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index 7f29d001..a536fef4 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -30098,6 +30098,7 @@
             "/networkAccess/securityProviders/{id}/registration": "least=DelegatedWork,Application",
             "/networkAccess/settings/conditionalAccess": "least=DelegatedWork,Application",
             "/networkAccess/settings/crossTenantAccess": "least=DelegatedWork,Application",
+            "/networkAccess/settings/customBlockPage": "least=DelegatedWork,Application",
             "/networkaccess/settings/enrichedAuditLogs": "least=DelegatedWork,Application",
             "/networkAccess/threatInspectionPolicies": "least=DelegatedWork,Application",
             "/networkAccess/threatIntelligencePolicies": "least=DelegatedWork,Application",
@@ -30203,6 +30204,7 @@
             "/networkAccess/securityProviders/{id}/registration": "",
             "/networkAccess/settings/conditionalAccess": "",
             "/networkAccess/settings/crossTenantAccess": "",
+            "/networkAccess/settings/customBlockPage": "",
             "/networkaccess/settings/enrichedAuditLogs": "",
             "/networkAccess/threatInspectionPolicies": "",
             "/networkAccess/threatIntelligencePolicies": "",
@@ -30273,6 +30275,7 @@
             "/networkAccess/securityProviderPolicies/{id}": "least=DelegatedWork,Application",
             "/networkAccess/settings/conditionalAccess": "least=DelegatedWork,Application",
             "/networkAccess/settings/crossTenantAccess": "least=DelegatedWork,Application",
+            "/networkAccess/settings/customBlockPage": "least=DelegatedWork,Application",
             "/networkaccess/settings/enrichedAuditLogs": "least=DelegatedWork,Application",
             "/networkAccess/threatInspectionPolicies/{id}": "least=DelegatedWork,Application",
             "/networkAccess/threatIntelligencePolicies/{id}": "least=DelegatedWork,Application",

From 7eaa74a4e35822dcd14fb988f20de8d2c5a60dde Mon Sep 17 00:00:00 2001
From: David <1511024+marabooy@users.noreply.github.com>
Date: Tue, 9 Sep 2025 03:35:40 +0300
Subject: [PATCH 12/12] Weekly Permissions sync 2025-09-09

---
 permissions/new/ProvisioningInfo.json | 42 +++++++++++++++++++++++++--
 permissions/new/permissions.json      | 38 ++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
index b64b721f..ca2cc3f0 100644
--- a/permissions/new/ProvisioningInfo.json
+++ b/permissions/new/ProvisioningInfo.json
@@ -7464,6 +7464,42 @@
         "resourceAppId": ""
       }
     ],
+    "MailboxConfigItem.Read": [
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
+      },
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
+      }
+    ],
+    "MailboxConfigItem.ReadWrite": [
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
+      },
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
+      }
+    ],
     "MailboxFolder.Read": [
       {
         "id": "52dc2051-4958-4636-8f2a-281d39c6981c",
@@ -14747,7 +14783,7 @@
         "id": "7ff9afdd-0cdb-439d-a61c-fea3e9339e89",
         "scheme": "DelegatedWork",
         "environment": "PPE;public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": ""
       },
@@ -14755,7 +14791,7 @@
         "id": "a94a502d-0281-4d15-8cd2-682ac9362c4c",
         "scheme": "Application",
         "environment": "PPE;public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": ""
       }
@@ -16565,4 +16601,4 @@
       }
     ]
   }
-}
\ No newline at end of file
+}
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
index a536fef4..7e0769e5 100644
--- a/permissions/new/permissions.json
+++ b/permissions/new/permissions.json
@@ -50685,6 +50685,44 @@
         "ownerSecurityGroup": "IdentityReq"
       }
     },
+    "User-OnPremisesSyncBehavior.ReadWrite.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read and update the on-premises sync behavior of users",
+          "adminDescription": "Allows the app to read and update the on-premises sync behavior of users on behalf of the signed-in user.",
+          "userDisplayName": "Read and update the on-premises sync behavior of users",
+          "userDescription": "Allows the app to update the on-premises sync behavior of users on your behalf.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 2
+        },
+        "Application": {
+          "adminDisplayName": "Read and update the on-premises sync behavior of users",
+          "adminDescription": "Allows the app to update the on-premises sync behavior of all users without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET",
+            "PATCH"
+          ],
+          "paths": {
+            "/users/{id}/onPremisesSyncBehavior": "least=DelegatedWork,Application",
+            "/users/onPremisesSyncBehavior": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "ddsappperm"
+      }
+    },
     "User-PasswordProfile.ReadWrite.All": {
       "authorizationType": "oAuth2",
       "schemes": {