Weekly Permissions sync 2025-10-10

permissions/new/permissions.json

@@ -16681,7 +16681,6 @@
             "/users/{id}/directreports": "",
             "/users/{id}/joinedteams": "",
             "/users/{id}/licensedetails": "",
-            "/users/{id}/licenseDetails/getTeamsLicensingDetails": "",
             "/users/{id}/manager": "",
             "/users/{id}/memberof": "least=Application",
             "/users/{id}/oauth2permissiongrants": "least=DelegatedWork,Application",
@@ -16730,7 +16729,8 @@
             "/me/registereddevices": "",
             "/me/scopedrolememberof": "least=DelegatedWork",
             "/me/transitivememberof": "",
-            "/privilegedroleassignmentrequests": "least=DelegatedWork"
+            "/privilegedroleassignmentrequests": "least=DelegatedWork",
+            "/users/{id}/licenseDetails/getTeamsLicensingDetails": ""
           }
         },
         {
@@ -16966,7 +16966,6 @@
             "/users/{id}/directreports": "",
             "/users/{id}/joinedteams": "",
             "/users/{id}/licensedetails": "",
-            "/users/{id}/licenseDetails/getTeamsLicensingDetails": "",
             "/users/{id}/memberof": "",
             "/users/{id}/owneddevices": "",
             "/users/{id}/ownedobjects": "",
@@ -17108,7 +17107,8 @@
             "/onpremisespublishingprofiles/applicationproxy/connectorgroups/{id}/applications": "least=DelegatedWork",
             "/onpremisespublishingprofiles/applicationproxy/connectors": "least=DelegatedWork",
             "/onpremisespublishingprofiles/applicationproxy/connectors/{id}": "least=DelegatedWork",
-            "/serviceprincipals": ""
+            "/serviceprincipals": "",
+            "/users/{id}/licenseDetails/getTeamsLicensingDetails": ""
           }
         },
         {
@@ -37378,6 +37378,14 @@
     "PrivilegedAccess.Read.AzureADGroup": {
       "authorizationType": "oAuth2",
       "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read privileged access to Azure AD groups",
+          "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
+          "userDisplayName": "Read privileged access to Azure AD groups",
+          "userDescription": "Allows the app to read time-based assignment and just in time elevation (including scheduled elevation) of Azure AD groups in your organization, on your behalf.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        },
         "Application": {
           "adminDisplayName": "Read privileged access to Azure AD groups",
           "adminDescription": "Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user.",
@@ -37397,6 +37405,19 @@
             "/privilegedaccess/azureresources/resources/{id}/roleassignmentrequests": "",
             "/privilegedaccess/azureresources/roleassignmentrequests": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/identityGovernance/privilegedAccess/group/resources": "least=DelegatedWork,Application",
+            "/identityGovernance/privilegedAccess/group/resources/{id}": "least=DelegatedWork,Application"
+          }
         }
       ],
       "ownerInfo": {
@@ -37520,6 +37541,12 @@
           "userDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on your behalf.",
           "requiresAdminConsent": true,
           "privilegeLevel": 4
+        },
+        "Application": {
+          "adminDisplayName": "Read and write privileged access to Azure AD groups",
+          "adminDescription": "Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
         }
       },
       "pathSets": [
@@ -37545,6 +37572,19 @@
           "paths": {
             "/privilegedaccess/azureresources/roleassignmentrequests/{id}/cancel": ""
           }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/identityGovernance/privilegedAccess/group/resources": "",
+            "/identityGovernance/privilegedAccess/group/resources/{id}": ""
+          }
         }
       ],
       "ownerInfo": {
@@ -51886,7 +51926,6 @@
           ],
           "paths": {
             "/users/{id}/deleteddatetime": "least=Application",
-            "/users/{id}/licenseDetails/getTeamsLicensingDetails": "least=Application",
             "/users/{id}/memberof/{id}": "least=Application",
             "/users/{id}/outlook/supportedlanguages": "least=Application",
             "/users/{id}/outlook/supportedtimezones": "least=Application",
@@ -54205,6 +54244,76 @@
         "ownerSecurityGroup": "afsdev"
       }
     },
+    "VerifiedId-Profile.Read.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read Verified Id profiles",
+          "adminDescription": "This role can read Verified Id profiles in a tenant.",
+          "userDisplayName": "Read Verified Id profiles",
+          "userDescription": "This role can read Verified Id profiles in a tenant.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": "Read Verified Id profiles",
+          "adminDescription": "This role can read Verified Id profiles in a tenant.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/identity/verifiedId/profiles": "least=DelegatedWork,Application",
+            "/identity/verifiedId/profiles/{id}": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "cred_recovery"
+      }
+    },
+    "VerifiedId-Profile.ReadWrite.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read and write Verified Id profiles",
+          "adminDescription": "This role can read and write Verified Id profiles in a tenant.",
+          "userDisplayName": "Read and write Verified Id profiles",
+          "userDescription": "This role can read and write Verified Id profiles in a tenant.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
+            "DELETE",
+            "GET",
+            "PATCH",
+            "POST"
+          ],
+          "paths": {
+            "/identity/verifiedId/profiles": "least=DelegatedWork",
+            "/identity/verifiedId/profiles/{id}": "least=DelegatedWork"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "cred_recovery"
+      }
+    },
     "VirtualAppointment.Read": {
       "authorizationType": "oAuth2",
       "schemes": {

permissions/new/provisioningInfo.json

@@ -300,14 +300,6 @@
         "isHidden": true,
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-000000000000"
-      },
-      {
-        "id": "6ce0ade1-3a9a-40ba-ae13-11bf6279a04d",
-        "scheme": "DelegatedWork",
-        "environment": "PPE;public",
-        "isHidden": true,
-        "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-000000000000"
       }
     ],
     "AgentIdentityBlueprint.Read.All": [
@@ -436,6 +428,16 @@
         "resourceAppId": "00000003-0000-0000-c000-000000000000"
       }
     ],
+    "AgentIdentityBlueprintPrincipal.CreateAsManager": [
+      {
+        "id": "c50c596a-6889-4460-acb1-3ed7c5fc142a",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "00000003-0000-0000-c000-000000000000"
+      }
+    ],
     "AgentIdentityBlueprintPrincipal.Read.All": [
       {
         "id": "",
@@ -12799,14 +12801,6 @@
         "isHidden": true,
         "isEnabled": true,
         "resourceAppId": "00000003-0000-0000-c000-00000000000"
-      },
-      {
-        "id": "98f23116-27b1-42b4-814b-d258698a00b6",
-        "scheme": "DelegatedWork",
-        "environment": "PPE;public",
-        "isHidden": true,
-        "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-000000000000"
       }
     ],
     "AgentIdentity.Read.All": [
@@ -12988,15 +12982,15 @@
         "environment": "public",
         "isHidden": false,
         "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-00000000000"
+        "resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
       },
       {
         "id": "f5fa52a5-b9ab-4dc3-885e-9e5b4a67068e",
         "scheme": "Application",
         "environment": "public",
         "isHidden": false,
         "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-00000000000"
+        "resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
       }
     ],
     "SharePointCrossTenantMigration.Manage.All": [
@@ -13006,15 +13000,15 @@
         "environment": "public",
         "isHidden": false,
         "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-00000000000"
+        "resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
       },
       {
         "id": "a0521574-fcd8-4742-b29c-f796df57ea70",
         "scheme": "Application",
         "environment": "public",
         "isHidden": false,
         "isEnabled": true,
-        "resourceAppId": "00000003-0000-0000-c000-00000000000"
+        "resourceAppId": "00000003-0000-0ff1-ce00-000000000000"
       }
     ],
     "SharePointTenantSettings.Read.All": [
@@ -17174,15 +17168,15 @@
         "id": "604b2056-41ed-4c56-aad5-1241d4ef7333",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
       },
       {
         "id": "e227c591-dd64-4a8a-a033-816167f7c938",
         "scheme": "Application",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
       }
@@ -17192,7 +17186,7 @@
         "id": "e4a9cb5e-4767-48f8-9029-decf26a54456",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
       }