Conversation
There was a problem hiding this comment.
Pull request overview
This pull request updates the permissions configuration files as part of the weekly permissions sync for January 17, 2026. The changes include adding new permissions, renaming existing permissions, and updating permission requirements.
Changes:
- Added new agent identity management permissions with empty ID fields that need to be populated
- Updated mailbox-related permissions to require admin consent and added export-specific permissions
- Refined cross-tenant access policy capabilities by splitting and adding new endpoint paths
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Added three new agent identity permission sets, renamed EntraBackup permission from Preview to All, and enabled MailboxItem export permissions with proper IDs |
| permissions/new/permissions.json | Updated requiresAdminConsent flags for mailbox permissions, added MailboxItem export permission definitions, refined cross-tenant policy paths, and added Windows update policy path |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
| ], | ||
| "AgentIdentityBlueprintPrincipal.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
| ], | ||
| "AgentIdentity.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
| ], | ||
| "AgentIdUser.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. Each permission entry should have a valid GUID identifier to ensure proper provisioning and tracking.
Weekly Permissions sync 2026-01-17