Skip to content

Weekly Permissions sync 2026-01-19 #1410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
marabooy wants to merge 2 commits into from
Closed

Weekly Permissions sync 2026-01-19 #1410

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7f6a2f5
Weekly Permissions sync 2026-01-19
marabooy Jan 19, 2026
7465ed7
Merge branch 'master' into permissions-update/2026-01-19
jasonjoh Jan 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 79 additions & 10 deletions permissions/new/permissions.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32212,7 +32212,7 @@
"adminDescription": "Allows the app to read the user's mailbox folders, on behalf of the the signed-in user.",
"userDisplayName": "Read your mailbox folders",
"userDescription": "Allows the app to read your mailbox folders, on your behalf",
"requiresAdminConsent": false,
"requiresAdminConsent": true,
"privilegeLevel": 2
}
},
Expand Down Expand Up @@ -32270,7 +32270,7 @@
"adminDescription": "Allows the app to read and write the user's mailbox folders, on behalf of the the signed-in user.",
"userDisplayName": "Read and write your mailbox folders",
"userDescription": "Allows the app to read and write your mailbox folders, on your behalf",
"requiresAdminConsent": false,
"requiresAdminConsent": true,
"privilegeLevel": 2
}
},
Expand Down Expand Up @@ -32346,6 +32346,62 @@
"ownerSecurityGroup": "stisaprvc"
}
},
"MailboxItem.Export": {
"authorizationType": "oAuth2",
"schemes": {
"DelegatedWork": {
"adminDisplayName": "Export a user's mailbox items",
"adminDescription": "Allows the app to export the user's mailbox items, on behalf of the the signed-in user.",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a double article "the the" in the admin description. It should be "on behalf of the signed-in user" instead of "on behalf of the the signed-in user".

Copilot uses AI. Check for mistakes.
"userDisplayName": "Export your mailbox items",
"userDescription": "Allows the app to export your mailbox items, on your behalf",
"requiresAdminConsent": true,
"privilegeLevel": 2
}
},
"pathSets": [
{
"schemeKeys": [
"DelegatedWork"
],
"methods": [
"POST"
],
"paths": {
"/admin/exchange/mailboxes/{id}/exportItems": "least=DelegatedWork"
}
}
],
"ownerInfo": {
"ownerSecurityGroup": "stisaprvc"
}
},
"MailboxItem.Export.All": {
"authorizationType": "oAuth2",
"schemes": {
"Application": {
"adminDisplayName": "Export all the users' mailbox items",
"adminDescription": "Allows the app to export all the users' mailbox items, without signed-in user.",
"requiresAdminConsent": true,
"privilegeLevel": 4
}
},
"pathSets": [
{
"schemeKeys": [
"Application"
],
"methods": [
"POST"
],
"paths": {
"/admin/exchange/mailboxes/{id}/exportItems": "least=Application"
}
}
],
"ownerInfo": {
"ownerSecurityGroup": "stisaprvc"
}
},
"MailboxItem.ImportExport": {
"authorizationType": "oAuth2",
"schemes": {
Expand All @@ -32354,7 +32410,7 @@
"adminDescription": "Allows the app to export and import the user's mailbox items, on behalf of the the signed-in user.",
"userDisplayName": "Export and import your mailbox items",
"userDescription": "Allows the app to export and import your mailbox items, on your behalf",
"requiresAdminConsent": false,
"requiresAdminConsent": true,
"privilegeLevel": 2
}
},
Expand Down Expand Up @@ -32412,7 +32468,7 @@
"adminDescription": "Allows the app to read the user's mailbox items, on behalf of the the signed-in user.",
"userDisplayName": "Read your mailbox items",
"userDescription": "Allows the app to read your mailbox items, on your behalf",
"requiresAdminConsent": false,
"requiresAdminConsent": true,
"privilegeLevel": 2
}
},
Expand Down Expand Up @@ -36904,8 +36960,11 @@
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "least=DelegatedWork,Application",
Expand All @@ -36915,9 +36974,12 @@
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMigration": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application",
"/policies/defaultappmanagementpolicy": "least=DelegatedWork,Application",
"/policies/externalidentitiespolicy": "least=DelegatedWork,Application",
"/policies/homerealmdiscoverypolicies": "least=DelegatedWork,Application",
Expand Down Expand Up @@ -38539,8 +38601,11 @@
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application"
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application"
}
},
{
Expand All @@ -38559,9 +38624,12 @@
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMigration": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application"
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
"/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application"
}
}
],
Expand Down Expand Up @@ -60640,6 +60708,7 @@
"/admin/windows/updates/knownIssues/{id}": "least=DelegatedWork,Application",
"/admin/windows/updates/knownIssues/Default.findByKbNumber(kbNumber={kbNumber})": "least=DelegatedWork,Application",
"/admin/windows/updates/knownIssues/findByKbNumber(kbNumber={kbNumber})": "least=DelegatedWork,Application",
"/admin/windows/updates/policies/{id}/applicableContent": "least=DelegatedWork,Application",
"/admin/windows/updates/products": "least=DelegatedWork,Application",
"/admin/windows/updates/products/{id}": "least=DelegatedWork,Application",
"/admin/windows/updates/products/{id}/Default.getKnownIssuesByTimeRange(daysInPast={daysInPast},includeAllActive={includeAllActive})": "least=DelegatedWork,Application",
Expand Down
66 changes: 61 additions & 5 deletions permissions/new/provisioningInfo.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -586,6 +586,24 @@
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"AgentIdentityBlueprintPrincipal.ReadWrite.ManagedBy": [
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "Application",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
},
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "DelegatedWork",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"Agreement.Read.All": [
{
"id": "af2819c9-df71-4dd3-ade7-4d7c9dc653b7",
Expand Down Expand Up @@ -5816,7 +5834,7 @@
"resourceAppId": ""
}
],
"EntraBackup.Read.Preview": [
"EntraBackup.Read.All": [
{
"id": "c16f30f0-3121-4976-bafe-66cb042f4f80",
"scheme": "Application",
Expand Down Expand Up @@ -8468,10 +8486,11 @@
],
"MailboxItem.Export": [
{
"id": "58d3e7fa-3ce9-4a0c-9baa-0971f64709d9",
"scheme": "DelegatedWork",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": false,
"isHidden": false,
"isEnabled": true,
"resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
}
],
Expand All @@ -8487,10 +8506,11 @@
],
"MailboxItem.Export.All": [
{
"id": "937550e9-33a3-494b-88ae-d9cd394b1fbb",
"scheme": "Application",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": false,
"isHidden": false,
"isEnabled": true,
"resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
}
],
Expand Down Expand Up @@ -13623,6 +13643,24 @@
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"AgentIdentity.ReadWrite.ManagedBy": [
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "Application",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
},
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "DelegatedWork",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"ServicePrincipal.Manage.OwnedBy": [
{
"id": "6930b171-5cf8-4865-ba0f-cfce959d1bca",
Expand Down Expand Up @@ -16607,6 +16645,24 @@
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"AgentIdUser.ReadWrite.ManagedBy": [
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "Application",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
},
{
"id": "",
Copy link

Copilot AI Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.

Copilot uses AI. Check for mistakes.
"scheme": "DelegatedWork",
"environment": "PPE;public",
"isHidden": true,
"isEnabled": true,
"resourceAppId": "00000002-0000-0000-c000-000000000000"
}
],
"User.RevokeSessions.All": [
{
"id": "fc30e98b-8810-4501-81f5-c20a3196387b",
Expand Down