From db9a421c217280f15c385a0a864f51b13aaab53f Mon Sep 17 00:00:00 2001 From: David <1511024+marabooy@users.noreply.github.com> Date: Thu, 4 Jun 2026 03:31:45 +0300 Subject: [PATCH] Weekly Permissions sync 2026-06-04 --- permissions/new/permissions.json | 172 ++++---------------------- permissions/new/provisioningInfo.json | 18 +++ 2 files changed, 40 insertions(+), 150 deletions(-) diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json index 1d82329e..1a826baa 100644 --- a/permissions/new/permissions.json +++ b/permissions/new/permissions.json @@ -3894,7 +3894,7 @@ ], "paths": { "/applications": "least=DelegatedWork,DelegatedPersonal,Application", - "/applications(appid={value})": "least=DelegatedWork,DelegatedPersonal", + "/applications(appid={value})": "least=DelegatedWork,DelegatedPersonal,Application", "/applications/{id}": "least=DelegatedWork,DelegatedPersonal,Application", "/applications/{id}/extensionproperties": "least=DelegatedWork,DelegatedPersonal,Application", "/applications/{id}/extensionproperties/{id}": "least=DelegatedWork,DelegatedPersonal,Application" @@ -9262,10 +9262,10 @@ "/app/calls": "", "/app/calls/{id}/addlargegalleryview": "", "/app/calls/{id}/answer": "least=Application", - "/app/calls/{id}/participants/{id}/admitFromLobby": "least=Application", + "/app/calls/{id}/participants/{id}/admitFromLobby": "", "/app/calls/{id}/participants/{id}/mute": "least=Application", - "/app/calls/{id}/participants/{id}/removeFromLobby": "least=Application", - "/app/calls/{id}/participants/admitAllFromLobby": "least=Application", + "/app/calls/{id}/participants/{id}/removeFromLobby": "", + "/app/calls/{id}/participants/admitAllFromLobby": "", "/app/calls/{id}/participants/configuremixer": "", "/app/calls/{id}/participants/muteall": "least=Application", "/app/calls/{id}/startRecording": "least=Application", @@ -9276,12 +9276,12 @@ "/communications/calls": "", "/communications/calls/{id}/addlargegalleryview": "", "/communications/calls/{id}/answer": "least=Application", - "/communications/calls/{id}/participants/{id}/admitFromLobby": "least=Application", + "/communications/calls/{id}/participants/{id}/admitFromLobby": "", "/communications/calls/{id}/participants/{id}/mute": "least=Application", - "/communications/calls/{id}/participants/{id}/removeFromLobby": "least=Application", + "/communications/calls/{id}/participants/{id}/removeFromLobby": "", "/communications/calls/{id}/participants/{id}/startholdmusic": "", "/communications/calls/{id}/participants/{id}/stopholdmusic": "", - "/communications/calls/{id}/participants/admitAllFromLobby": "least=Application", + "/communications/calls/{id}/participants/admitAllFromLobby": "", "/communications/calls/{id}/participants/configuremixer": "", "/communications/calls/{id}/participants/muteall": "least=Application", "/communications/calls/{id}/startRecording": "least=Application", @@ -9380,18 +9380,18 @@ "POST" ], "paths": { - "/app/calls/{id}/participants/{id}/admitFromLobby": "", + "/app/calls/{id}/participants/{id}/admitFromLobby": "least=Application", "/app/calls/{id}/participants/{id}/mute": "", - "/app/calls/{id}/participants/{id}/removeFromLobby": "", - "/app/calls/{id}/participants/admitAllFromLobby": "", + "/app/calls/{id}/participants/{id}/removeFromLobby": "least=Application", + "/app/calls/{id}/participants/admitAllFromLobby": "least=Application", "/app/calls/{id}/participants/configuremixer": "", "/app/calls/{id}/participants/muteall": "", - "/communications/calls/{id}/participants/{id}/admitFromLobby": "", + "/communications/calls/{id}/participants/{id}/admitFromLobby": "least=Application", "/communications/calls/{id}/participants/{id}/mute": "", - "/communications/calls/{id}/participants/{id}/removeFromLobby": "", + "/communications/calls/{id}/participants/{id}/removeFromLobby": "least=Application", "/communications/calls/{id}/participants/{id}/startholdmusic": "least=Application", "/communications/calls/{id}/participants/{id}/stopholdmusic": "least=Application", - "/communications/calls/{id}/participants/admitAllFromLobby": "", + "/communications/calls/{id}/participants/admitAllFromLobby": "least=Application", "/communications/calls/{id}/participants/configuremixer": "", "/communications/calls/{id}/participants/muteall": "" } @@ -19720,8 +19720,6 @@ "/auditlogs/directoryaudits": "", "/auditlogs/directoryaudits/{id}": "", "/auditlogs/provisioning": "", - "/auditlogs/signins": "", - "/auditlogs/signins/{id}": "", "/contacts": "", "/contacts/{id}": "", "/contacts/{id}/directreports": "", @@ -34508,6 +34506,8 @@ "/networkAccess/deployments": "least=DelegatedWork,Application", "/networkAccess/deployments/{id}": "least=DelegatedWork,Application", "/networkAccess/explicitForwardProxyConfig": "least=DelegatedWork,Application", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles": "least=DelegatedWork,Application", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles/{id}": "least=DelegatedWork,Application", "/networkAccess/fileDlpPolicies": "least=DelegatedWork,Application", "/networkAccess/filePolicies": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}": "least=DelegatedWork,Application", @@ -34637,6 +34637,8 @@ "/networkAccess/contentTypePolicies/{id}/policyRules/{id}": "", "/networkaccess/discovery/discoveredApplicationSegments": "", "/networkAccess/explicitForwardProxyConfig": "", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles": "", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles/{id}": "", "/networkAccess/fileDlpPolicies": "", "/networkAccess/filePolicies": "", "/networkAccess/filePolicies/{id}": "", @@ -34730,6 +34732,7 @@ "/networkAccess/contentTypePolicies": "least=DelegatedWork,Application", "/networkAccess/contentTypePolicies/{id}/policyRules": "least=DelegatedWork,Application", "/networkAccess/discoverMcpTools": "", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles": "least=DelegatedWork,Application", "/networkAccess/fileDlpPolicies": "least=DelegatedWork,Application", "/networkAccess/filePolicies": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}/policyRules": "least=DelegatedWork,Application", @@ -34776,6 +34779,7 @@ "/networkAccess/contentTypePolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/contentTypePolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", "/networkAccess/explicitForwardProxyConfig": "least=DelegatedWork,Application", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles/{id}": "least=DelegatedWork,Application", "/networkAccess/fileDlpPolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", @@ -34821,6 +34825,7 @@ "/networkAccess/contentPolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", "/networkAccess/contentTypePolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/contentTypePolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", + "/networkAccess/explicitForwardProxyConfig/proxyAutoConfigurationFiles/{id}": "least=DelegatedWork,Application", "/networkAccess/fileDlpPolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}": "least=DelegatedWork,Application", "/networkAccess/filePolicies/{id}/policyRules/{id}": "least=DelegatedWork,Application", @@ -38487,139 +38492,6 @@ "ownerSecurityGroup": "cpimmsgraphadmins" } }, - "Policy.Read.ApplicationConfiguration": { - "authorizationType": "oAuth2", - "schemes": { - "DelegatedWork": { - "adminDisplayName": "Read your organization's application configuration policies", - "adminDescription": "Allows the app to read your organization's application configuration policies on behalf of the signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, claimsPolicy, tokenIssuancePolicy and tokenLifetimePolicy.", - "userDisplayName": "Read your organization's application configuration policies", - "userDescription": "Allows the app to read your organization's application configuration policies on your behalf. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, claimsPolicy, tokenIssuancePolicy and tokenLifetimePolicy.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - }, - "Application": { - "adminDisplayName": "Read your organization's application configuration policies", - "adminDescription": "Allows the app to read your organization's application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, claimsPolicy, tokenIssuancePolicy and tokenLifetimePolicy.", - "requiresAdminConsent": true, - "privilegeLevel": 4 - } - }, - "pathSets": [ - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "GET", - "POST" - ], - "paths": { - "/identity/events/onsignupstart": "least=DelegatedWork,Application", - "/policies/activitybasedtimeoutpolicies": "least=DelegatedWork,Application", - "/policies/appmanagementpolicies": "least=DelegatedWork,Application", - "/policies/claimsmappingpolicies": "least=DelegatedWork,Application", - "/policies/homerealmdiscoverypolicies": "least=DelegatedWork,Application", - "/policies/tokenissuancepolicies": "least=DelegatedWork,Application", - "/policies/tokenlifetimepolicies": "least=DelegatedWork,Application" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "DELETE", - "POST" - ], - "paths": { - "/applications/{id}/appmanagementpolicies": "" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "DELETE", - "GET", - "PATCH", - "PUT" - ], - "paths": { - "/identity/events/onsignupstart/{id}": "least=DelegatedWork,Application" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "DELETE", - "GET", - "PATCH" - ], - "paths": { - "/policies/activitybasedtimeoutpolicies/{id}": "least=DelegatedWork,Application", - "/policies/appmanagementpolicies/{id}": "least=DelegatedWork,Application", - "/policies/claimsmappingpolicies/{id}": "least=DelegatedWork,Application", - "/policies/homerealmdiscoverypolicies/{id}": "least=DelegatedWork,Application", - "/policies/tokenissuancepolicies/{id}": "least=DelegatedWork,Application", - "/policies/tokenlifetimepolicies/{id}": "least=DelegatedWork,Application" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "GET" - ], - "paths": { - "/policies/appmanagementpolicies/{id}/appliesto": "", - "/policies/claimsmappingpolicies/{id}/appliesto": "", - "/policies/homerealmdiscoverypolicies/{id}/appliesto": "", - "/policies/tokenissuancepolicies/{id}/appliesto": "", - "/policies/tokenlifetimepolicies/{id}/appliesto": "" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "GET", - "PATCH" - ], - "paths": { - "/policies/defaultappmanagementpolicy": "least=DelegatedWork,Application" - } - }, - { - "schemeKeys": [ - "DelegatedWork", - "Application" - ], - "methods": [ - "GET", - "PATCH", - "PUT" - ], - "paths": { - "/serviceprincipals/{id}/claimsPolicy": "least=DelegatedWork,Application" - } - } - ], - "ownerInfo": { - "ownerSecurityGroup": "idappcore" - } - }, "Policy.Read.AuthenticationMethod": { "authorizationType": "oAuth2", "schemes": { @@ -39584,7 +39456,7 @@ "paths": { "/identity/conditionalaccess/authenticationcontextclassreferences/{id}": "", "/identity/continuousaccessevaluationpolicy": "", - "/policies/identitysecuritydefaultsenforcementpolicy": "" + "/policies/identitysecuritydefaultsenforcementpolicy": "AlsoRequires=Policy.Read.All" } }, { @@ -40463,7 +40335,7 @@ "PATCH" ], "paths": { - "/policies/identitysecuritydefaultsenforcementpolicy": "least=DelegatedWork,Application" + "/policies/identitysecuritydefaultsenforcementpolicy": "least=DelegatedWork,Application;AlsoRequires=Policy.Read.All" } } ], diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json index eb118fae..4a71a5bb 100644 --- a/permissions/new/provisioningInfo.json +++ b/permissions/new/provisioningInfo.json @@ -11508,6 +11508,24 @@ "resourceAppId": "" } ], + "Policy.Read.ApplicationConfiguration": [ + { + "id": "", + "scheme": "Application", + "environment": "public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + }, + { + "id": "", + "scheme": "DelegatedWork", + "environment": "public", + "isHidden": true, + "isEnabled": false, + "resourceAppId": "00000002-0000-0000-c000-000000000000" + } + ], "Policy.ReadWrite.ApplicationConfiguration": [ { "id": "b27add92-efb2-4f16-84f5-8108ba77985c",