Merge pull request #946 from microsoftgraph/permissions-update/2025-0…

…1-07 Weekly Permissions sync 2025-01-07
microsoftgraph · Jan 7, 2025 · 78ff45f · 78ff45f
2 parents 23a9bbf + 47dd097
commit 78ff45f
Show file tree

Hide file tree

Showing 2 changed files with 131 additions and 6 deletions.
diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
@@ -1868,6 +1868,16 @@
                 "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b"
             }
         ],
+        "ChannelMember.ReadWrite.Group": [
+            {
+                "id": "7b795957-4e3f-4fbe-a18b-6b8736adc00f",
+                "scheme": "Application",
+                "environment": "public",
+                "isHidden": true,
+                "isEnabled": false,
+                "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b"
+            }
+        ],
         "ChannelMember.ReadWrite.All": [
             {
                 "id": "0c3e411a-ce45-4cd1-8f30-f99a3efa7b11",
@@ -8762,6 +8772,22 @@
                 "resourceAppId": ""
             }
         ],
+        "Policy.ReadWrite.CrossTenantCapability": [
+            {
+                "scheme": "DelegatedWork",
+                "environment": "public",
+                "isHidden": true,
+                "isEnabled": false,
+                "resourceAppId": "25254d2d-55ce-461a-b245-3258f0f6a24d"
+            },
+            {
+                "scheme": "Application",
+                "environment": "public",
+                "isHidden": true,
+                "isEnabled": false,
+                "resourceAppId": "25254d2d-55ce-461a-b245-3258f0f6a24d"
+            }
+        ],
         "Policy.ReadWrite.DeviceConfiguration": [
             {
                 "id": "40b534c3-9552-4550-901b-23879c90bcf9",
@@ -14002,7 +14028,7 @@
                 "id": "b7fb81ff-4a7a-4d54-b790-8f47aa4818cb",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
             }
@@ -14020,7 +14046,7 @@
                 "id": "5e20ac9f-f42c-4807-8c3c-9fe7904be5b6",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "ea890292-c8c8-4433-b5ea-b09d0668e1a6"
             }

diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -5987,8 +5987,8 @@
           "paths": {
             "/chats/{id}/members/{id}": "",
             "/teams/{id}/channels/{id}/doesuserhaveaccess": "least=DelegatedWork,Application",
-            "/teams/{id}/channels/{id}/members": "least=Application",
-            "/teams/{id}/channels/{id}/members/{id}": "least=DelegatedWork,Application",
+            "/teams/{id}/channels/{id}/members": "",
+            "/teams/{id}/channels/{id}/members/{id}": "least=DelegatedWork",
             "/teams/{id}/channels/{id}/sharedwithteams": "least=DelegatedWork,Application",
             "/teams/{id}/channels/{id}/sharedwithteams/{id}": "least=DelegatedWork,Application",
             "/teams/{id}/channels/{id}/sharedwithteams/{id}/allowedmembers": "least=DelegatedWork,Application"
@@ -6104,7 +6104,7 @@
             "POST"
           ],
           "paths": {
-            "/teams/{id}/channels/{id}/members": "least=DelegatedWork,Application"
+            "/teams/{id}/channels/{id}/members": "least=DelegatedWork"
           }
         },
         {
@@ -6118,7 +6118,7 @@
             "PATCH"
           ],
           "paths": {
-            "/teams/{id}/channels/{id}/members/{id}": "least=DelegatedWork,Application"
+            "/teams/{id}/channels/{id}/members/{id}": "least=DelegatedWork"
           }
         },
         {
@@ -31432,9 +31432,14 @@
             "/policies/claimsmappingpolicies/{id}/appliesto": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailboxMigration": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
             "/policies/defaultappmanagementpolicy": "least=DelegatedWork,Application",
             "/policies/externalidentitiespolicy": "least=DelegatedWork,Application",
             "/policies/homerealmdiscoverypolicies": "least=DelegatedWork,Application",
@@ -49538,6 +49543,100 @@
         "ownerSecurityGroup": "mfateam"
       }
     },
+    "UserAuthMethod-Passkey.Read.All": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read all users' passkey authentication methods",
+          "adminDescription": "Allows the app to read passkey authentication methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
+          "userDisplayName": "Read all users' passkey authentication methods",
+          "userDescription": "Allows the app to read passkey authentication methods of all users you have access to in your organization.This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": " Read all users' passkey authentication methods",
+          "adminDescription": " Allows the app to read passkey authentication methods of all users in your organization, without a signed-in user. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/me/authentication/fido2methods": "",
+            "/me/authentication/fido2methods/{id}": "",
+            "/me/authentication/fido2methods/creationOptions": "",
+            "/users/{id}/authentication/fido2methods": "",
+            "/users/{id}/authentication/fido2methods/{id}": "",
+            "/users/{id}/authentication/fido2methods/creationOptions": ""
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "mfateam"
+      }
+    },
+    "UserAuthMethod-Passkey.ReadWrite.All": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read and write all users' passkey methods.",
+          "adminDescription": "Allows the app to read and write passkey authentication methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
+          "userDisplayName": "Read and write all users' passkey authentication methods",
+          "userDescription": "Allows the app to read and write passkey authentication methods of all users you have access to in your organization. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        },
+        "Application": {
+          "adminDisplayName": "Read and write all users' passkey authentication methods",
+          "adminDescription": "Allows the application to read and write passkey authentication methods of all users in your organization, without a signed-in user. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/me/authentication/fido2methods": "",
+            "/me/authentication/fido2methods/{id}": "",
+            "/me/authentication/fido2methods/creationOptions": "",
+            "/users/{id}/authentication/fido2methods": "",
+            "/users/{id}/authentication/fido2methods/{id}": "",
+            "/users/{id}/authentication/fido2methods/creationOptions": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "DELETE",
+            "PATCH"
+          ],
+          "paths": {
+            "/me/authentication/fido2methods/{id}": "least=Application",
+            "/users/{id}/authentication/fido2methods/{id}": "least=Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "mfateam"
+      }
+    },
     "UserShiftPreferences.Read.All": {
       "schemes": {
         "Application": {