Merge pull request #1208 from microsoftgraph/dev

ramsessanchez · web-flow · commit 592a1551edae · 2025-07-30T11:06:35.000-07:00
Merge for prod deployment
diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
@@ -2833,15 +2833,15 @@
         "id": "1e4c6c41-0803-4f52-85ef-0a5d63ad8670",
         "scheme": "DelegatedWork",
         "environment": "PPE;public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": ""
       },
       {
         "id": "c8948c23-e66b-42db-83fd-770b71ab78d2",
         "scheme": "Application",
         "environment": "PPE;public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": ""
       }
@@ -2937,6 +2937,24 @@
         "isEnabled": true,
         "resourceAppId": ""
       }
+    ],
+	"Contracts.Read.All": [
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000003-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000003-0000-0000-c000-000000000000"
+      }
     ],
     "CopilotConversation.ReadWrite": [
       {
@@ -14618,6 +14636,16 @@
         "resourceAppId": "de247707-4e4a-47d6-89fd-3c632f870b34"
       }
     ],
+    "User-PublicCredentials.Read.All": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "66244124-575c-4284-92bc-fdd00e669cea"
+      }
+    ],
     "User.DeleteRestore.All": [
       {
         "id": "4bb440cd-2cf2-4f90-8004-aa2acd2537c5",
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -8479,6 +8479,9 @@
             "/devicemanagement/virtualendpoint/auditevents": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/auditevents/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/auditevents/getauditactivitytypes": "least=DelegatedWork,Application",
+            "/deviceManagement/virtualEndpoint/cloudApps": "least=DelegatedWork,Application",
+            "/deviceManagement/virtualEndpoint/cloudApps/{id}": "least=DelegatedWork,Application",
+            "/deviceManagement/virtualEndpoint/cloudApps/retrieveDiscoveredApps(sourceId={value},provisioningPolicyId={value})": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/getcloudpcconnectivityhistory": "least=DelegatedWork,Application",
@@ -8495,6 +8498,9 @@
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/provisioningpolicies": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/provisioningpolicies/{id}": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence/retrieveUserSettingsPersistenceProfiles(configurationId={value})": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence/retrieveUserSettingsPersistenceProfileUsage(configurationId={value})": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/getrealtimeremoteconnectionlatency(cloudpcid={value})": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/getrealtimeremoteconnectionstatus(cloudpcid={value})": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/serviceplans": "least=DelegatedWork,Application",
@@ -8633,6 +8639,9 @@
             "/devicemanagement/virtualendpoint/galleryimages/{id}": "",
             "/devicemanagement/virtualendpoint/onpremisesconnections": "",
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}": "",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence/retrieveUserSettingsPersistenceProfiles(configurationId={value})": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence/retrieveUserSettingsPersistenceProfileUsage(configurationId={value})": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/exportjobs/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/getrealtimeremoteconnectionlatency(cloudpcid={value})": "",
             "/devicemanagement/virtualendpoint/reports/getrealtimeremoteconnectionstatus(cloudpcid={value})": "",
@@ -8663,6 +8672,9 @@
             "/devicemanagement/manageddevices/bulkreprovisioncloudpc": "least=DelegatedWork,Application",
             "/devicemanagement/manageddevices/bulkrestorecloudpc": "least=DelegatedWork,Application",
             "/devicemanagement/manageddevices/bulksetcloudpcreviewstatus": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/cloudApps/publish": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/cloudApps/reset": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/cloudApps/unpublish": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/changeuseraccounttype": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/endgraceperiod": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/poweroff": "least=DelegatedWork,Application",
@@ -8678,6 +8690,7 @@
             "/devicemanagement/virtualendpoint/deviceimages/{id}/reupload": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}/updateaddomainpassword": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assign": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assignments/{id}/cloudPCUserSettingsPersistence/batchCleanupUserSettingsPersistenceProfile": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/exportjobs": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/reports/getdailyaggregatedremoteconnectionreports": "",
             "/devicemanagement/virtualendpoint/reports/getremoteconnectionhistoricalreports": "",
@@ -8728,6 +8741,7 @@
             "PATCH"
           ],
           "paths": {
+            "/devicemanagement/virtualendpoint/cloudApps/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/externalpartnersettings/{id}": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/organizationsettings": "least=DelegatedWork,Application"
           }
@@ -9256,6 +9270,46 @@
         "ownerSecurityGroup": "aadaccessreviews"
       }
     },
+    "Contacts-OnPremisesSyncBehavior.ReadWrite.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read and update the on-premises sync behavior of contacts",
+          "adminDescription": "Allows the app to read and update the on-premises sync behavior of contacts a user has permissions to, including their own and shared contacts.",
+          "userDisplayName": "Read and update the on-premises sync behavior of your own and shared contacts",
+          "userDescription": "Allows the app to update the on-premises sync behavior of contacts you have permissions to access, including your own and shared contacts.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 2
+        },
+        "Application": {
+          "adminDisplayName": "Read and update the on-premises sync behavior of contacts",
+          "adminDescription": "Allows the app to update the on-premises sync behavior of all contacts in all mailboxes without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET",
+            "PATCH"
+          ],
+          "paths": {
+            "/me/contacts/{id}/onPremisesSyncBehavior": "least=DelegatedWork,Application",
+            "/me/contacts/onPremisesSyncBehavior": "least=DelegatedWork,Application",
+            "/users/{id}/contacts/{id}/onPremisesSyncBehavior": "least=DelegatedWork,Application",
+            "/users/{id}/contacts/onPremisesSyncBehavior": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "ddsappperm"
+      }
+    },
     "Contacts.Read": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -16258,8 +16312,8 @@
             "/contacts/{id}/transitivememberof": "",
             "/contacts/{id}/transitivereports/$count": "",
             "/contacts/delta": "",
-            "/contracts": "least=DelegatedWork,Application",
-            "/contracts/{id}": "least=DelegatedWork,Application",
+            "/contracts": "",
+            "/contracts/{id}": "",
             "/dataclassification/jobs": "least=DelegatedWork,Application",
             "/dataclassification/jobs/{id}": "least=DelegatedWork,Application",
             "/dataclassification/sensitivetypes": "least=DelegatedWork,Application",
diff --git a/permissions/permissions-descriptions.json b/permissions/permissions-descriptions.json
@@ -630,6 +630,16 @@
       "isEnabled": true,
       "value": "Group-Conversation.Read.All"
     },
+    {
+      "adminConsentDescription": "Allows the app to read and update the on-premises sync behavior of groups on behalf of the signed-in user.",
+      "adminConsentDisplayName": "Read and update the on-premises sync behavior of groups",
+      "consentDescription": "Allows the app to update the on-premises sync behavior of groups on your behalf.",
+      "consentDisplayName": "Read and update the on-premises sync behavior of groups",
+      "id": "37e00479-5776-4659-aecf-4841ec5d590a",
+      "isAdmin": true,
+      "isEnabled": true,
+      "value": "Group-OnPremisesSyncBehavior.ReadWrite.All"
+    },    
     {
       "adminConsentDescription": "Allow the application to access files explicitly permissioned to the application on behalf of the signed in user.  The specific files and the permissions granted will be configured in SharePoint Online or OneDrive.",
       "adminConsentDisplayName": "Access selected Files, on behalf of the signed-in user",
@@ -3030,6 +3040,16 @@
       "isEnabled": true,
       "value": "Policy.ReadWrite.CrossTenantAccess"
     },
+    {
+      "adminConsentDescription": "Allows the app to read and write your organization's M365 cross tenant access capabilities on behalf of the signed-in user.",
+      "adminConsentDisplayName": "Read and write your organization's M365 cross tenant access capabilities",
+      "consentDescription": "Allows the app to read and write your organization's M365 cross tenant access capabilities on your behalf.",
+      "consentDisplayName": "Read and write your organization's M365 cross tenant access capabilities",
+      "id": "9ef7463f-1d39-406f-89ea-3483a4645e1c",
+      "isAdmin": true,
+      "isEnabled": true,
+      "value": "Policy.ReadWrite.CrossTenantCapability"
+    },
     {
       "adminConsentDescription": "Allows the app to read custom security attribute definitions for the tenant on behalf of a signed in user.",
       "adminConsentDisplayName": "Read custom security attribute definitions",
@@ -6640,6 +6660,19 @@
       "isEnabled": true,
       "value": "Group-Conversation.Read.All"
     },
+    {
+      "adminConsentDescription": "Allows the app to update the on-premises sync behavior of all groups without a signed-in user.",
+      "adminConsentDisplayName": "Read and update the on-premises sync behavior of groups",
+      "allowedMemberTypes": [
+        "Application"
+      ],
+      "consentDescription": null,
+      "consentDisplayName": null,
+      "id": "2d9bd318-b883-40be-9df7-63ec4fcdc424",
+      "isAdmin": true,
+      "isEnabled": true,
+      "value": "Group-OnPremisesSyncBehavior.ReadWrite.All"
+    },    
     {
       "adminConsentDescription": "Allow the application to access a subset of files without a signed in user.  The specific files and the permissions granted will be configured in SharePoint Online or OneDrive.",
       "adminConsentDisplayName": "Access selected Files without a signed in user.",
@@ -9741,6 +9774,19 @@
       "isEnabled": true,
       "value": "Policy.ReadWrite.CrossTenantAccess"
     },
+    {
+      "adminConsentDescription": "Allows the app to read and write your organization's M365 cross tenant access capabilities without a signed-in user.",
+      "adminConsentDisplayName": "Read and write your organization's M365 cross tenant access capabilities",
+      "allowedMemberTypes": [
+        "Application"
+      ],
+      "consentDescription": null,
+      "consentDisplayName": null,
+      "id": "a6325ae7-2b73-4dbd-abed-fbeacfbf8696",
+      "isAdmin": true,
+      "isEnabled": true,
+      "value": "Policy.ReadWrite.CrossTenantCapability"
+    },
     {
       "adminConsentDescription": "Allows the app to read all external items without a signed-in user.",
       "adminConsentDisplayName": "Read all external items",
diff --git a/sample-queries/sample-queries.json b/sample-queries/sample-queries.json
@@ -1851,7 +1851,7 @@
       "method": "GET",
       "humanName": "list articles",
       "requestUrl": "/beta/security/threatIntelligence/articles",
-      "docLink": "https://learn.microsoft.com/en-us/graph/api/security-article-list?view=graph-rest-beta",
+      "docLink": "https://learn.microsoft.com/en-us/graph/api/security-threatintelligence-list-articles?view=graph-rest-beta",
       "skipTest": false
     },
     {
@@ -1995,7 +1995,7 @@
       "method": "GET",
       "humanName": "list intelligence profiles",
       "requestUrl": "/beta/security/threatIntelligence/intelProfiles",
-      "docLink": "https://learn.microsoft.com/en-us/graph/api/security-intelligenceprofile-list?view=graph-rest-beta",
+      "docLink": "https://learn.microsoft.com/en-us/graph/api/security-threatintelligence-list-intelprofiles?view=graph-rest-beta",
       "skipTest": false
     },
     {
