Merge pull request #940 from microsoftgraph/dev

millicentachieng · web-flow · commit 635c3fd114c7 · 2025-01-02T11:22:04.000+03:00
Merge dev into master
diff --git a/permissions/new/ProvisioningInfo.json b/permissions/new/ProvisioningInfo.json
@@ -5266,6 +5266,24 @@
                 "resourceAppId": ""
             }
         ],
+        "FormsBody.ReadWrite.All": [
+            {
+                "id": "",
+                "scheme": "DelegatedWork",
+                "environment": "public",
+                "isHidden": true,
+                "isEnabled": true,
+                "resourceAppId": "c9a559d2-7aab-4f13-a6ed-e7e9c52aec87"
+            },
+            {
+                "id": "",
+                "scheme": "Application",
+                "environment": "public",
+                "isHidden": true,
+                "isEnabled": true,
+                "resourceAppId": "c9a559d2-7aab-4f13-a6ed-e7e9c52aec87"
+            }
+        ],
         "Goals-Export.Read.All": [
             {
                 "scheme": "DelegatedWork",
@@ -10077,15 +10095,15 @@
                 "id": "dd689728-6eb8-4deb-bd38-2924a935f3de",
                 "scheme": "DelegatedWork",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740"
             },
             {
                 "id": "4d6e30d1-e64e-4ae7-bf9d-c706cc928cef",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740"
             }
@@ -10167,15 +10185,15 @@
                 "id": "d8914f8f-9f64-4bd1-b4d3-f5a701ed8457",
                 "scheme": "DelegatedWork",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740"
             },
             {
                 "id": "8b7e8c0a-7e9d-4049-97ec-04b5e1bcaf05",
                 "scheme": "Application",
                 "environment": "public",
-                "isHidden": true,
+                "isHidden": false,
                 "isEnabled": true,
                 "resourceAppId": "8ee8fdad-f234-4243-8f3b-15c294843740"
             }
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -36389,6 +36389,44 @@
         "ownerSecurityGroup": "cpcgraph"
       }
     },
+    "RoleManagement.Read.Defender": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read M365 Defender RBAC configuration",
+          "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.",
+          "userDisplayName": "Read M365 Defender RBAC configuration",
+          "userDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": "Read M365 Defender RBAC configuration",
+          "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/rolemanagement/defender/roleassignments": "least=DelegatedWork,Application",
+            "/rolemanagement/defender/roleassignments/{id}": "least=DelegatedWork,Application",
+            "/rolemanagement/defender/roledefinitions": "least=DelegatedWork,Application",
+            "/rolemanagement/defender/roledefinitions/{id}": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "mdatpUrbac"
+      }
+    },
     "RoleManagement.Read.Directory": {
       "schemes": {
         "DelegatedWork": {
@@ -36595,6 +36633,71 @@
         "ownerSecurityGroup": "cpcgraph"
       }
     },
+    "RoleManagement.ReadWrite.Defender": {
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Read M365 Defender RBAC configuration",
+          "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.",
+          "userDisplayName": "Read M365 Defender RBAC configuration",
+          "userDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading M365 Defender role definitions and role assignments.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": "Read M365 Defender RBAC configuration",
+          "adminDescription": "Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/roleManagement/defender/roleassignments": "",
+            "/roleManagement/defender/roleassignments/{id}": "",
+            "/rolemanagement/defender/roledefinitions": "",
+            "/rolemanagement/defender/roledefinitions/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/roleManagement/defender/roleassignments": "least=DelegatedWork,Application",
+            "/rolemanagement/defender/roledefinitions": "least=DelegatedWork,Application"
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "DELETE",
+            "PATCH"
+          ],
+          "paths": {
+            "/roleManagement/defender/roleassignments/{id}": "least=DelegatedWork,Application",
+            "/rolemanagement/defender/roledefinitions/{id}": "least=DelegatedWork,Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "mdatpUrbac"
+      }
+    },
     "RoleManagement.ReadWrite.Directory": {
       "schemes": {
         "DelegatedWork": {
@@ -47977,9 +48080,9 @@
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Read and write access to user profile",
-          "adminDescription": "Allows the app to read your profile. It also allows the app to update your profile information on your behalf.",
+          "adminDescription": "Allows the app to read your profile and basic company information. It also allows the app to update your profile information on your behalf.",
           "userDisplayName": "Read and update your profile",
-          "userDescription": "Allows the app to read your profile, and discover your group membership, reports and manager. It also allows the app to update your profile information on your behalf.",
+          "userDescription": "Allows the app to read your profile and basic company information, and discover your group membership, reports and manager. It also allows the app to update your profile information on your behalf.",
           "requiresAdminConsent": false,
           "privilegeLevel": 3
         },
@@ -48311,15 +48414,15 @@
       "schemes": {
         "DelegatedWork": {
           "adminDisplayName": "Read and write all users' full profiles",
-          "adminDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.",
+          "adminDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, and read basic company properties, on behalf of the signed-in user.",
           "userDisplayName": "Read and write all users' full profiles",
-          "userDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on your behalf.",
+          "userDescription": "Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, and read basic company properties, on your behalf.",
           "requiresAdminConsent": true,
           "privilegeLevel": 4
         },
         "Application": {
           "adminDisplayName": "Read and write all users' full profiles",
-          "adminDescription": "Allows the app to read and update user profiles without a signed in user.",
+          "adminDescription": "Allows the app to read and update user profiles and read basic company properties without a signed in user.",
           "requiresAdminConsent": true,
           "privilegeLevel": 4
         }
