Weekly Permissions sync 2026-01-20 (#1412)

marabooy · web-flow · commit 7f892e596188 · 2026-01-20T11:59:21.000-05:00
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -11463,6 +11463,7 @@
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/start": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/stop": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/cloudpcs/{id}/troubleshoot": "least=DelegatedWork,Application",
+            "/devicemanagement/virtualendpoint/deviceimages/{id}/retryUpload": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/deviceimages/{id}/reupload": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/onpremisesconnections/{id}/updateaddomainpassword": "least=DelegatedWork,Application",
             "/devicemanagement/virtualendpoint/provisioningpolicies/{id}/assign": "least=DelegatedWork,Application",
@@ -32212,7 +32213,7 @@
           "adminDescription": "Allows the app to read the user's mailbox folders, on behalf of the the signed-in user.",
           "userDisplayName": "Read your mailbox folders",
           "userDescription": "Allows the app to read your mailbox folders, on your behalf",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 2
         }
       },
@@ -32270,7 +32271,7 @@
           "adminDescription": "Allows the app to read and write the user's mailbox folders, on behalf of the the signed-in user.",
           "userDisplayName": "Read and write your mailbox folders",
           "userDescription": "Allows the app to read and write your mailbox folders, on your behalf",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 2
         }
       },
@@ -32346,6 +32347,62 @@
         "ownerSecurityGroup": "stisaprvc"
       }
     },
+    "MailboxItem.Export": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Export a user's mailbox items",
+          "adminDescription": "Allows the app to export the user's mailbox items, on behalf of the the signed-in user.",
+          "userDisplayName": "Export your mailbox items",
+          "userDescription": "Allows the app to export your mailbox items, on your behalf",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 2
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/admin/exchange/mailboxes/{id}/exportItems": "least=DelegatedWork"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "stisaprvc"
+      }
+    },
+    "MailboxItem.Export.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "Application": {
+          "adminDisplayName": "Export all the users' mailbox items",
+          "adminDescription": "Allows the app to export all the users' mailbox items, without signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "Application"
+          ],
+          "methods": [
+            "POST"
+          ],
+          "paths": {
+            "/admin/exchange/mailboxes/{id}/exportItems": "least=Application"
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "stisaprvc"
+      }
+    },
     "MailboxItem.ImportExport": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -32354,7 +32411,7 @@
           "adminDescription": "Allows the app to export and import the user's mailbox items, on behalf of the the signed-in user.",
           "userDisplayName": "Export and import your mailbox items",
           "userDescription": "Allows the app to export and import your mailbox items, on your behalf",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 2
         }
       },
@@ -32412,7 +32469,7 @@
           "adminDescription": "Allows the app to read the user's mailbox items, on behalf of the the signed-in user.",
           "userDisplayName": "Read your mailbox items",
           "userDescription": "Allows the app to read your mailbox items, on your behalf",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 2
         }
       },
@@ -36904,8 +36961,11 @@
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/identitysynchronization": "least=DelegatedWork,Application",
@@ -36915,9 +36975,12 @@
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMigration": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application",
             "/policies/defaultappmanagementpolicy": "least=DelegatedWork,Application",
             "/policies/externalidentitiespolicy": "least=DelegatedWork,Application",
             "/policies/homerealmdiscoverypolicies": "least=DelegatedWork,Application",
@@ -38539,8 +38602,11 @@
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application"
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/default/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application"
           }
         },
         {
@@ -38559,9 +38625,12 @@
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyDetail": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusyReviewer": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantCalendarSharingFreeBusySimple": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTips": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsAll": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMailTipsLimited": "least=DelegatedWork,Application",
             "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantMigration": "least=DelegatedWork,Application",
-            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application"
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantOpenProfileCard": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesDeskBooking": "least=DelegatedWork,Application",
+            "/policies/crosstenantaccesspolicy/partners/{id}/m365Capabilities/crossTenantPlacesRoomBooking": "least=DelegatedWork,Application"
           }
         }
       ],
@@ -60640,6 +60709,7 @@
             "/admin/windows/updates/knownIssues/{id}": "least=DelegatedWork,Application",
             "/admin/windows/updates/knownIssues/Default.findByKbNumber(kbNumber={kbNumber})": "least=DelegatedWork,Application",
             "/admin/windows/updates/knownIssues/findByKbNumber(kbNumber={kbNumber})": "least=DelegatedWork,Application",
+            "/admin/windows/updates/policies/{id}/applicableContent": "least=DelegatedWork,Application",
             "/admin/windows/updates/products": "least=DelegatedWork,Application",
             "/admin/windows/updates/products/{id}": "least=DelegatedWork,Application",
             "/admin/windows/updates/products/{id}/Default.getKnownIssuesByTimeRange(daysInPast={daysInPast},includeAllActive={includeAllActive})": "least=DelegatedWork,Application",
diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json
@@ -586,6 +586,24 @@
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       }
     ],
+    "AgentIdentityBlueprintPrincipal.ReadWrite.ManagedBy": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
     "Agreement.Read.All": [
       {
         "id": "af2819c9-df71-4dd3-ade7-4d7c9dc653b7",
@@ -5816,7 +5834,7 @@
         "resourceAppId": ""
       }
     ],
-    "EntraBackup.Read.Preview": [
+    "EntraBackup.Read.All": [
       {
         "id": "c16f30f0-3121-4976-bafe-66cb042f4f80",
         "scheme": "Application",
@@ -8468,10 +8486,11 @@
     ],
     "MailboxItem.Export": [
       {
+        "id": "58d3e7fa-3ce9-4a0c-9baa-0971f64709d9",
         "scheme": "DelegatedWork",
         "environment": "PPE;public",
-        "isHidden": true,
-        "isEnabled": false,
+        "isHidden": false,
+        "isEnabled": true,
         "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
       }
     ],
@@ -8487,10 +8506,11 @@
     ],
     "MailboxItem.Export.All": [
       {
+        "id": "937550e9-33a3-494b-88ae-d9cd394b1fbb",
         "scheme": "Application",
         "environment": "PPE;public",
-        "isHidden": true,
-        "isEnabled": false,
+        "isHidden": false,
+        "isEnabled": true,
         "resourceAppId": "c999ed3e-27ae-4cb3-b3a2-46b056af63d3"
       }
     ],
@@ -13623,6 +13643,24 @@
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       }
     ],
+    "AgentIdentity.ReadWrite.ManagedBy": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
     "ServicePrincipal.Manage.OwnedBy": [
       {
         "id": "6930b171-5cf8-4865-ba0f-cfce959d1bca",
@@ -16607,6 +16645,24 @@
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       }
     ],
+    "AgentIdUser.ReadWrite.ManagedBy": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
     "User.RevokeSessions.All": [
       {
         "id": "fc30e98b-8810-4501-81f5-c20a3196387b",
