Weekly Permissions sync 2026-02-20 (#1447)

marabooy · web-flow · commit 8133ee2ad5bc · 2026-02-20T16:43:25.000-05:00
diff --git a/permissions/new/permissions.json b/permissions/new/permissions.json
@@ -13783,15 +13783,15 @@
           "userDisplayName": "View your list of devices",
           "userDescription": "Allows the app to see your list of devices.",
           "requiresAdminConsent": false,
-          "privilegeLevel": 2
+          "privilegeLevel": 1
         },
         "DelegatedPersonal": {
           "adminDisplayName": "Read user devices",
           "adminDescription": "Allows the app to read a user's list of devices on behalf of the signed-in user.",
           "userDisplayName": "View your list of devices",
           "userDescription": "Allows the app to see your list of devices.",
           "requiresAdminConsent": false,
-          "privilegeLevel": 2
+          "privilegeLevel": 1
         }
       },
       "pathSets": [
@@ -13809,7 +13809,7 @@
         }
       ],
       "ownerInfo": {
-        "ownerSecurityGroup": "afsadmins"
+        "ownerSecurityGroup": "adrsmsgraph"
       }
     },
     "Device.Read.All": {
@@ -13821,21 +13821,21 @@
           "userDisplayName": "Read all devices",
           "userDescription": "Allows the app to read devices' configuration information on your behalf.",
           "requiresAdminConsent": true,
-          "privilegeLevel": 3
+          "privilegeLevel": 2
         },
         "DelegatedPersonal": {
           "adminDisplayName": "Read all devices",
           "adminDescription": "Allows the app to read your organization's devices' configuration information on behalf of the signed-in user.",
           "userDisplayName": "Read all devices",
           "userDescription": "Allows the app to read devices' configuration information on your behalf.",
           "requiresAdminConsent": true,
-          "privilegeLevel": 3
+          "privilegeLevel": 2
         },
         "Application": {
           "adminDisplayName": "Read all devices",
           "adminDescription": "Allows the app to read your organization's devices' configuration information without a signed-in user.",
           "requiresAdminConsent": true,
-          "privilegeLevel": 4
+          "privilegeLevel": 3
         }
       },
       "pathSets": [
@@ -13915,7 +13915,7 @@
         }
       ],
       "ownerInfo": {
-        "ownerSecurityGroup": "devicesapprovers"
+        "ownerSecurityGroup": "adrsmsgraph"
       }
     },
     "Device.ReadWrite.All": {
@@ -13925,7 +13925,7 @@
           "adminDisplayName": "Read and write devices",
           "adminDescription": "Allows the app to read and write all device properties without a signed in user.  Does not allow device creation, device deletion or update of device alternative security identifiers.",
           "requiresAdminConsent": true,
-          "privilegeLevel": 4
+          "privilegeLevel": 3
         }
       },
       "pathSets": [
@@ -14047,7 +14047,7 @@
         }
       ],
       "ownerInfo": {
-        "ownerSecurityGroup": "IdentityReq"
+        "ownerSecurityGroup": "adrsmsgraph"
       }
     },
     "DeviceLocalCredential.Read.All": {
@@ -27714,6 +27714,55 @@
         "ownerSecurityGroup": "AADGroupsPreAuth"
       }
     },
+    "Group.ManageProtection.All": {
+      "authorizationType": "oAuth2",
+      "schemes": {
+        "DelegatedWork": {
+          "adminDisplayName": "Manage the Microsoft Information Protection (MIP) label for M365 and security groups.",
+          "adminDescription": "Allows the app to list groups, and to read their basic properties and manage the MIP label for all label enabled groups on behalf of the signed-in user. ",
+          "userDisplayName": "Manage group label.",
+          "userDescription": "Allows the app to list groups, to read their properties, and manage the MIP label on your behalf.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 3
+        },
+        "Application": {
+          "adminDisplayName": "Manage the Microsoft Information Protection (MIP) label for M365 and security groups.",
+          "adminDescription": "Allows the app to list groups, and to read their basic properties and manage the MIP label for all label enabled groups without a signed-in user.",
+          "requiresAdminConsent": true,
+          "privilegeLevel": 4
+        }
+      },
+      "pathSets": [
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "GET"
+          ],
+          "paths": {
+            "/groups": "",
+            "/groups/{id}": ""
+          }
+        },
+        {
+          "schemeKeys": [
+            "DelegatedWork",
+            "Application"
+          ],
+          "methods": [
+            "PATCH"
+          ],
+          "paths": {
+            "/groups/{id}": ""
+          }
+        }
+      ],
+      "ownerInfo": {
+        "ownerSecurityGroup": "AADGroupsPreAuth"
+      }
+    },
     "Group.Read.All": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -53889,7 +53938,7 @@
             "DELETE"
           ],
           "paths": {
-            "/users/{user-id | user-principal-name}/chats/{chat-id}/targetedMessages/{message-id}": "least=DelegatedWork"
+            "/users/{id}/chats/{id}/targetedMessages/{id}": "least=DelegatedWork"
           }
         },
         {
@@ -53900,7 +53949,7 @@
             "POST"
           ],
           "paths": {
-            "/users/{user-id | user-principal-name}/teamwork/deleteTargetedMessage": "least=DelegatedWork"
+            "/users/{id}/teamwork/deleteTargetedMessage": "least=DelegatedWork"
           }
         }
       ],
diff --git a/permissions/new/provisioningInfo.json b/permissions/new/provisioningInfo.json
@@ -3814,6 +3814,42 @@
         "resourceAppId": ""
       }
     ],
+    "CrossTenantRoleAssignment.Create": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
+    "CrossTenantRoleAssignment.Delete": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
     "CrossTenantUserProfileSharing.Read": [
       {
         "id": "cb1ba48f-d22b-4325-a07f-74135a62ee41",
@@ -4621,7 +4657,25 @@
         "environment": "public",
         "isHidden": true,
         "isEnabled": true,
-        "resourceAppId": ""
+        "resourceAppId": "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"
+      }
+    ],
+    "Device.DisableAccount.All": [
+      {
+        "id": "321cb472-c68b-485c-bb46-3a817eaef927",
+        "scheme": "DelegatedWork",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"
+      },
+      {
+        "id": "f1ca1df2-90bb-4733-94c0-b96d094f918a",
+        "scheme": "Application",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"
       }
     ],
     "Device.EnableDisableAccount.All": [
@@ -4631,15 +4685,15 @@
         "environment": "public",
         "isHidden": true,
         "isEnabled": true,
-        "resourceAppId": ""
+        "resourceAppId": "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"
       },
       {
         "id": "73b12cfb-f4a6-47f6-b7a0-10f514d668ad",
         "scheme": "Application",
         "environment": "public",
         "isHidden": true,
         "isEnabled": true,
-        "resourceAppId": ""
+        "resourceAppId": "01cb2876-7ebd-4aa4-9cc9-d28bd4d359a9"
       }
     ],
     "Device.ProvisionForVDI": [
@@ -6825,15 +6879,15 @@
         "id": "36263ed6-285e-4f84-b25a-62ec2ba17d29",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       },
       {
         "id": "60f8cea0-2476-45c9-ab18-70e79e60ad14",
         "scheme": "Application",
         "environment": "public",
-        "isHidden": true,
+        "isHidden": false,
         "isEnabled": true,
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       }
@@ -7146,6 +7200,78 @@
         "resourceAppId": ""
       }
     ],
+    "IdentityDiagnostic.Read": [
+      {
+        "id": "f5b84bd9-6ffb-41bf-a2d2-644bcb35a835",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      },
+      {
+        "id": "7d41d790-4257-4307-8643-9a6da6750b69",
+        "scheme": "DelegatedPersonal",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      }
+    ],
+    "IdentityDiagnostic.Read.All": [
+      {
+        "id": "ba48ac7b-52a2-40f3-9003-acc2ef9f76f7",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      },
+      {
+        "id": "50665eca-92bc-491e-ac38-6135593a721b",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      }
+    ],
+    "IdentityDiagnostic.StartDiagnosis": [
+      {
+        "id": "001f3e87-728f-4372-b285-000198ae3b91",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      },
+      {
+        "id": "cae54ae3-5d80-4001-940b-913bcf35c538",
+        "scheme": "DelegatedPersonal",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      }
+    ],
+    "IdentityDiagnostic.StartDiagnosis.All": [
+      {
+        "id": "0fa62088-c970-47a9-8863-f7f87b94eef6",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      },
+      {
+        "id": "3bc0526d-f5d7-435b-b12b-93f8d4495b77",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "a57aca87-cbc0-4f3c-8b9e-dc095fdc8978"
+      }
+    ],
     "IdentityRiskEvent.Read.All": [
       {
         "id": "8f6a01e7-0391-4ee5-aa22-a3af122cef27",
@@ -8628,6 +8754,34 @@
         "resourceAppId": ""
       }
     ],
+    "MailTips.ReadBasic.All": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0ff1-ce00-000000000000"
+      }
+    ],
+    "MailTips.ReadBasic.Shared": [
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0ff1-ce00-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedPersonal",
+        "environment": "public",
+        "isHidden": true,
+        "isEnabled": true,
+        "resourceAppId": "00000002-0000-0ff1-ce00-000000000000"
+      }
+    ],
     "ManagedIdentity.Create": [
       {
         "id": "d419de8c-f1db-4863-8142-8092157a73ab",
