Weekly Permissions sync 2026-01-19 #1410
Conversation
There was a problem hiding this comment.
Pull request overview
This PR performs a weekly permissions synchronization that updates permission configurations for Microsoft Graph API scopes. The changes include adding new agent identity permissions, renaming an Entra backup permission, enabling mailbox export capabilities, and refining cross-tenant access policy paths.
Changes:
- Added three new agent identity-related permissions with Application and DelegatedWork schemes
- Renamed EntraBackup.Read.Preview to EntraBackup.Read.All
- Enabled and added IDs to MailboxItem.Export permissions with new full definitions
- Updated requiresAdminConsent to true for several mailbox-related permissions
- Refined cross-tenant access policy paths for MailTips and Places booking capabilities
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Added provisioning info for new agent identity permissions, renamed EntraBackup permission, and enabled MailboxItem export permissions with IDs |
| permissions/new/permissions.json | Added full definitions for MailboxItem export permissions, updated admin consent requirements, refined cross-tenant policy paths, and added Windows updates policy path |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
| "schemes": { | ||
| "DelegatedWork": { | ||
| "adminDisplayName": "Export a user's mailbox items", | ||
| "adminDescription": "Allows the app to export the user's mailbox items, on behalf of the the signed-in user.", |
There was a problem hiding this comment.
There's a double article "the the" in the admin description. It should be "on behalf of the signed-in user" instead of "on behalf of the the signed-in user".
| ], | ||
| "AgentIdentityBlueprintPrincipal.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
| ], | ||
| "AgentIdentity.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
| "resourceAppId": "00000002-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
| ], | ||
| "AgentIdUser.ReadWrite.ManagedBy": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The "id" field is empty for this permission entry. All permission entries should have a valid GUID identifier to uniquely identify the permission scope.
Weekly Permissions sync 2026-01-19