From 21abd21622aa86795edfe44657192690629d652c Mon Sep 17 00:00:00 2001 From: Merill Fernando Date: Wed, 11 Dec 2024 17:40:13 +0000 Subject: [PATCH] Daily automation --- _info/GraphAppRoles.csv | 4 +++ _info/GraphAppRoles.json | 48 ++++++++++++++++++++++++++++ _info/GraphDelegateRoles.csv | 5 +++ _info/GraphDelegateRoles.json | 60 +++++++++++++++++++++++++++++++++++ 4 files changed, 117 insertions(+) diff --git a/_info/GraphAppRoles.csv b/_info/GraphAppRoles.csv index 760f4b4..f722013 100644 --- a/_info/GraphAppRoles.csv +++ b/_info/GraphAppRoles.csv @@ -137,6 +137,8 @@ "e330c4f0-4170-414e-a55a-2f022ec2b57b","DeviceManagementRBAC.ReadWrite.All","Read and write Microsoft Intune RBAC settings","Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user." "06a5fe6d-c49d-46a7-b082-56b1b14103c7","DeviceManagementServiceConfig.Read.All","Read Microsoft Intune configuration","Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user." "5ac13192-7ace-4fcf-b828-1a26f28068ee","DeviceManagementServiceConfig.ReadWrite.All","Read and write Microsoft Intune configuration","Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user." +"dd9febb5-0c6d-419f-b256-3afe12c6adeb","DeviceTemplate.Read.All","Read all device templates","Allows the app to read all device templates, without a signed-in user." +"9fadb66e-6421-4744-aede-4ab6fb98a884","DeviceTemplate.ReadWrite.All","Read and write all device templates","Allows the app to create, read, update and delete any device template, without a signed-in user. It also allows the app to add or remove owners on any device template." "7ab1d382-f21e-4acd-a863-ba3e13f7da61","Directory.Read.All","Read directory data","Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user." "19dbc75e-c2e2-444c-a770-ec69d8559fc7","Directory.ReadWrite.All","Read and write directory data","Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion." "ae73097b-cb2a-4447-b064-5d80f6093921","DirectoryRecommendations.Read.All","Read all Azure AD recommendations","Allows the app to read all Azure AD recommendations, without a signed-in user." @@ -246,6 +248,8 @@ "4f994bc0-31bb-44bb-b480-7a7c1be8c02e","MultiTenantOrganization.Read.All","Read all multi-tenant organization details and tenants","Allows the app to read all multi-tenant organization details and tenants, without a signed-in user." "f9c2b2a7-3895-4b2e-80f6-c924b456e50b","MultiTenantOrganization.ReadBasic.All","Read multi-tenant organization basic details and active tenants","Allows the app to read multi-tenant organization basic details and active tenants, without a signed-in user." "920def01-ca61-4d2d-b3df-105b46046a70","MultiTenantOrganization.ReadWrite.All","Read and write all multi-tenant organization details and tenants","Allows the app to read and write all multi-tenant organization details and tenants, without a signed-in user." +"6daaff82-2880-496d-9d80-57e8e31195e2","MutualTlsOauthConfiguration.Read.All","Read all configurations used for mutual-TLS client authentication.","Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, without a signed-in user. This includes reading trusted certificate authorities." +"78bbf8cf-07d8-45ba-b0eb-1a7b48efbcf1","MutualTlsOauthConfiguration.ReadWrite.All","Read and write all configurations used for mutual-TLS client authentication.","Allows the app to read and update configuration used for OAuth 2.0 mutual-TLS client authentication, without a signed-in user. This includes reading and updating trusted certificate authorities." "40049381-3cc1-42af-94ec-5ce755db4b0d","NetworkAccess-Reports.Read.All","Read all network access reports","Allows the app to read all network access reports without a signed-in user." "e30060de-caa5-4331-99d3-6ac6c966a9a4","NetworkAccess.Read.All","Read all network access information","Allows the app to read all network access information and configuration settings without a signed-in user." "b10642fc-a6cf-4c46-87f9-e1f96c2a18aa","NetworkAccess.ReadWrite.All","Read and write all network access information","Allows the app to read and write all network access information and configuration settings without a signed-in user." diff --git a/_info/GraphAppRoles.json b/_info/GraphAppRoles.json index f3f57ac..091556e 100644 --- a/_info/GraphAppRoles.json +++ b/_info/GraphAppRoles.json @@ -1655,6 +1655,30 @@ "Value": "DeviceManagementServiceConfig.ReadWrite.All", "AdditionalProperties": {} }, + { + "AllowedMemberTypes": [ + "Application" + ], + "Description": "Allows the app to read all device templates, without a signed-in user.", + "DisplayName": "Read all device templates", + "Id": "dd9febb5-0c6d-419f-b256-3afe12c6adeb", + "IsEnabled": true, + "Origin": "Application", + "Value": "DeviceTemplate.Read.All", + "AdditionalProperties": {} + }, + { + "AllowedMemberTypes": [ + "Application" + ], + "Description": "Allows the app to create, read, update and delete any device template, without a signed-in user. It also allows the app to add or remove owners on any device template.", + "DisplayName": "Read and write all device templates", + "Id": "9fadb66e-6421-4744-aede-4ab6fb98a884", + "IsEnabled": true, + "Origin": "Application", + "Value": "DeviceTemplate.ReadWrite.All", + "AdditionalProperties": {} + }, { "AllowedMemberTypes": [ "Application" @@ -2963,6 +2987,30 @@ "Value": "MultiTenantOrganization.ReadWrite.All", "AdditionalProperties": {} }, + { + "AllowedMemberTypes": [ + "Application" + ], + "Description": "Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, without a signed-in user. This includes reading trusted certificate authorities.", + "DisplayName": "Read all configurations used for mutual-TLS client authentication.", + "Id": "6daaff82-2880-496d-9d80-57e8e31195e2", + "IsEnabled": true, + "Origin": "Application", + "Value": "MutualTlsOauthConfiguration.Read.All", + "AdditionalProperties": {} + }, + { + "AllowedMemberTypes": [ + "Application" + ], + "Description": "Allows the app to read and update configuration used for OAuth 2.0 mutual-TLS client authentication, without a signed-in user. This includes reading and updating trusted certificate authorities.", + "DisplayName": "Read and write all configurations used for mutual-TLS client authentication.", + "Id": "78bbf8cf-07d8-45ba-b0eb-1a7b48efbcf1", + "IsEnabled": true, + "Origin": "Application", + "Value": "MutualTlsOauthConfiguration.ReadWrite.All", + "AdditionalProperties": {} + }, { "AllowedMemberTypes": [ "Application" diff --git a/_info/GraphDelegateRoles.csv b/_info/GraphDelegateRoles.csv index 973f833..ec0f231 100644 --- a/_info/GraphDelegateRoles.csv +++ b/_info/GraphDelegateRoles.csv @@ -130,6 +130,7 @@ "a197cdc4-a8e8-4d49-9d35-4ca7c83887b4","DelegatedPermissionGrant.Read.All","Read delegated permission grants","Allows the app to read delegated permission grants, on behalf of the signed in user." "41ce6ca6-6826-4807-84f1-1c82854f7ee5","DelegatedPermissionGrant.ReadWrite.All","Manage all delegated permission grants","Allows the app to manage permission grants for delegated permissions exposed by any API (including Microsoft Graph), on behalf of the signed in user." "bac3b9c2-b516-4ef4-bd3b-c2ef73d8d804","Device.Command","Communicate with user devices","Allows the app to launch another app or communicate with another app on a user's device on behalf of the signed-in user." +"edc92e89-a987-48a9-911a-a7b1967dd7b1","Device.CreateFromOwnedTemplate","Create devices based on owned device templates","Allows the app to create device objects based on device templates owned by the signed-in user, on behalf of the signed in user." "11d4cd79-5ba5-460f-803f-e22c8ab85ccd","Device.Read","Read user devices","Allows the app to read a user's list of devices on behalf of the signed-in user." "951183d1-1a61-466f-a6d1-1fde911bfd95","Device.Read.All","Read all devices","Allows the app to read your organization's devices' configuration information on behalf of the signed-in user." "280b3b69-0437-44b1-bc20-3b2fca1ee3e9","DeviceLocalCredential.Read.All","Read device local credential passwords","Allows the app to read device local credential properties including passwords, on behalf of the signed-in user." @@ -147,6 +148,8 @@ "0c5e8a55-87a6-4556-93ab-adc52c4d862d","DeviceManagementRBAC.ReadWrite.All","Read and write Microsoft Intune RBAC settings","Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings." "8696daa5-bce5-4b2e-83f9-51b6defc4e1e","DeviceManagementServiceConfig.Read.All","Read Microsoft Intune configuration","Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration." "662ed50a-ac44-4eef-ad86-62eed9be2a29","DeviceManagementServiceConfig.ReadWrite.All","Read and write Microsoft Intune configuration","Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration." +"2bcae0b0-aa93-48e4-a9e4-855482dffdcd","DeviceTemplate.Read.All","Read all device templates","Allows the app to read all device templates, on behalf of the signed in user." +"2d372e98-f1ae-406c-a157-2ea83f6f5e4a","DeviceTemplate.ReadWrite.All","Read and write all device templates","Allows the app to create, read, update and delete the device template, on behalf of the signed in user. It also allows the app to add or remove owners on any device template." "0e263e50-5827-48a4-b97c-d940288653c7","Directory.AccessAsUser.All","Access directory as the signed in user","Allows the app to have the same access to information in the directory as the signed-in user." "06da0dbc-49e2-44d2-8312-53f166ab848a","Directory.Read.All","Read directory data","Allows the app to read data in your organization's directory, such as users, groups and apps." "c5366453-9fb0-48a5-a156-24f0c49a4b84","Directory.ReadWrite.All","Read and write directory data","Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords." @@ -267,6 +270,8 @@ "526aa72a-5878-49fe-bf4e-357973af9b06","MultiTenantOrganization.Read.All","Read multi-tenant organization details and tenants","Allows the app to read multi-tenant organization details and tenants on behalf of the signed-in user." "225db56b-15b2-4daa-acb3-0eec2bbe4849","MultiTenantOrganization.ReadBasic.All","Read multi-tenant organization basic details and active tenants","Allows the app to read multi-tenant organization basic details and active tenants on behalf of the signed-in user." "77af1528-84f3-4023-8d90-d219cd433108","MultiTenantOrganization.ReadWrite.All","Read and write multi-tenant organization details and tenants","Allows the app to read and write multi-tenant organization details and tenants on behalf of the signed-in user." +"51ae584e-e736-4718-897b-10af70f8e3cc","MutualTlsOauthConfiguration.Read.All","Read all configurations used for mutual-TLS client authentication.","Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes reading trusted certificate authorities." +"a51115bc-f64f-498f-bcee-00dcd28f4a03","MutualTlsOauthConfiguration.ReadWrite.All","Read and write all configurations used for mutual-TLS client authentication.","Allows the app to read and update configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes adding and updating trusted certificate authorities." "b0c61509-cfc3-42bd-9bd4-66d81785fee4","NetworkAccess-Reports.Read.All","Read all network access reports","Allows the app to read all network access reports on behalf of the signed-in user." "2f7013e0-ab4e-447f-a5e1-5d419950692d","NetworkAccess.Read.All","Read all network access information","Allows the app to read all network access information on behalf of the signed-in user." "ae2df9c5-f18d-4ec4-a51b-bdeb807f177b","NetworkAccess.ReadWrite.All","Read and write all network access information","Allows the app to read and write all network access information and configuration settings on behalf of the signed-in user." diff --git a/_info/GraphDelegateRoles.json b/_info/GraphDelegateRoles.json index ba34ab0..4e8886b 100644 --- a/_info/GraphDelegateRoles.json +++ b/_info/GraphDelegateRoles.json @@ -1571,6 +1571,18 @@ "Value": "Device.Command", "AdditionalProperties": {} }, + { + "AdminConsentDescription": "Allows the app to create device objects based on device templates owned by the signed-in user, on behalf of the signed in user.", + "AdminConsentDisplayName": "Create devices based on owned device templates", + "Id": "edc92e89-a987-48a9-911a-a7b1967dd7b1", + "IsEnabled": true, + "Origin": null, + "Type": "Admin", + "UserConsentDescription": "Allows the app to create device objects based on device templates you own, on your behalf.", + "UserConsentDisplayName": "Create devices based on device templates you own", + "Value": "Device.CreateFromOwnedTemplate", + "AdditionalProperties": {} + }, { "AdminConsentDescription": "Allows the app to read a user's list of devices on behalf of the signed-in user.", "AdminConsentDisplayName": "Read user devices", @@ -1775,6 +1787,30 @@ "Value": "DeviceManagementServiceConfig.ReadWrite.All", "AdditionalProperties": {} }, + { + "AdminConsentDescription": "Allows the app to read all device templates, on behalf of the signed in user.", + "AdminConsentDisplayName": "Read all device templates", + "Id": "2bcae0b0-aa93-48e4-a9e4-855482dffdcd", + "IsEnabled": true, + "Origin": null, + "Type": "Admin", + "UserConsentDescription": "Allows the app to read all device templates, on your behalf.", + "UserConsentDisplayName": "Read all device templates", + "Value": "DeviceTemplate.Read.All", + "AdditionalProperties": {} + }, + { + "AdminConsentDescription": "Allows the app to create, read, update and delete the device template, on behalf of the signed in user. It also allows the app to add or remove owners on any device template.", + "AdminConsentDisplayName": "Read and write all device templates", + "Id": "2d372e98-f1ae-406c-a157-2ea83f6f5e4a", + "IsEnabled": true, + "Origin": null, + "Type": "Admin", + "UserConsentDescription": "Allows the app to create, read, update and delete any device template, on your behalf. It also allows the app to add or remove owners on any device template.", + "UserConsentDisplayName": "Read and write all device templates", + "Value": "DeviceTemplate.ReadWrite.All", + "AdditionalProperties": {} + }, { "AdminConsentDescription": "Allows the app to have the same access to information in the directory as the signed-in user.", "AdminConsentDisplayName": "Access directory as the signed in user", @@ -3215,6 +3251,30 @@ "Value": "MultiTenantOrganization.ReadWrite.All", "AdditionalProperties": {} }, + { + "AdminConsentDescription": "Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes reading trusted certificate authorities.", + "AdminConsentDisplayName": "Read all configurations used for mutual-TLS client authentication.", + "Id": "51ae584e-e736-4718-897b-10af70f8e3cc", + "IsEnabled": true, + "Origin": null, + "Type": "Admin", + "UserConsentDescription": "Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, on your behalf. This includes reading trusted certificate authorities.", + "UserConsentDisplayName": "Read all configurations used for mutual-TLS client authentication.", + "Value": "MutualTlsOauthConfiguration.Read.All", + "AdditionalProperties": {} + }, + { + "AdminConsentDescription": "Allows the app to read and update configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes adding and updating trusted certificate authorities.", + "AdminConsentDisplayName": "Read and write all configurations used for mutual-TLS client authentication.", + "Id": "a51115bc-f64f-498f-bcee-00dcd28f4a03", + "IsEnabled": true, + "Origin": null, + "Type": "Admin", + "UserConsentDescription": "Allows the app to read and update configuration used for OAuth 2.0 mutual-TLS client authentication, on your behalf. This includes adding and updating trusted certificate authorities.", + "UserConsentDisplayName": "Read and write all configurations used for mutual-TLS client authentication.", + "Value": "MutualTlsOauthConfiguration.ReadWrite.All", + "AdditionalProperties": {} + }, { "AdminConsentDescription": "Allows the app to read all network access reports on behalf of the signed-in user.", "AdminConsentDisplayName": "Read all network access reports",