Weekly Permissions sync 2025-11-25 #1359
Conversation
There was a problem hiding this comment.
Pull request overview
This PR implements the weekly permissions synchronization for 2025-11-25, updating permission provisioning configurations and definitions across the Microsoft Graph permissions system.
Key Changes:
- Enabled Agent Registry permissions (AgentInstance, AgentCollection, AgentCardManifest) by populating previously empty IDs and changing
isHiddenandisEnabledflags - Added new permission definitions for MailboxConfigItem.Read with full pathSet configurations
- Reorganized Calendar and CloudPC permission path structures for better scheme-specific authorization
- Extended Policy.Read/WriteConditionalAccess with new claimProviders endpoints
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 18 comments.
| File | Description |
|---|---|
| permissions/new/provisioningInfo.json | Updated Agent permissions with proper IDs and enabled state; added incomplete AppRegistration and ServicePrincipal.DeleteRestore.All permissions; updated MailboxConfigItem.Read provisioning |
| permissions/new/permissions.json | Added comprehensive Agent Registry permission definitions with pathSets; added MailboxConfigItem.Read definition; reorganized Calendar permission paths by scheme; added claimProviders endpoints to Policy permissions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
| "AppRegistration.Create": [ | ||
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", | ||
| "scheme": "Application", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| } | ||
| ], | ||
| "AppRegistration.DeleteRestore.All": [ | ||
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", | ||
| "scheme": "Application", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| } | ||
| ], | ||
| "AppRegistration.EnableDisable.All": [ | ||
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", | ||
| "scheme": "Application", | ||
| "environment": "", | ||
| "isHidden": true, | ||
| "isEnabled": true, | ||
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| } | ||
| ], |
There was a problem hiding this comment.
The new AppRegistration.Create, AppRegistration.DeleteRestore.All, and AppRegistration.EnableDisable.All permissions added to provisioningInfo.json do not have corresponding definitions in permissions.json. For consistency, permissions should be defined in both files - provisioningInfo.json for provisioning details and permissions.json for API paths, descriptions, and authorization details.
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", |
There was a problem hiding this comment.
The environment field is empty. This field should specify the deployment environment (e.g., "public", "china", "usgov") for the permission to be properly provisioned.
| "resourceAppId": "00000003-0000-0000-c000-000000000000" | ||
| }, | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The id field is empty. All permission provisioning entries should have a unique identifier (GUID format) for proper registration and tracking.
| ], | ||
| "ServicePrincipal.DeleteRestore.All": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The id field is empty. All permission provisioning entries should have a unique identifier (GUID format) for proper registration and tracking.
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", |
There was a problem hiding this comment.
The environment field is empty. This field should specify the deployment environment (e.g., "public", "china", "usgov") for the permission to be properly provisioned.
| { | ||
| "id": "", | ||
| "scheme": "Application", | ||
| "environment": "", |
There was a problem hiding this comment.
The environment field is empty. This field should specify the deployment environment (e.g., "public", "china", "usgov") for the permission to be properly provisioned.
| ], | ||
| "AppRegistration.Create": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The id field is empty. All permission provisioning entries should have a unique identifier (GUID format) for proper registration and tracking.
| ], | ||
| "AppRegistration.DeleteRestore.All": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The id field is empty. All permission provisioning entries should have a unique identifier (GUID format) for proper registration and tracking.
| ], | ||
| "AppRegistration.EnableDisable.All": [ | ||
| { | ||
| "id": "", |
There was a problem hiding this comment.
The id field is empty. All permission provisioning entries should have a unique identifier (GUID format) for proper registration and tracking.
| { | ||
| "id": "", | ||
| "scheme": "DelegatedWork", | ||
| "environment": "", |
There was a problem hiding this comment.
The environment field is empty. This field should specify the deployment environment (e.g., "public", "china", "usgov") for the permission to be properly provisioned.
Weekly Permissions sync 2025-11-25