Merge pull request #26424 from microsoftgraph/main

Merge main into live

Author: FaithOmbongi

api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md

@@ -36,15 +36,14 @@ Choose the permission or permissions marked as least privileged for this API. Us
 > 
 > Additionally you must also have the following permissions on the resource being added:
 >   - To add a Microsoft Entra group as a resource to a catalog:
->   - If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role that allows them to modify groups.
->   - If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
-> - To add a Microsoft Entra application as a resource to a catalog:
->   - If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role that allows them to modify application role assignments.
->   - If using application permissions, the application requesting to add the [servicePrincipal](../resources/serviceprincipal.md) should also be assigned the *Application.ReadWrite.All* permission.
-> - To add a SharePoint Online site as a resource to a catalog:
->   - If using delegated permissions, the user who wants to add the site should be in a role that allows them to modify the SharePoint site roles, such as the *SharePoint Administrator* role.
->   - If using application permissions, the application should also be assigned the `Sites.FullControl.All` permission.
-> For more information, see [Delegation and roles in entitlement management](/entra/id-governance/entitlement-management-delegate) and [how to delegate access governance to access package managers in entitlement management](/entra/id-governance/entitlement-management-delegate-managers).
+>       - If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role that allows them to modify groups.
+>       - If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
+>   - To add a Microsoft Entra application as a resource to a catalog:
+>       - If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role that allows them to modify application role assignments.
+>       - If using application permissions, the application requesting to add the [servicePrincipal](../resources/serviceprincipal.md) should also be assigned the *Application.ReadWrite.All* permission.
+>   - To add a SharePoint Online site as a resource to a catalog:
+>       - If using delegated permissions, the user who wants to add the site should be in a role that allows them to modify the SharePoint site roles, such as the *SharePoint Administrator* role.
+>       - If using application permissions, the application should also be assigned the `Sites.FullControl.All` permission.
 
 ## HTTP request
 

api-reference/beta/api/onlinemeeting-getalltranscripts.md

@@ -37,7 +37,7 @@ The following known issues are associated with this API:
 
 Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
 
-<!-- { "blockType": "permissions", "name": "onlinemeeting_getalltranscripts" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/onlinemeeting-getalltranscripts-permissions.md)]
 
 ## HTTP request

api-reference/beta/includes/permissions/onlinemeeting-getalltranscripts-permissions.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 
 |Permission type|Least privileged permissions|Higher privileged permissions|
 |:---|:---|:---|
-|Delegated (work or school account)|OnlineMeetings.Read|OnlineMeetings.ReadWrite|
+|Delegated (work or school account)|Not supported.|Not supported.|
 |Delegated (personal Microsoft account)|Not supported.|Not supported.|
-|Application|OnlineMeetings.Read.All|OnlineMeetings.ReadWrite.All|
+|Application|OnlineMeetings.Read.All|Not available.|
 

api-reference/v1.0/api/entitlementmanagement-post-resourcerequests.md

@@ -39,14 +39,14 @@ Choose the permission or permissions marked as least privileged for this API. Us
 > 
 > Additionally you must also have the following permissions on the resource being added:
 >   - To add a Microsoft Entra group as a resource to a catalog:
->   - If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role that allows them to modify groups.
->   - If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
-> - To add a Microsoft Entra application as a resource to a catalog:
->   - If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role that allows them to modify application role assignments.
->   - If using application permissions, the application requesting to add the [servicePrincipal](../resources/serviceprincipal.md) should also be assigned the *Application.ReadWrite.All* permission.
-> - To add a SharePoint Online site as a resource to a catalog:
->   - If using delegated permissions, the user who wants to add the site should be in a role that allows them to modify the SharePoint site roles, such as the *SharePoint Administrator* role.
->   - If using application permissions, the application should also be assigned the `Sites.FullControl.All` permission.
+>       - If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role that allows them to modify groups.
+>       - If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
+>   - To add a Microsoft Entra application as a resource to a catalog:
+>       - If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role that allows them to modify application role assignments.
+>       - If using application permissions, the application requesting to add the [servicePrincipal](../resources/serviceprincipal.md) should also be assigned the *Application.ReadWrite.All* permission.
+>   - To add a SharePoint Online site as a resource to a catalog:
+>       - If using delegated permissions, the user who wants to add the site should be in a role that allows them to modify the SharePoint site roles, such as the *SharePoint Administrator* role.
+>       - If using application permissions, the application should also be assigned the `Sites.FullControl.All` permission.
 > For more information, see [Delegation and roles in entitlement management](/entra/id-governance/entitlement-management-delegate) and [how to delegate access governance to access package managers in entitlement management](/entra/id-governance/entitlement-management-delegate-managers).
 
 

api-reference/v1.0/api/onlinemeeting-getalltranscripts.md

@@ -29,7 +29,7 @@ To learn more about using the Microsoft Teams export APIs to export content, see
 
 Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
 
-<!-- { "blockType": "permissions", "name": "onlinemeeting_getalltranscripts" } -->
+<!-- { "blockType": "ignored"  } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
 [!INCLUDE [permissions-table](../includes/permissions/onlinemeeting-getalltranscripts-permissions.md)]
 
 ## HTTP request

api-reference/v1.0/includes/permissions/onlinemeeting-getalltranscripts-permissions.md

@@ -6,7 +6,7 @@ ms.localizationpriority: medium
 
 |Permission type|Least privileged permissions|Higher privileged permissions|
 |:---|:---|:---|
-|Delegated (work or school account)|OnlineMeetings.Read|OnlineMeetings.ReadWrite|
+|Delegated (work or school account)|Not supported.|Not supported.|
 |Delegated (personal Microsoft account)|Not supported.|Not supported.|
-|Application|OnlineMeetings.Read.All|OnlineMeetings.ReadWrite.All|
+|Application|OnlineMeetings.Read.All|Not available.|
 

concepts/permissions-reference.md

@@ -7,7 +7,7 @@ ms.localizationpriority: high
 ms.topic: reference
 ms.subservice: entra-applications
 ms.custom: graphiamtop20, scenarios:getting-started
-ms.date: 03/17/2025
+ms.date: 03/24/2025
 #Customer intent: As a developer, I want to learn more about the permissions available in Microsoft Graph, so that I understand the impact of granting specific permissions to my app.
 ---
 
@@ -1432,21 +1432,21 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 | Category | Application | Delegated |
 |--|--|--|
-| Identifier | - | c645bb69-adc4-4242-b620-02e635f03bf6 |
-| DisplayText | - | Read all Configuration Monitoring entities |
-| Description | - | Allows the app to read all Configuration Monitoring entities on behalf of the signed-in user. |
-| AdminConsentRequired | - | Yes |
+| Identifier | aca929ec-9830-44dc-bda1-85cf938aaa95 | c645bb69-adc4-4242-b620-02e635f03bf6 |
+| DisplayText | Read all Configuration Monitoring entities | Read all Configuration Monitoring entities |
+| Description | Allows the app to read all Configuration Monitoring entities, without a signed-in user. | Allows the app to read all Configuration Monitoring entities on behalf of the signed-in user. |
+| AdminConsentRequired | Yes | Yes |
 
 ---
 
 ### ConfigurationMonitoring.ReadWrite.All
 
 | Category | Application | Delegated |
 |--|--|--|
-| Identifier | - | 54505ce9-e719-41f7-a7cc-dbe114e1d811 |
-| DisplayText | - | Read and write all Configuration Monitoring entities |
-| Description | - | Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user. |
-| AdminConsentRequired | - | Yes |
+| Identifier | cfa85bfb-2ee8-4e13-8e7f-489e57a015a1 | 54505ce9-e719-41f7-a7cc-dbe114e1d811 |
+| DisplayText | Read and write all Configuration Monitoring entities | Read and write all Configuration Monitoring entities |
+| Description | Allows the app to read and write all Configuration Monitoring entities, without a signed-in user. | Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user. |
+| AdminConsentRequired | Yes | Yes |
 
 ---
 
@@ -7907,6 +7907,17 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 ---
 
+### User.ReadWrite.CrossCloud
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | 5652f862-b626-407b-a3e6-248aeb95763c | - |
+| DisplayText | Read and write profiles of users that originate from an external cloud. | - |
+| Description | Allows the app to read and update external cloud user profiles without a signed in user. | - |
+| AdminConsentRequired | Yes | - |
+
+---
+
 ### User.RevokeSessions.All
 
 | Category | Application | Delegated |
@@ -8214,6 +8225,7 @@ Learn more about [RSC authorization framework and RSC permissions](/microsofttea
 | ChannelMeetingRecording.Read.Group | 30a40618-9b50-4764-b62e-b04023a8f5f3 | Read the recordings of all channel meetings associated with this team | Allows the app to read recordings of all the channel meetings associated with this team, without a signed-in user. |
 | ChannelMeetingTranscript.Read.Group | 37e59e88-1a46-482b-b623-0a4aa6abdf67 | Read the transcripts of all channel meetings associated with this team | Allows the app to read transcripts of all the channel meetings associated with this team, without a signed-in user. |
 | ChannelMember.Read.Group | 7e3614f5-3467-419c-9c63-dd0bbd2a88f9 | Read the members of channels of a team | Read the members of channels of a team, without a signed-in user |
+| ChannelMember.ReadWrite.Group | 1342a0fc-cd33-4c75-ad65-d5defcfc7232 | Read and write the members of channels of a team | Read and write the members of channels of a team, without a signed-in user |
 | ChannelMessage.Read.Group | 19103a54-c397-4bcd-be5a-ef111e0406fa | Read this team's channel messages | Allows the app to read this team's channel's messages, without a signed-in user. |
 | ChannelMessage.Send.Group | 3e38d437-815b-4368-9f19-e39dea9a6c7f | Send messages to this team's channels | Allows the app to send messages to this team's channels, without a signed-in user. |
 | ChannelSettings.Read.Group | 0a7b3084-8d18-46f5-8aef-b5b829292c6f | Read the names, descriptions, and settings of this team's channels | Allows the app to read this team's channel names, channel descriptions, and channel settings, without a signed-in user. |