Merge branch 'main' into tonchan-spedoc0125

FaithOmbongi · web-flow · commit 3da6ac92991b · 2025-01-20T13:19:16.000+03:00
diff --git a/api-reference/beta/api/authenticationflowspolicy-get.md b/api-reference/beta/api/authenticationflowspolicy-get.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-read](../includes/rbac-for-apis/rbac-authentication-flow-policy-read.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/beta/api/authenticationflowspolicy-update.md b/api-reference/beta/api/authenticationflowspolicy-update.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-update-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-update](../includes/rbac-for-apis/rbac-authentication-flow-policy-update.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md b/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md
@@ -0,0 +1,14 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
+> - External Identity Provider Administrator
+> - Application Administrator
+> - Security Administrator
+> - Security Reader
+> - Global Reader
+
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md b/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md
@@ -0,0 +1,8 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
diff --git a/api-reference/v1.0/api/authenticationflowspolicy-get.md b/api-reference/v1.0/api/authenticationflowspolicy-get.md
@@ -23,6 +23,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-read](../includes/rbac-for-apis/rbac-authentication-flow-policy-read.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/v1.0/api/authenticationflowspolicy-update.md b/api-reference/v1.0/api/authenticationflowspolicy-update.md
@@ -23,6 +23,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-update-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-update](../includes/rbac-for-apis/rbac-authentication-flow-policy-update.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md
@@ -0,0 +1,13 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
+> - External Identity Provider Administrator
+> - Application Administrator
+> - Security Administrator
+> - Security Reader
+> - Global Reader
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md
@@ -0,0 +1,8 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md
@@ -7,7 +7,7 @@ ms.localizationpriority: high
 ms.topic: reference
 ms.subservice: entra-applications
 ms.custom: graphiamtop20, scenarios:getting-started
-ms.date: 01/13/2025
+ms.date: 01/20/2025
 #Customer intent: As a developer, I want to learn more about the permissions available in Microsoft Graph, so that I understand the impact of granting specific permissions to my app.
 ---
 
@@ -1391,7 +1391,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | c645bb69-adc4-4242-b620-02e635f03bf6 |
 | DisplayText | - | Read all Configuration Monitoring entities |
 | Description | - | Allows the app to read all Configuration Monitoring entities on behalf of the signed-in user. |
-| AdminConsentRequired | - | No |
+| AdminConsentRequired | - | Yes |
 
 ---
 
@@ -1402,7 +1402,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | 54505ce9-e719-41f7-a7cc-dbe114e1d811 |
 | DisplayText | - | Read and write all Configuration Monitoring entities |
 | Description | - | Allows the app to read and write all Configuration Monitoring entities on behalf of the signed-in user. |
-| AdminConsentRequired | - | No |
+| AdminConsentRequired | - | Yes |
 
 ---
 
@@ -6930,6 +6930,17 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 ---
 
+### TeamsResourceAccount.Read.All
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | b55aa226-33a1-4396-bcf4-edce5e7a31c1 | ea2cbd09-253c-4f69-a0e6-07383c5f07cc |
+| DisplayText | Read Teams resource accounts | Read Teams resource accounts |
+| Description | Allows the app to read your tenant's resource accounts without a signed-in user. | Allows the app to read your tenant's resource accounts on behalf of the signed-in admin user. |
+| AdminConsentRequired | Yes | Yes |
+
+---
+
 ### TeamsTab.Create
 
 | Category | Application | Delegated |
