microsoftgraph · jasonjoh · Feb 2, 2026 · Feb 2, 2026
@@ -1258,7 +1258,7 @@
         "DelegatedWork": {
           "adminDisplayName": "Read all agent identities",
           "adminDescription": "Allows the client to read all agent identities.",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 3
         },
         "Application": {
@@ -1447,7 +1447,7 @@
         "DelegatedWork": {
           "adminDisplayName": "Read all agent identity blueprints",
           "adminDescription": "Allows the client to read all agent identity blueprints.",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 3
         },
         "Application": {
@@ -1706,7 +1706,7 @@
         "DelegatedWork": {
           "adminDisplayName": "Read agent identity blueprints principals.",
           "adminDescription": "Allows reading agent identity blueprint principals with a signed-in user.",
-          "requiresAdminConsent": false,
+          "requiresAdminConsent": true,
           "privilegeLevel": 3
         },
         "Application": {
@@ -42448,42 +42448,34 @@
           "userDescription": "Allows the app to read your organization's risk prevention providers, on your behalf.",
           "requiresAdminConsent": true,
           "privilegeLevel": 3
-        },
-        "Application": {
-          "adminDisplayName": "Read all identity risk prevention providers",
-          "adminDescription": "Allows the app to read your organization's risk prevention providers, without a signed-in user.",
-          "requiresAdminConsent": true,
-          "privilegeLevel": 4
         }
       },
       "pathSets": [
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "GET"
           ],
           "paths": {
-            "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallVerifications": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork",
+            "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallVerifications": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork"
           }
         },
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "POST"
           ],
           "paths": {
-            "/identity/riskPrevention/webApplicationFirewalls/verify": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/webApplicationFirewalls/verify": "least=DelegatedWork"
           }
         }
       ],
@@ -42501,67 +42493,57 @@
           "userDescription": "Allows the app to read and write your organization's risk prevention providers, on your behalf.",
           "requiresAdminConsent": true,
           "privilegeLevel": 3
-        },
-        "Application": {
-          "adminDisplayName": "Read and write all identity risk prevention providers",
-          "adminDescription": "Allows the app to read and write your organization's risk prevention providers, without a signed-in user.",
-          "requiresAdminConsent": true,
-          "privilegeLevel": 4
         }
       },
       "pathSets": [
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "GET",
             "POST"
           ],
           "paths": {
-            "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/fraudProtectionProviders": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallProviders": "least=DelegatedWork"
           }
         },
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "DELETE",
             "GET",
             "PATCH"
           ],
           "paths": {
-            "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork,Application",
-            "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/fraudProtectionProviders/{id}": "least=DelegatedWork",
+            "/identity/riskPrevention/webApplicationFirewallProviders/{id}": "least=DelegatedWork"
           }
         },
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "POST"
           ],
           "paths": {
-            "/identity/riskPrevention/webApplicationFirewallProviders/{id}/verify": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/webApplicationFirewallProviders/{id}/verify": "least=DelegatedWork"
           }
         },
         {
           "schemeKeys": [
-            "DelegatedWork",
-            "Application"
+            "DelegatedWork"
           ],
           "methods": [
             "DELETE",
             "GET"
           ],
           "paths": {
-            "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork,Application"
+            "/identity/riskPrevention/webApplicationFirewallVerifications/{id}": "least=DelegatedWork"
           }
         }
       ],
@@ -47970,7 +47952,7 @@
         }
       ],
       "ownerInfo": {
-        "ownerSecurityGroup": "privacymanagementDSR"
+        "ownerSecurityGroup": "PrivacySolutionAdmin"
       }
     },
     "SubjectRightsRequest.ReadWrite.All": {
@@ -48030,7 +48012,7 @@
         }
       ],
       "ownerInfo": {
-        "ownerSecurityGroup": "privacymanagementDSR"
+        "ownerSecurityGroup": "PrivacySolutionAdmin"
       }
     },
     "Synchronization.Read.All": {
@@ -53248,6 +53230,7 @@
             "/teams/{id}/completemigration": "least=Application",
             "/users/{id}/teamwork/sections": "",
             "/users/{id}/teamwork/sections/{id}/items": "",
+            "/users/{id}/teamwork/sections/{id}/items/{id}/move": "",
             "/users/{id}/teamwork/sections/{id}/items/reorder": "",
             "/users/{id}/teamwork/sections/reorder": ""
           }
@@ -54115,42 +54098,6 @@
         "ownerSecurityGroup": "riskiq-dev"
       }
     },
-    "ThreatSubmission.Read": {
-      "authorizationType": "oAuth2",
-      "schemes": {
-        "DelegatedWork": {
-          "adminDisplayName": "Read threat submissions",
-          "adminDescription": "Allows the app to read the threat submissions and threat submission policies owned by the signed-in user.",
-          "userDisplayName": "Read threat submissions",
-          "userDescription": "Allows the app to read the threat submissions and threat submission policies that you own on your behalf.",
-          "requiresAdminConsent": true,
-          "privilegeLevel": 2
-        }
-      },
-      "pathSets": [
-        {
-          "schemeKeys": [
-            "DelegatedWork"
-          ],
-          "methods": [
-            "GET"
-          ],
-          "paths": {
-            "/security/threatsubmission/emailthreats": "least=DelegatedWork",
-            "/security/threatsubmission/emailthreats/{id}": "least=DelegatedWork",
-            "/security/threatsubmission/emailthreatsubmissionpolicies": "least=DelegatedWork",
-            "/security/threatsubmission/emailthreatsubmissionpolicies/{id}": "least=DelegatedWork",
-            "/security/threatsubmission/filethreats": "least=DelegatedWork",
-            "/security/threatsubmission/filethreats/{id}": "least=DelegatedWork",
-            "/security/threatsubmission/urlthreats": "least=DelegatedWork",
-            "/security/threatsubmission/urlthreats/{id}": "least=DelegatedWork"
-          }
-        }
-      ],
-      "ownerInfo": {
-        "ownerSecurityGroup": "IdentityReq"
-      }
-    },
     "ThreatSubmission.Read.All": {
       "authorizationType": "oAuth2",
       "schemes": {
@@ -54194,53 +54141,6 @@
         "ownerSecurityGroup": "IdentityReq"
       }
     },
-    "ThreatSubmission.ReadWrite": {
-      "authorizationType": "oAuth2",
-      "schemes": {
-        "DelegatedWork": {
-          "adminDisplayName": "Read and write threat submissions",
-          "adminDescription": "Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. Also allows the app to create new threat submissions on behalf of the signed-in user.",
-          "userDisplayName": "Read and write threat submissions",
-          "userDescription": "Allows the app to read the threat submissions and threat submission policies that you own. Also allows the app to create new threat submissions on your behalf.",
-          "requiresAdminConsent": true,
-          "privilegeLevel": 2
-        }
-      },
-      "pathSets": [
-        {
-          "schemeKeys": [
-            "DelegatedWork"
-          ],
-          "methods": [
-            "GET"
-          ],
-          "paths": {
-            "/security/threatsubmission/emailthreats/{id}": "",
-            "/security/threatsubmission/emailthreatsubmissionpolicies": "",
-            "/security/threatsubmission/emailthreatsubmissionpolicies/{id}": "",
-            "/security/threatsubmission/filethreats/{id}": "",
-            "/security/threatsubmission/urlthreats/{id}": ""
-          }
-        },
-        {
-          "schemeKeys": [
-            "DelegatedWork"
-          ],
-          "methods": [
-            "GET",
-            "POST"
-          ],
-          "paths": {
-            "/security/threatsubmission/emailthreats": "least=DelegatedWork",
-            "/security/threatsubmission/filethreats": "least=DelegatedWork",
-            "/security/threatsubmission/urlthreats": "least=DelegatedWork"
-          }
-        }
-      ],
-      "ownerInfo": {
-        "ownerSecurityGroup": "IdentityReq"
-      }
-    },
     "ThreatSubmission.ReadWrite.All": {
       "authorizationType": "oAuth2",
       "schemes": {

@@ -486,6 +486,24 @@
         "resourceAppId": "00000002-0000-0000-c000-000000000000"
       }
     ],
+    "AgentIdentityBlueprint.UpdateSponsors.All": [
+      {
+        "id": "",
+        "scheme": "Application",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      },
+      {
+        "id": "",
+        "scheme": "DelegatedWork",
+        "environment": "PPE;public",
+        "isHidden": true,
+        "isEnabled": false,
+        "resourceAppId": "00000002-0000-0000-c000-000000000000"
+      }
+    ],
     "AgentIdentityBlueprintPrincipal.CreateAsManager": [
       {
         "id": "c50c596a-6889-4460-acb1-3ed7c5fc142a",
@@ -15783,7 +15801,7 @@
         "resourceAppId": "ab3be6b7-f5df-413d-ac2d-abf1e3fd9c0b"
       }
     ],
-    "TeamworkTargetedMessage.ReadWrite.All": [
+    "TeamworkTargetedMessage.ReadWrite": [
       {
         "id": "",
         "scheme": "Application",
@@ -16112,7 +16130,7 @@
         "id": "fd5353c6-26dd-449f-a565-c4e16b9fce78",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": false,
+        "isHidden": true,
         "isEnabled": true,
         "resourceAppId": ""
       }
@@ -16140,7 +16158,7 @@
         "id": "68a3156e-46c9-443c-b85c-921397f082b5",
         "scheme": "DelegatedWork",
         "environment": "public",
-        "isHidden": false,
+        "isHidden": true,
         "isEnabled": true,
         "resourceAppId": ""
       }