rules/conditions/EntraID/Applications/app-permissions.json
|
{
filter: [ { conditions : [ ["PermissionName", "eq", "Application.ReadWrite.All"], ["PermissionName", "eq", "Directory.ReadWrite.All"], ["PermissionName", "eq", "Domain.ReadWrite.All"], ["PermissionName", "eq", "Member.Read.Hidden"], ["PermissionName", "eq", "User.ReadWrite.All"], ["PermissionName", "eq", "AppRoleAssignment.ReadWrite.All"], ["PermissionName", "eq", "RoleManagement.ReadWrite.Directory"], ["PermissionName", "eq", "full_access_as_app"], ["PermissionName", "eq", "Mail.Send"], ["PermissionName", "eq", "Sites.ReadWrite.All"], ["PermissionName", "eq", "Files.ReadWrite.All"], ["PermissionName", "eq", "Mail.ReadWrite"], ["PermissionName", "eq", "Sites.FullControl.All"], ["PermissionName", "eq", "DeviceManagementApps.ReadWrite.All"], ["PermissionName", "eq", "DeviceManagementConfiguration.ReadWrite.All"], ["PermissionName", "eq", "DeviceManagementManagedDevices.ReadWrite.All"], ["PermissionName", "eq", "DeviceManagementRBAC.ReadWrite.All"], ["PermissionName", "eq", "DeviceManagementServiceConfig.ReadWrite.All"], ["PermissionName", "eq", "Organization.ReadWrite.All"], ["PermissionName", "eq", "Policy.ReadWrite.ConditionalAccess"], ["PermissionName", "eq", "Policy.ReadWrite.Authorization"], ["PermissionName", "eq", "Policy.ReadWrite.AuthenticationMethod"], ["PermissionName", "eq", "Financials.ReadWrite.All"], ["PermissionName", "eq", "RoleManagement.ReadWrite.Directory"] ], operator : 'or' } ] } |