microsoftgraph
Question about Data Loss Protection permissions-reference.md
Instructions: Add any supporting information, such as a description of the PR changes, here.
Please, is this permission really about Data Loss Protection for the Endpoint workload? or is it maybe about Intune?
In Purview DLP several workloads exist: SharePoint, OneDrive, MicrosoftTeams, Exchange, Endpoint...
It does NOT make sense for "AuditLogsQuery-Endpoint.Read.All" to be about DLP for Endpoint, AND then "AuditLogsQuery-Exchange.Read.All", "AuditLogsQuery-OneDrive.Read.All", "AuditLogsQuery-SharePoint.Read.All" NOT be related to Data loss protection at all.
"Data loss protection" seems to be mentioned ONLY in "AuditLogsQuery-Endpoint.Read.All".
I have not found Graph permissions related to Purview DLP, except this one related specifically to Endpoint.
In this link (https://learn.microsoft.com/en-us/graph/api/security-auditcoreroot-list-auditlogqueries?view=graph-rest-beta&tabs=http#permissions) "AuditLogsQuery-Endpoint.Read.All" seems to be explained as audit logs of Intune, instead of specifically DLP.
Thank you.
[!NOTE] The following guidance is for Microsoft employees only. Community contributors can ignore this message; our content team will manage the status.
After you've created your PR, expand this section for tips and additional instructions.
- do not merge is the default PR status and is automatically added to all open PRs that don't have the ready to merge label.
- Add the ready for content review label to start a review. Your PR won't be reviewed until you add this label.
- If your content reviewer requests changes, review the feedback and address accordingly as soon as possible to keep your pull request moving forward. After you address the feedback, remove the changes requested label, add the review feedback addressed label, and select the Re-request review icon next to the content reviewer's alias. If you can't add labels, add a comment with
#feedback-addressedto the pull request. - After the content review is complete, your reviewer will add the content review complete label. When the updates in this PR are ready for external customers to use, replace the do not merge label with ready to merge and the PR will be merged within 24 working hours.
- Pull requests that are inactive for more than 6 weeks will be automatically closed. Before that, you receive reminders at 2 weeks, 4 weeks, and 6 weeks. If you still need the PR, you can reopen or recreate the request.
For more information, see the Content review process summary.
Learn Build status updates of commit db5a94f:
:white_check_mark: Validation status: passed
| File | Status | Preview URL | Details |
|---|---|---|---|
| concepts/permissions-reference.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
- Try searching the learn.microsoft.com contributor guides
- Post your question in the Learn support channel
![learn-build-service-prod[bot] avatar](https://avatars.githubusercontent.com/in/237442?v=4 "Published by a pub.dev verified publisher"){kind=small}
@FaithOmbongi , can you take a look to see if we have an issue with the permissions reference?
Hi @ep3p - the permissions reference is autogenerated based on product data so we would not be able to merge this PR even if the permission description needs changing. However, I've pinged the SMEs to clarify and respond here. So we'll wait for their response then close this PR and take any action items.
Hi @ep3p - I've received this feedback from the product team as follows:
- The logs within the Endpoint workload pertain to Data Loss Protection for Endpoint. Therefore, AuditLogsQuery-Endpoint.Read.All is tied to DLP as indicated in the permission's descriptions.
- The other permissions aren't tied to Data Loss Protection for the specific workloads.
- We will make corrections to the permissions table to change "Microsoft Intune" workload to "Data Loss Protection for Endpoint" so the scope of the permission matches the API doc references.
- We will update the API docs to call out DLP where required so this linkage comes out clearly where applicable.
Please let me know if these suggestions/plans help address your feedback.
@FaithOmbongi thank you very much! I understand the feedback and I am okay if you want to close this PR, or maybe I can do it myself, thank you again!