Olivia
Online
Philippe Signoret
@psignoret
I work at Microsoft dealing with security and identity. Opinions are my own.
France
Joined April 2009
122 Following
328 Followers
222 Posts
@IngoGegenwarth @jthake @gregtaylor_msft @BrianTJackett Can you share the list of permissions you are trying to grant?
@_wald0 Are you looking for all actions, or only those supported in custom roles? For all actions, try this instead: https://t.co/azqd0XIGnI
@IngoGegenwarth @jthake @gregtaylor_msft @BrianTJackett I've never come across a case where an app actually needs this many permissions. The only times I've seen this is when testing and trying to grant every Graph scope, including redundant ones. Can you share (here or DM or email) some more details of what you're trying to do? 2/2
@IngoGegenwarth @jthake @gregtaylor_msft @BrianTJackett There's a limit on the total length of the scopes string in a delegated permission grant (~3900 characters). The error message isn't awesome (we'll fix that), and the limit should be documented (I'll fix that today). However... 1/
Who to follow
Dhanyah Krish
@DhanyahkMSFT
PM @ Microsoft Identity | | Seahawks forever ๐๐ | Always chasing good vibes, nature, and furry friends
Mamta Kumar
@ZuprMamtaKumar
Product Manager at Microsoft. My tweets are my own thoughts, and are not those of my employer.
TunaMania 
@tuna_gezer
Product @ Semperis | Ex- AzureAD PM @ MSFT | #Galatasaray #Seahawks #Snowboard | Tweets are my own!
@_wald0 @inversecos @mcohmi @kfosaaen @merill @DrAzureAD Hey Andy. What do you want to know more about? (Note, you *can* update the appRoles property on a service principal, but only to disable app-defined app roles, or to add/update/remove additional custom app roles that at only available in your tenant.)
@IngoGegenwarth @mderooij @microsoftgraph @gregtaylor_msft @sebastienlevert @BrianTJackett For example, the app role ID 601790de-b632-4f57-9523-ee7cb6ceba95 is very common because it's the one used in the example here, which people often copy-paste: https://t.co/lbTrzxwqbY 2/2
@IngoGegenwarth @mderooij @microsoftgraph @gregtaylor_msft @sebastienlevert @BrianTJackett Yes, ideally the ID would be system-generated on creation, but for reasons lost to history they are user-supplied, which means it's much more likely to happen. 1/
@IngoGegenwarth @mderooij @microsoftgraph @gregtaylor_msft @sebastienlevert @BrianTJackett Gah! Other way around: Calendars.ReadWrite is for Microsoft Graph (appId 00000003-0000-0000-c000-000000000000), Calendars.ReadWrite.All is for Exchange Online (appId 00000002-0000-0ff1-ce00-000000000000).
@IngoGegenwarth @mderooij @microsoftgraph @gregtaylor_msft @sebastienlevert @BrianTJackett An app role (or delegated permission) ID is only unique for the service principal it's defined on. Calendar.ReadWrite.All is for Microsoft Graph (appId 00000003-0000-0000-c000-000000000000), Calendar.ReadWrite is for Exchange Online (appId 00000002-0000-0ff1-ce00-000000000000).
@BrianTJackett @IngoGegenwarth @sebastienlevert @mderooij @microsoftgraph @gregtaylor_msft @LuberthM @Abheek_D The docs you're looking at there only list Microsoft Graph permissions (where only Calendars.ReadWrite exists). Calendars.ReadWrite.All is from Exchange Online's permissions (e.g. for Outlook REST API).
@IngoGegenwarth @microsoftgraph @gregtaylor_msft @sebastienlevert @BrianTJackett Across two different service principals, it is allowed. App role IDs (and delegated permission IDs) are only unique within the appRoles (or oauth2PermissionScopes) collections they are defined in.
Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns.
@weesaalcummar Happy to see of I can help! Have you opened an issue on https://t.co/17fTuj0rDk? If not, that's the place to start.
@NathanMcNulty @dnlongen @GossiTheDog Great feedback, thanks for sharing! With the current API you can build rudimentary integration to ticketing system, but admins will still need to go to portal to review/grant/decline request. Work happening to expand on the options for responding via API. https://t.co/KT8jld7ASY
@NathanMcNulty @ssimonsen0202 Also considering an option where those permissions are classified as "low" by default, until you choose to to remove the classification. In this scenario, the default would be the same setting as we have today (but it would no longer *require* the "choose permissions" step). 2/2
@NathanMcNulty @ssimonsen0202 What we're thinking for the new default is to reference a built-in policy identifying specific permissions (e.g. the ones for sign-in), rather than the the "low" classification (which does indeed require admin intervention and knowing what you're doing). 1/
Last Seen Users on Sotwe
Alice ๐ณ๏ธโโง๏ธ
Seen from India
เนเธญเธเนเธข เธเธฑเธเนเธกเน เนเธญเธเนเธฅเนเธ เธเธนเนเธเธฑเธเธเนเธฒ
Seen from Thailand
ferii17
Seen from Indonesia
ุณููู
ุฃููููููููฑู
ุฅุจููุงุญู ูููููู ููุฉ
Seen from Egypt
ุฌูุฌู
Seen from Germany
nenek bolong
Pissing Pussy
Seen from Jordan
Check my Pin
Seen from Turkey
Fumo of the day
Seen from Brazil
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers