We are delighted to announce an update to our Azure Multitenant Applications, introducing enhanced permission modification capabilities. This release brings important improvements to the application’s functionality and security, ensuring a seamless experience for our valued customers.
Modified Permissions:
Swisscom M365 Foundation
AppId: 217d642e-c258-4597-a7f3-3573b3c8a813
In an effort to ensure a least priviledged approach and usabilty of the Foundation for multiple services, following permissions have been removed from the Foundation application and by case added to other services that require them for operations:
Remove Agreement.ReadWrite.All
Remove Directory.Read.All
Remove Directory.ReadWrite.All
Remove Group.Read.All
Remove GroupMember.Read.All
Remove GroupMember.ReadWrite.All
Remove Member.Read.Hidden
Remove Organization.ReadWrite.All
Remove Policy.ReadWrite.ApplicationConfiguration
Remove Policy.ReadWrite.AuthenticationMethod
Remove Policy.ReadWrite.Authorization
Remove RoleManagement.Read.Directory
Remove User.Read.All
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Organization.ReadWrite.All permission to the application. This role is required to cover functionalities previously handeled by the Foundation application and is only used by the Management Service.
Add Policy.ReadWrite.AuthenticationMethod permission to the application. This role is required to cover functionalities previously handeled by the Foundation application and is only used by the Management Service
Swisscom M365 Phone System
AppId: 2bdd1880-78e3-413b-a4d6-5753955eaee5
Add Group.ReadWrite.All permission, required by UCC Profile Onboarding (no longer performed with personal account).
Add Organization.Read.All permission, required by UCC Profile Onboarding (no longer performed with personal account).
These Applications are not involved in this release:
Swisscom M365 Endpoint Management
AppId: bf79789e-4016-4591-9079-0200fd0389df
Swisscom M365 Backup as a Service
AppId: ec2c8e17-afaa-4583-8a32-9b7530b7c118
Swisscom Threat Detection and Response
AppId: 3e8f866e-d64b-4197-956e-c5cf852e54cd
Swisscom MCC Microsoft
AppId: a59996f7-560b-4349-80a9-9f65c68a8386
Swisscom Enterprise Workspace
AppId: de007c00-80c4-4ba3-a281-b9d9635a5407
Swisscom Microsoft XDR as a Service
AppId: 61f68604-cf24-4530-b5c1-4530a43460d7
Swisscom M365 DLP
AppId: 7f0a552f-7c0e-4afb-96da-1d1f189a6485
Modified Roles:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Security Administrator role to the application. This role is required by the DSC to manage Role Groups in the Purview Portal.
Remove Security Operator role from the application. This role requirement is obsolete with adding the Security Administrator role.
Swisscom M365 Backup as a Service
AppId: ec2c8e17-afaa-4583-8a32-9b7530b7c118
Add ChannelMember.ReadWrite.All permissionm. This role is required by the backup application.
Add Files.ReadWrite.All permission. This role is required by the backup application.
These Applications are not involved in this release:
Swisscom M365 Foundation
AppId: 217d642e-c258-4597-a7f3-3573b3c8a813
Swisscom M365 Phone System
AppId: 2bdd1880-78e3-413b-a4d6-5753955eaee5
Swisscom M365 Endpoint Management
AppId: bf79789e-4016-4591-9079-0200fd0389df
Swisscom Threat Detection and Response
AppId: 3e8f866e-d64b-4197-956e-c5cf852e54cd
Swisscom MCC Microsoft
AppId: a59996f7-560b-4349-80a9-9f65c68a8386
Swisscom Enterprise Workspace
AppId: de007c00-80c4-4ba3-a281-b9d9635a5407
Swisscom Microsoft XDR as a Service
AppId: 61f68604-cf24-4530-b5c1-4530a43460d7
Swisscom M365 DLP
AppId: 7f0a552f-7c0e-4afb-96da-1d1f189a6485
Modified Permissions:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add SharePointTenantSettings.ReadWrite.All permission to the application. This permission is required by the DSC version 1.24.619.1.
These Applications are not involved in this release:
Swisscom M365 Foundation
AppId: 217d642e-c258-4597-a7f3-3573b3c8a813
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Swisscom M365 Phone System
AppId: 2bdd1880-78e3-413b-a4d6-5753955eaee5
Swisscom M365 Endpoint Management
AppId: bf79789e-4016-4591-9079-0200fd0389df
Swisscom M365 Backup as a Service
AppId: ec2c8e17-afaa-4583-8a32-9b7530b7c118
Swisscom Threat Detection and Response
AppId: 3e8f866e-d64b-4197-956e-c5cf852e54cd
Swisscom MCC Microsoft
AppId: a59996f7-560b-4349-80a9-9f65c68a8386
Swisscom Enterprise Workspace
AppId: de007c00-80c4-4ba3-a281-b9d9635a5407
Swisscom Microsoft XDR as a Service
AppId: 61f68604-cf24-4530-b5c1-4530a43460d7
Swisscom M365 DLP
AppId: 7f0a552f-7c0e-4afb-96da-1d1f189a6485
Modified Permissions:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Reports.Read.All permission to the application. With this permission we are able to read the Sharepoint Limit and react accordingly.
These Applications are not involved in this release:
Swisscom M365 Foundation
AppId: 217d642e-c258-4597-a7f3-3573b3c8a813
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Swisscom M365 Phone System
AppId: 2bdd1880-78e3-413b-a4d6-5753955eaee5
Swisscom M365 Endpoint Management
AppId: bf79789e-4016-4591-9079-0200fd0389df
Swisscom M365 Backup as a Service
AppId: ec2c8e17-afaa-4583-8a32-9b7530b7c118
Swisscom Threat Detection and Response
AppId: 3e8f866e-d64b-4197-956e-c5cf852e54cd
Swisscom MCC Microsoft
AppId: a59996f7-560b-4349-80a9-9f65c68a8386
Swisscom Enterprise Workspace
AppId: de007c00-80c4-4ba3-a281-b9d9635a5407
Swisscom Microsoft XDR as a Service
AppId: 61f68604-cf24-4530-b5c1-4530a43460d7
Swisscom M365 DLP
AppId: 7f0a552f-7c0e-4afb-96da-1d1f189a6485
Additional Information:
For further details on the updated permission modification features and other enhancements, please refer to our comprehensive documentation available at docs.swisscom.ch.
We value your feedback. If you have any questions, encounter any issues, or would like to provide suggestions for future updates, please don’t hesitate to contact our support team.
Thank you for your continued support and trust in our Azure Multitenant Applications. We remain committed to delivering an exceptional experience and meeting your evolving needs.