We are delighted to announce an update to our Azure Multitenant Applications, introducing enhanced permission modification capabilities. This release brings important improvements to the application’s functionality and security, ensuring a seamless experience for our valued customers.
Modified Permissions:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add ProjectWorkManagement → OrgSettings-Planner.ReadWrite.All permission to the application. This permission is required by the DSC version 1.25.402.1.
Add Insights Administrator role to the application. This role is required by DSC to handle Organisation settings.
These Applications are not involved in this release:
| Application Name | AppId |
|---|---|
| Swisscom M365 Foundation | 217d642e-c258-4597-a7f3-3573b3c8a813 |
| Swisscom M365 Phone System | 2bdd1880-78e3-413b-a4d6-5753955eaee5 |
| Swisscom M365 Endpoint Management | bf79789e-4016-4591-9079-0200fd0389df |
| Swisscom M365 Backup as a Service | ec2c8e17-afaa-4583-8a32-9b7530b7c118 |
| Swisscom Threat Detection and Response | 3e8f866e-d64b-4197-956e-c5cf852e54cd |
| Swisscom MCC Microsoft | a59996f7-560b-4349-80a9-9f65c68a8386 |
| Swisscom Enterprise Workspace | de007c00-80c4-4ba3-a281-b9d9635a5407 |
| Swisscom Microsoft XDR as a Service | 61f68604-cf24-4530-b5c1-4530a43460d7 |
| Swisscom M365 DLP | 7f0a552f-7c0e-4afb-96da-1d1f189a6485 |
Modified Permissions:
Swisscom M365 Foundation
AppId: 217d642e-c258-4597-a7f3-3573b3c8a813
In an effort to ensure a least priviledged approach and usabilty of the Foundation for multiple services, following permissions have been removed from the Foundation application and by case added to other services that require them for operations:
Remove Agreement.ReadWrite.All
Remove Directory.Read.All
Remove Directory.ReadWrite.All
Remove Group.Read.All
Remove GroupMember.Read.All
Remove GroupMember.ReadWrite.All
Remove Member.Read.Hidden
Remove Organization.ReadWrite.All
Remove Policy.ReadWrite.ApplicationConfiguration
Remove Policy.ReadWrite.AuthenticationMethod
Remove Policy.ReadWrite.Authorization
Remove RoleManagement.Read.Directory
Remove User.Read.All
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Organization.ReadWrite.All permission to the application. This role is required to cover functionalities previously handeled by the Foundation application and is only used by the Management Service.
Add Policy.ReadWrite.AuthenticationMethod permission to the application. This role is required to cover functionalities previously handeled by the Foundation application and is only used by the Management Service
Swisscom M365 Phone System
AppId: 2bdd1880-78e3-413b-a4d6-5753955eaee5
Add Group.ReadWrite.All permission, required by UCC Profile Onboarding (no longer performed with personal account).
Add Organization.Read.All permission, required by UCC Profile Onboarding (no longer performed with personal account).
These Applications are not involved in this release:
| Application Name | AppId |
|---|---|
| Swisscom M365 Endpoint Management | bf79789e-4016-4591-9079-0200fd0389df |
| Swisscom M365 Backup as a Service | ec2c8e17-afaa-4583-8a32-9b7530b7c118 |
| Swisscom Threat Detection and Response | 3e8f866e-d64b-4197-956e-c5cf852e54cd |
| Swisscom MCC Microsoft | a59996f7-560b-4349-80a9-9f65c68a8386 |
| Swisscom Enterprise Workspace | de007c00-80c4-4ba3-a281-b9d9635a5407 |
| Swisscom Microsoft XDR as a Service | 61f68604-cf24-4530-b5c1-4530a43460d7 |
| Swisscom M365 DLP | 7f0a552f-7c0e-4afb-96da-1d1f189a6485 |
Modified Roles:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Security Administrator role to the application. This role is required by the DSC to manage Role Groups in the Purview Portal.
Remove Security Operator role from the application. This role requirement is obsolete with adding the Security Administrator role.
Swisscom M365 Backup as a Service
AppId: ec2c8e17-afaa-4583-8a32-9b7530b7c118
Add ChannelMember.ReadWrite.All permissionm. This role is required by the backup application.
Add Files.ReadWrite.All permission. This role is required by the backup application.
These Applications are not involved in this release:
| Application Name | AppId |
|---|---|
| Swisscom M365 Foundation | 217d642e-c258-4597-a7f3-3573b3c8a813 |
| Swisscom M365 Phone System | 2bdd1880-78e3-413b-a4d6-5753955eaee5 |
| Swisscom M365 Endpoint Management | bf79789e-4016-4591-9079-0200fd0389df |
| Swisscom Threat Detection and Response | 3e8f866e-d64b-4197-956e-c5cf852e54cd |
| Swisscom MCC Microsoft | a59996f7-560b-4349-80a9-9f65c68a8386 |
| Swisscom Enterprise Workspace | de007c00-80c4-4ba3-a281-b9d9635a5407 |
| Swisscom Microsoft XDR as a Service | 61f68604-cf24-4530-b5c1-4530a43460d7 |
| Swisscom M365 DLP | 7f0a552f-7c0e-4afb-96da-1d1f189a6485 |
Modified Permissions:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add SharePointTenantSettings.ReadWrite.All permission to the application. This permission is required by the DSC version 1.24.619.1.
These Applications are not involved in this release:
| Application Name | AppId |
|---|---|
| Swisscom M365 Foundation | 217d642e-c258-4597-a7f3-3573b3c8a813 |
| Swisscom M365 Phone System | 2bdd1880-78e3-413b-a4d6-5753955eaee5 |
| Swisscom M365 Endpoint Management | bf79789e-4016-4591-9079-0200fd0389df |
| Swisscom M365 Backup as a Service | ec2c8e17-afaa-4583-8a32-9b7530b7c118 |
| Swisscom Threat Detection and Response | 3e8f866e-d64b-4197-956e-c5cf852e54cd |
| Swisscom MCC Microsoft | a59996f7-560b-4349-80a9-9f65c68a8386 |
| Swisscom Enterprise Workspace | de007c00-80c4-4ba3-a281-b9d9635a5407 |
| Swisscom Microsoft XDR as a Service | 61f68604-cf24-4530-b5c1-4530a43460d7 |
| Swisscom M365 DLP | 7f0a552f-7c0e-4afb-96da-1d1f189a6485 |
Modified Permissions:
Swisscom M365 Management
AppId: 61231e0c-8598-42cb-a068-73f45159d616
Add Reports.Read.All permission to the application. With this permission we are able to read the Sharepoint Limit and react accordingly.
These Applications are not involved in this release:
| Application Name | AppId |
|---|---|
| Swisscom M365 Foundation | 217d642e-c258-4597-a7f3-3573b3c8a813 |
| Swisscom M365 Phone System | 2bdd1880-78e3-413b-a4d6-5753955eaee5 |
| Swisscom M365 Endpoint Management | bf79789e-4016-4591-9079-0200fd0389df |
| Swisscom M365 Backup as a Service | ec2c8e17-afaa-4583-8a32-9b7530b7c118 |
| Swisscom Threat Detection and Response | 3e8f866e-d64b-4197-956e-c5cf852e54cd |
| Swisscom MCC Microsoft | a59996f7-560b-4349-80a9-9f65c68a8386 |
| Swisscom Enterprise Workspace | de007c00-80c4-4ba3-a281-b9d9635a5407 |
| Swisscom Microsoft XDR as a Service | 61f68604-cf24-4530-b5c1-4530a43460d7 |
| Swisscom M365 DLP | 7f0a552f-7c0e-4afb-96da-1d1f189a6485 |
Additional Information:
For further details on the updated permission modification features and other enhancements, please refer to our comprehensive documentation available at docs.swisscom.ch.
We value your feedback. If you have any questions, encounter any issues, or would like to provide suggestions for future updates, please don’t hesitate to contact our support team.
Thank you for your continued support and trust in our Azure Multitenant Applications. We remain committed to delivering an exceptional experience and meeting your evolving needs.