ProtectionScopes.Compute.All

Allows the app to identify Purview data protection, compliance and governance policy scopes defined for all users across tenant.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ProtectionScopes.Compute.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	e5a76501-dbb0-492c-ab55-5d09e8837263	98f5a27a-539a-48bc-a597-f78e9e1e76bf
DisplayText	Compute Purview policies at tenant scope	Compute Purview policies at tenant scope
Description	Allows the app to identify Purview data protection, compliance and governance policy scopes defined for all users across tenant.	Allows the app to identify Purview data protection, compliance and governance policy scopes defined for all users across tenant.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /me/dataSecurityAndGovernance/protectionScopes/compute
	POST /security/dataSecurityAndGovernance/protectionScopes/compute

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /me/dataSecurityAndGovernance/protectionScopes/compute
	POST /security/dataSecurityAndGovernance/protectionScopes/compute

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Invoke-MgComputeSecurityDataSecurityAndGovernanceProtectionScope

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Invoke-MgBetaComputeSecurityDataSecurityAndGovernanceProtectionScope

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: deviceMetadata

Property	Type	Description
deviceType	String	Optional. The general type of the device (for example, "Managed", "Unmanaged").
operatingSystemSpecifications	operatingSystemSpecifications	Details about the operating system platform and version.
ipAddress	String	The Internet Protocol (IP) address of the device.

Graph reference: integratedApplicationMetadata

Property	Type	Description
name	String	The name of the integrated application.
version	String	The version number of the integrated application.

Graph reference: policyLocation

Property	Type	Description
value	String	The actual value representing the location. Location value is specific for concretetype of the policyLocation - policyLocationDomain, policyLocationUrl, or policyLocationApplication (for example, "contoso.com", "https://partner.contoso.com/upload", "83ef198a-0396-4893-9d4f-d36efbffcaaa").

Graph reference: policyLocationApplication

Property	Type	Description
value	String	The actual value representing the location (for example, "83ef198a-0396-4893-9d4f-d36efbffcaaa"). Inherited from policyLocation.

Property	Type	Description
value	String	The actual value representing the location (for example, "contoso.com"). Inherited from policyLocation.

Graph reference: policyLocationUrl

Property	Type	Description
value	String	The actual value representing the location (for example, "https://partner.contoso.com/upload"). Inherited from policyLocation.

Graph reference: policyTenantScope

Property	Type	Description
activities	microsoft.graph.security.userActivityTypes	Flags specifying the user activities the calling application supports or is interested. Possible values are `none`, `uploadText`, `uploadFile`, `downloadText`, `downloadFile`, `unknownFutureValue`. Required. This object is a multi-valued enumeration.
executionMode	microsoft.graph.security.executionMode	Policy execution mode at the tenant level. Possible values are `evaluateInline` and `evaluateOffline`. Inherited from `policyScopeBase`. Required.
locations	Collection(microsoft.graph.policyLocation)	Locations protected at the tenant level. Inherited from `policyScopeBase`. Required.
policyActions	Collection(microsoft.graph.dlpActionInfo)	Enforcement actions at the tenant level. Inherited from `policyScopeBase`. Required.
policyScope	microsoft.graph.policyBinding	Specifies the users and groups included in or excluded from this tenant-level policy scope.

Graph reference: policyUserScope

Property	Type	Description
activities	microsoft.graph.security.userActivityTypes	Flags specifying the user activities the calling application supports or is interested. Possible values are `none`, `uploadText`, `uploadFile`, `downloadText`, `downloadFile`, `unknownFutureValue`. Required. This object is a multi-valued enumeration.
executionMode	microsoft.graph.security.executionMode	Policy execution mode for this user. Possible values are `evaluateInline` and `evaluateOffline`. Inherited from `policyScopeBase`. Inline evaluation requires caller to wait for API response before allowing user activity to proceed. Required.
locations	Collection(microsoft.graph.policyLocation)	Locations protected for this user. Inherited from `policyScopeBase`. Required.
policyActions	Collection(microsoft.graph.dlpActionInfo)	Enforcement actions applicable to this user. Inherited from `policyScopeBase`. Required.

Table of Contents

ProtectionScopes.Compute.All

Graph Methods

Resources