ProtectionScopes.Compute.User

Allows the app to identify Purview data protection, compliance and governance policy scopes defined for an individual user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ProtectionScopes.Compute.User permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	fe696d63-5e1f-4515-8232-cccc316903c6	4fc04d16-a9fc-4c5e-8da4-79b6c33638a4
DisplayText	Compute Purview policies for an individual user	Compute Purview policies for an individual user
Description	Allows the app to identify Purview data protection, compliance and governance policy scopes defined for an individual user.	Allows the app to identify Purview data protection, compliance and governance policy scopes defined for an individual user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /users/{usersId}/dataSecurityAndGovernance/protectionScopes/compute
	POST /users/me/dataSecurityAndGovernance/protectionScopes/compute

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: deviceMetadata

Property	Type	Description
deviceType	String	The general type of the device (for example, "Managed", "Unmanaged", "Unknown").
operatingSystemSpecifications	operatingSystemSpecifications	Details about the operating system platform and version.

Graph reference: integratedApplicationMetadata

Property	Type	Description
name	String	The name of the integrated application.
version	String	The version number of the integrated application.

Graph reference: policylocation

Property	Type	Description
value	String	The actual value representing the location (for example, "contoso.com", "https://partner.contoso.com/upload", "83ef198a-0396-4893-9d4f-d36efbffcaaa").

Graph reference: policyUserScope

Property	Type	Description
activities	microsoft.graph.security.userActivityTypes	Flags specifying the user activities the calling application supports or is interested. Possible values are `none`, `uploadText`, `uploadFile`, `downloadText`, `downloadFile`. Required.
executionMode	microsoft.graph.security.executionMode	Policy execution mode for this user. Possible values are `evaluateInline` and `evaluateOffline`. Inherited from `policyScopeBase`. Required.
locations	Collection(microsoft.graph.policyLocation)	Locations protected for this user. Inherited from `policyScopeBase`. Required.
policyActions	Collection(microsoft.graph.dlpActionInfo)	Enforcement actions applicable to this user. Inherited from `policyScopeBase`. Required.

Table of Contents

ProtectionScopes.Compute.User

Graph Methods

Resources