Question about Data Loss Protection permissions-reference.md #9430
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Instructions: Add any supporting information, such as a description of the PR changes, here.
Please, is this permission really about Data Loss Protection for the Endpoint workload? or is it maybe about Intune?
In Purview DLP several workloads exist: SharePoint, OneDrive, MicrosoftTeams, Exchange, Endpoint...
It does NOT make sense for "AuditLogsQuery-Endpoint.Read.All" to be about DLP for Endpoint, AND then "AuditLogsQuery-Exchange.Read.All", "AuditLogsQuery-OneDrive.Read.All", "AuditLogsQuery-SharePoint.Read.All" NOT be related to Data loss protection at all.
"Data loss protection" seems to be mentioned ONLY in "AuditLogsQuery-Endpoint.Read.All".
I have not found Graph permissions related to Purview DLP, except this one related specifically to Endpoint.
In this link (https://learn.microsoft.com/en-us/graph/api/security-auditcoreroot-list-auditlogqueries?view=graph-rest-beta&tabs=http#permissions) "AuditLogsQuery-Endpoint.Read.All" seems to be explained as audit logs of Intune, instead of specifically DLP.
Thank you.
Note
The following guidance is for Microsoft employees only. Community contributors can ignore this message; our content team will manage the status.
After you've created your PR, expand this section for tips and additional instructions.
#feedback-addressed
to the pull request.For more information, see the Content review process summary.