Question about Data Loss Protection permissions-reference.md

[ep3p]

Instructions: Add any supporting information, such as a description of the PR changes, here.

Please, is this permission really about Data Loss Protection for the Endpoint workload? or is it maybe about Intune?

In Purview DLP several workloads exist: SharePoint, OneDrive, MicrosoftTeams, Exchange, Endpoint...

It does NOT make sense for "AuditLogsQuery-Endpoint.Read.All" to be about DLP for Endpoint, AND then "AuditLogsQuery-Exchange.Read.All", "AuditLogsQuery-OneDrive.Read.All", "AuditLogsQuery-SharePoint.Read.All" NOT be related to Data loss protection at all.

"Data loss protection" seems to be mentioned ONLY in "AuditLogsQuery-Endpoint.Read.All".

I have not found Graph permissions related to Purview DLP, except this one related specifically to Endpoint.

In this link (https://learn.microsoft.com/en-us/graph/api/security-auditcoreroot-list-auditlogqueries?view=graph-rest-beta&tabs=http#permissions) "AuditLogsQuery-Endpoint.Read.All" seems to be explained as audit logs of Intune, instead of specifically DLP.

Thank you.

---

Note

The following guidance is for Microsoft employees only. Community contributors can ignore this message; our content team will manage the status.

After you've created your PR, expand this section for tips and additional instructions.

• do not merge is the default PR status and is automatically added to all open PRs that don't have the ready to merge label.
• Add the ready for content review label to start a review. Your PR won't be reviewed until you add this label.
• If your content reviewer requests changes, review the feedback and address accordingly as soon as possible to keep your pull request moving forward. After you address the feedback, remove the changes requested label, add the review feedback addressed label, and select the Re-request review icon next to the content reviewer's alias. If you can't add labels, add a comment with #feedback-addressed to the pull request.
• After the content review is complete, your reviewer will add the content review complete label. When the updates in this PR are ready for external customers to use, replace the do not merge label with ready to merge and the PR will be merged within 24 working hours.
• Pull requests that are inactive for more than 6 weeks will be automatically closed. Before that, you receive reminders at 2 weeks, 4 weeks, and 6 weeks. If you still need the PR, you can reopen or recreate the request.

For more information, see the Content review process summary.

[learn-build-service-prod]

Learn Build status updates of commit db5a94f:

✅ Validation status: passed

File	Status	Preview URL	Details
concepts/permissions-reference.md	✅Succeeded

For more details, please refer to the build report.

For any questions, please:

• Try searching the learn.microsoft.com contributor guides
• Post your question in the Learn support channel

[Lauragra]

@FaithOmbongi , can you take a look to see if we have an issue with the permissions reference?

[FaithOmbongi]

Hi @ep3p - the permissions reference is autogenerated based on product data so we would not be able to merge this PR even if the permission description needs changing. However, I've pinged the SMEs to clarify and respond here. So we'll wait for their response then close this PR and take any action items.

[ep3p]

thank you! @FaithOmbongi