pl4nty · renovate · Apr 9, 2025 · Apr 13, 2025
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,7 +3,7 @@
 {
 	"name": "Python 3",
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-	"image": "mcr.microsoft.com/devcontainers/python:1-3.12-bullseye@sha256:f5fb6c95c669b17015b1bb90f3dcdb98d86a89a7a257f53054838a3e3df398d2"
+	"image": "mcr.microsoft.com/devcontainers/python:1-3.12-bullseye@sha256:d11de141ce017da425c9c1f97527fa864e5d84077dba81ea0bb6ef5399064d30"
 
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},

diff --git a/RoleDefinitions/05ac6fd6-16d7-431a-8f3b-3333014c33d0.json b/RoleDefinitions/05ac6fd6-16d7-431a-8f3b-3333014c33d0.json
@@ -0,0 +1,33 @@
+{
+    "id": "05ac6fd6-16d7-431a-8f3b-3333014c33d0",
+    "description": "This role enables administrators to configure whether individual public folders are mail-enabled or mail-disabled in an organization.\r\nThis role type enables you to manage the e-mail properties of public folders only. It doesn't enable you to manage non-e-mail properties of public folders. To manage non-e-mail properties of public folders you need to be assigned a role that's associated with the PublicFolders role type.",
+    "displayName": "Mail Enabled Public Folders",
+    "isEnabled": true,
+    "version": "0.12 (14.0.451.0)",
+    "isBuiltIn": true,
+    "templateId": null,
+    "allowedPrincipalTypes": "user,group",
+    "rolePermissions": [
+        {
+            "allowedResourceActions": [
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-MailPublicFolder -Anr -Credential -ErrorAction -ErrorVariable -Filter -Identity -IgnoreDefaultScope -IncludeGrantSendOnBehalfToWithDisplayNames -OutBuffer -OutVariable -ResultSize -SortBy -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-MessageTraceCopilot -Verbose -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-BookingMailbox -RecipientTypeDetails -ResultSize",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-ScopeAdmins -ScopeIds",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Start-AuditAssistant -Identity",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-UnifiedAuditSetting -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-MailPublicFolder -AcceptMessagesOnlyFrom -AcceptMessagesOnlyFromDLMembers -AcceptMessagesOnlyFromSendersOrMembers -Alias -BypassModerationFromSendersOrMembers -Confirm -Contacts -CustomAttribute1 -CustomAttribute10 -CustomAttribute11 -CustomAttribute12 -CustomAttribute13 -CustomAttribute14 -CustomAttribute15 -CustomAttribute2 -CustomAttribute3 -CustomAttribute4 -CustomAttribute5 -CustomAttribute6 -CustomAttribute7 -CustomAttribute8 -CustomAttribute9 -DeliverToMailboxAndForward -DisplayName -EmailAddresses -EmailAddressPolicyEnabled -EntryId -ErrorAction -ErrorVariable -ExtensionCustomAttribute1 -ExtensionCustomAttribute2 -ExtensionCustomAttribute3 -ExtensionCustomAttribute4 -ExtensionCustomAttribute5 -ExternalEmailAddress -ForwardingAddress -GrantSendOnBehalfTo -HiddenFromAddressListsEnabled -Identity -IgnoreDefaultScope -IgnoreMissingFolderLink -MailTip -MailTipTranslations -MaxReceiveSize -MaxSendSize -ModeratedBy -ModerationEnabled -Name -OnPremisesObjectId -OutBuffer -OutVariable -PhoneticDisplayName -PrimarySmtpAddress -PublicFolderType -RejectMessagesFrom -RejectMessagesFromDLMembers -RejectMessagesFromSendersOrMembers -RequireSenderAuthenticationEnabled -SendModerationNotifications -SimpleDisplayName -WarningAction -WarningVariable -WhatIf -WindowsEmailAddress",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-SyncMailPublicFolder -Confirm -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-SyncMailPublicFolder -AcceptMessagesOnlyFrom -Alias -Confirm -Contacts -CustomAttribute1 -CustomAttribute10 -CustomAttribute11 -CustomAttribute12 -CustomAttribute13 -CustomAttribute14 -CustomAttribute15 -CustomAttribute2 -CustomAttribute3 -CustomAttribute4 -CustomAttribute5 -CustomAttribute6 -CustomAttribute7 -CustomAttribute8 -CustomAttribute9 -DeliverToMailboxAndForward -DisplayName -EmailAddresses -EntryId -ErrorAction -ErrorVariable -ExternalEmailAddress -ForwardingAddress -GrantSendOnBehalfTo -HiddenFromAddressListsEnabled -MaxReceiveSize -MaxSendSize -Name -OnPremisesObjectId -OutBuffer -OutVariable -OverrideRecipientQuotas -RejectMessagesFrom -RequireSenderAuthenticationEnabled -WarningAction -WarningVariable -WhatIf -WindowsEmailAddress",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-Mailbox -HoldForMigration -IsExcludedFromServingHierarchy -Name -PublicFolder -Verbose -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-User -ErrorAction -ErrorVariable -Filter -Identity -OutBuffer -OutVariable -PublicFolder -RecipientTypeDetails -ResultSize -Verbose -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-UnifiedAuditSetting -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-Mailbox -Filter -Identity -OutBuffer -OutVariable -PublicFolder -RecipientTypeDetails -ResultSize -Verbose -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Enable-MailPublicFolder -Confirm -ErrorAction -ErrorVariable -HiddenFromAddressListsEnabled -Identity -OutBuffer -OutVariable -OverrideRecipientQuotas -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Disable-MailPublicFolder -Confirm -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable -WhatIf"
+            ],
+            "excludedResourceActions": [],
+            "condition": null
+        }
+    ]
+}
diff --git a/RoleDefinitions/099f8485-1ebc-4b44-a41d-b986e543495c.json b/RoleDefinitions/099f8485-1ebc-4b44-a41d-b986e543495c.json
@@ -0,0 +1,35 @@
+{
+    "id": "099f8485-1ebc-4b44-a41d-b986e543495c",
+    "description": "This role enables administrators to manage address lists, global address lists, and offline address lists in an organization.",
+    "displayName": "Address Lists",
+    "isEnabled": true,
+    "version": "0.12 (14.0.451.0)",
+    "isBuiltIn": true,
+    "templateId": null,
+    "allowedPrincipalTypes": "user,group",
+    "rolePermissions": [
+        {
+            "allowedResourceActions": [
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-GenericSubstrateRecipient -Confirm",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-OfflineAddressBook -AddressLists -ApplyMandatoryProperties -ConfiguredAttributes -Confirm -DiffRetentionPeriod -ErrorAction -ErrorVariable -FullOabDownloadPreventionThreshold -Identity -IsDefault -Name -OutBuffer -OutVariable -Schedule -UpgradeFromE14 -UseDefaultAttributes -Versions -WarningAction -WarningVariable -WhatIf -ZipOabFilesBeforeUploading",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-GlobalAddressList -ConditionalCompany -ConditionalCustomAttribute1 -ConditionalCustomAttribute10 -ConditionalCustomAttribute11 -ConditionalCustomAttribute12 -ConditionalCustomAttribute13 -ConditionalCustomAttribute14 -ConditionalCustomAttribute15 -ConditionalCustomAttribute2 -ConditionalCustomAttribute3 -ConditionalCustomAttribute4 -ConditionalCustomAttribute5 -ConditionalCustomAttribute6 -ConditionalCustomAttribute7 -ConditionalCustomAttribute8 -ConditionalCustomAttribute9 -ConditionalDepartment -ConditionalStateOrProvince -Confirm -ErrorAction -ErrorVariable -Identity -IncludedRecipients -Name -OutBuffer -OutVariable -RecipientFilter -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-AddressList -ConditionalCompany -ConditionalCustomAttribute1 -ConditionalCustomAttribute10 -ConditionalCustomAttribute11 -ConditionalCustomAttribute12 -ConditionalCustomAttribute13 -ConditionalCustomAttribute14 -ConditionalCustomAttribute15 -ConditionalCustomAttribute2 -ConditionalCustomAttribute3 -ConditionalCustomAttribute4 -ConditionalCustomAttribute5 -ConditionalCustomAttribute6 -ConditionalCustomAttribute7 -ConditionalCustomAttribute8 -ConditionalCustomAttribute9 -ConditionalDepartment -ConditionalStateOrProvince -Confirm -DisplayName -ErrorAction -ErrorVariable -Identity -IncludedRecipients -Name -OutBuffer -OutVariable -RecipientFilter -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-AddressBookPolicy -AddressLists -Confirm -ErrorAction -ErrorVariable -GlobalAddressList -Identity -Name -OfflineAddressBook -OutBuffer -OutVariable -RoomList -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-OfflineAddressBook -Confirm -ErrorAction -ErrorVariable -Force -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-GlobalAddressList -Confirm -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-AddressList -Confirm -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Recursive -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Remove-AddressBookPolicy -Confirm -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-OfflineAddressBook -AddressLists -Confirm -DiffRetentionPeriod -ErrorAction -ErrorVariable -IsDefault -Name -OutBuffer -OutVariable -Versions -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-GlobalAddressList -ConditionalCompany -ConditionalCustomAttribute1 -ConditionalCustomAttribute10 -ConditionalCustomAttribute11 -ConditionalCustomAttribute12 -ConditionalCustomAttribute13 -ConditionalCustomAttribute14 -ConditionalCustomAttribute15 -ConditionalCustomAttribute2 -ConditionalCustomAttribute3 -ConditionalCustomAttribute4 -ConditionalCustomAttribute5 -ConditionalCustomAttribute6 -ConditionalCustomAttribute7 -ConditionalCustomAttribute8 -ConditionalCustomAttribute9 -ConditionalDepartment -ConditionalStateOrProvince -Confirm -ErrorAction -ErrorVariable -IncludedRecipients -Name -OutBuffer -OutVariable -RecipientFilter -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-AddressList -ConditionalCompany -ConditionalCustomAttribute1 -ConditionalCustomAttribute10 -ConditionalCustomAttribute11 -ConditionalCustomAttribute12 -ConditionalCustomAttribute13 -ConditionalCustomAttribute14 -ConditionalCustomAttribute15 -ConditionalCustomAttribute2 -ConditionalCustomAttribute3 -ConditionalCustomAttribute4 -ConditionalCustomAttribute5 -ConditionalCustomAttribute6 -ConditionalCustomAttribute7 -ConditionalCustomAttribute8 -ConditionalCustomAttribute9 -ConditionalDepartment -ConditionalStateOrProvince -Confirm -Container -DisplayName -ErrorAction -ErrorVariable -IncludedRecipients -Name -OutBuffer -OutVariable -RecipientFilter -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) New-AddressBookPolicy -AddressLists -Confirm -ErrorAction -ErrorVariable -GlobalAddressList -Name -OfflineAddressBook -OutBuffer -OutVariable -RoomList -WarningAction -WarningVariable -WhatIf",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-OfflineAddressBook -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-GlobalAddressList -DefaultOnly -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-AddressList -Container -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -SearchText -WarningAction -WarningVariable",
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Get-AddressBookPolicy -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable"
+            ],
+            "excludedResourceActions": [],
+            "condition": null
+        }
+    ]
+}
diff --git a/RoleDefinitions/0ae2be24-2fc6-42df-9ac0-afba971bcb01.json b/RoleDefinitions/0ae2be24-2fc6-42df-9ac0-afba971bcb01.json
@@ -0,0 +1,19 @@
+{
+    "id": "0ae2be24-2fc6-42df-9ac0-afba971bcb01",
+    "description": "Lets people create, edit, delete, and view usage of sensitivity labels and their policies.",
+    "displayName": "SensitivityLabelAdministrator",
+    "isEnabled": true,
+    "version": "0.12 (14.0.451.0)",
+    "isBuiltIn": true,
+    "templateId": null,
+    "allowedPrincipalTypes": "user,group",
+    "rolePermissions": [
+        {
+            "allowedResourceActions": [
+                "(Microsoft.Exchange.Management.PowerShell.E2010) Set-LabelProperties -ApplyToUsers -GrantAccessToAllCompanyDomainUsers -GrantAccessToAllUsers -GrantAccessToNoUsers -Identity -Verbose"
+            ],
+            "excludedResourceActions": [],
+            "condition": null
+        }
+    ]
+}
diff --git a/RoleDefinitions/0bd113fe-6be5-400c-a28f-ae5553f9c0be.json b/RoleDefinitions/0bd113fe-6be5-400c-a28f-ae5553f9c0be.json
@@ -0,0 +1,93 @@
+{
+    "id": "0bd113fe-6be5-400c-a28f-ae5553f9c0be",
+    "displayName": "Policy and Profile manager",
+    "description": "Policy and Profile Managers manage compliance policy, configuration profiles, Apple enrollment, Android Enterprise enrollment profiles and corporate device identifiers.",
+    "resourceScopes": [
+        "/"
+    ],
+    "isBuiltIn": true,
+    "isEnabled": true,
+    "templateId": "0bd113fe-6be5-400c-a28f-ae5553f9c0be",
+    "version": null,
+    "rolePermissions": [
+        {
+            "allowedResourceActions": [
+                "Microsoft.Intune/Organization/Read",
+                "Microsoft.Intune/DeviceConfigurations/Create",
+                "Microsoft.Intune/DeviceConfigurations/Read",
+                "Microsoft.Intune/DeviceConfigurations/Update",
+                "Microsoft.Intune/DeviceConfigurations/Delete",
+                "Microsoft.Intune/DeviceConfigurations/Assign",
+                "Microsoft.Intune/DeviceConfigurations/ViewReports",
+                "Microsoft.Intune/DeviceCompliancePolices/Create",
+                "Microsoft.Intune/DeviceCompliancePolices/Read",
+                "Microsoft.Intune/DeviceCompliancePolices/ViewReports",
+                "Microsoft.Intune/DeviceCompliancePolices/Update",
+                "Microsoft.Intune/DeviceCompliancePolices/Delete",
+                "Microsoft.Intune/DeviceCompliancePolices/Assign",
+                "Microsoft.Intune/EnrollmentProgramToken/Create",
+                "Microsoft.Intune/EnrollmentProgramToken/Read",
+                "Microsoft.Intune/EnrollmentProgramToken/Update",
+                "Microsoft.Intune/EnrollmentProgramToken/Delete",
+                "Microsoft.Intune/AppleEnrollmentProfiles/Create",
+                "Microsoft.Intune/AppleEnrollmentProfiles/Read",
+                "Microsoft.Intune/AppleEnrollmentProfiles/Update",
+                "Microsoft.Intune/AppleEnrollmentProfiles/Delete",
+                "Microsoft.Intune/AppleEnrollmentProfiles/Assign",
+                "Microsoft.Intune/EnrollmentProfiles/EnrollmentTimeMembershipAssign",
+                "Microsoft.Intune/AppleDeviceSerialNumbers/Create",
+                "Microsoft.Intune/AppleDeviceSerialNumbers/Read",
+                "Microsoft.Intune/AppleDeviceSerialNumbers/Update",
+                "Microsoft.Intune/AppleDeviceSerialNumbers/Delete",
+                "Microsoft.Intune/CorporateDeviceIdentifiers/Create",
+                "Microsoft.Intune/CorporateDeviceIdentifiers/Read",
+                "Microsoft.Intune/CorporateDeviceIdentifiers/Update",
+                "Microsoft.Intune/CorporateDeviceIdentifiers/Delete",
+                "Microsoft.Intune/ManagedApps/Create",
+                "Microsoft.Intune/ManagedApps/Read",
+                "Microsoft.Intune/ManagedApps/Update",
+                "Microsoft.Intune/ManagedApps/Delete",
+                "Microsoft.Intune/ManagedApps/Assign",
+                "Microsoft.Intune/AndroidSync/Read",
+                "Microsoft.Intune/AndroidSync/UpdateEnrollmentProfiles",
+                "Microsoft.Intune/AndroidSync/UpdateOnboarding",
+                "Microsoft.Intune/AndroidSync/UpdateApps",
+                "Microsoft.Intune/Audit/Read",
+                "Microsoft.Intune/PolicySets/Assign",
+                "Microsoft.Intune/PolicySets/Create",
+                "Microsoft.Intune/PolicySets/Delete",
+                "Microsoft.Intune/PolicySets/Read",
+                "Microsoft.Intune/PolicySets/Update",
+                "Microsoft.Intune/AssignmentFilter/Create",
+                "Microsoft.Intune/AssignmentFilter/Delete",
+                "Microsoft.Intune/AssignmentFilter/Read",
+                "Microsoft.Intune/AssignmentFilter/Update",
+                "Microsoft.Intune/MicrosoftDefenderATP/Read",
+                "Microsoft.Intune/PartnerDeviceManagement/Read",
+                "Microsoft.Intune/MobileThreatDefense/Read",
+                "Microsoft.Intune/CertificateConnector/Read",
+                "Microsoft.Intune/DerivedCredentials/Read",
+                "Microsoft.Intune/AndroidFota/Read",
+                "Microsoft.Intune/QuietTimePolicies/Create",
+                "Microsoft.Intune/QuietTimePolicies/Read",
+                "Microsoft.Intune/QuietTimePolicies/Update",
+                "Microsoft.Intune/QuietTimePolicies/Delete",
+                "Microsoft.Intune/QuietTimePolicies/Assign",
+                "Microsoft.Intune/QuietTimePolicies/ViewReports",
+                "Microsoft.Intune/CloudAttach/ResourceExplorer",
+                "Microsoft.Intune/CloudAttach/ClientDetails",
+                "Microsoft.Intune/CloudAttach/Timeline",
+                "Microsoft.Intune/CloudAttach/Collections",
+                "Microsoft.Intune/CloudAttach/Applications",
+                "Microsoft.Intune/CloudAttach/Scripts",
+                "Microsoft.Intune/CloudAttach/SoftwareUpdates",
+                "Microsoft.Intune/WindowsOSRecovery/Create",
+                "Microsoft.Intune/WindowsOSRecovery/Read",
+                "Microsoft.Intune/WindowsOSRecovery/Update",
+                "Microsoft.Intune/WindowsOSRecovery/Delete",
+                "Microsoft.Intune/WindowsOSRecovery/Assign"
+            ],
+            "condition": null
+        }
+    ]
+}
diff --git a/RoleDefinitions/0bf8df8b-43fa-4c50-8a6b-73240e9f12a7.json b/RoleDefinitions/0bf8df8b-43fa-4c50-8a6b-73240e9f12a7.json
@@ -0,0 +1,19 @@
+{
+    "id": "0bf8df8b-43fa-4c50-8a6b-73240e9f12a7",
+    "description": "Allows the app to read user's mailbox settings in all mailboxes without a signed-in user",
+    "displayName": "Application MailboxSettings.Read",
+    "isEnabled": true,
+    "version": "0.12 (14.0.451.0)",
+    "isBuiltIn": true,
+    "templateId": null,
+    "allowedPrincipalTypes": "servicePrincipal",
+    "rolePermissions": [
+        {
+            "allowedResourceActions": [
+                "MailboxSettings.Read"
+            ],
+            "excludedResourceActions": [],
+            "condition": null
+        }
+    ]
+}