It seems that the New-M365DSCDeltaReport command compares Delegated app permissions with Application permissions when both Delegated- and Application permissions exist for a specific permission.
For example, take an app that has a delegated Device.Read.All permissions AND an application Device.Read.All permission:
AdminConsentGranted is true for the Delegated permission but false for the Application permission.
In both snapshots, the settings are exactly the same.
When the Delta report is run, it reports that AdminConsentGranted has changed from True to False, when in fact it did not change. I suspect that the comparison compares the Delegated and Application permissions and finds the delta. The report should take into account the permission type in the comparison.
The delta report should also state if the change is related to Delegated- or Application permissions.
It seems that the New-M365DSCDeltaReport command compares Delegated app permissions with Application permissions when both Delegated- and Application permissions exist for a specific permission.
For example, take an app that has a delegated Device.Read.All permissions AND an application Device.Read.All permission:
AdminConsentGranted is true for the Delegated permission but false for the Application permission.
In both snapshots, the settings are exactly the same.
When the Delta report is run, it reports that AdminConsentGranted has changed from True to False, when in fact it did not change. I suspect that the comparison compares the Delegated and Application permissions and finds the delta. The report should take into account the permission type in the comparison.
The delta report should also state if the change is related to Delegated- or Application permissions.