Updates from: 01/21/2021 04:07:39
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 https://docs.microsoft.com/en-us/graph/api/accesspackageassignment-list https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignment-list.md
@@ -13,7 +13,8 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-root.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects. The resulting list includes all the assignments, current and well as expired, that the caller has access to read, across all catalogs and access packages.
+In [Azure AD entitlement management](../resources/entitlementmanagement-root.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects. For directory-wide administrators, the resulting list includes all the assignments, current and well as expired, that the caller has access to read, across all catalogs and access packages. If the caller is on behalf of a delegated user who is assigned only to catalog-specific delegated administrative roles, the request must supply a filter to indicate a specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`.
+ ## Permissions
@@ -35,7 +36,7 @@ GET /identityGovernance/entitlementManagement/accessPackageAssignments
## Optional query parameters
-This method supports some of the OData query parameters to help customize the response. For example, to also return the target subject and access package, include `$expand=target,accessPackage`. To retrieve only delivered assignments, you can include a query `$filter=assignmentState eq 'Delivered'`. To retrieve only assignments for a particular user, you can include a query with assignments targeting the object ID of that user: `$expand=target&$filter=target/objectid+eq+'7deff43e-1f17-44ef-9e5f-d516b0ba11d4'`. To retrieve only assignments for a particular user and a particular access package, you can include a query with assignments targeting that access package and the object ID of that user: `$expand=accessPackage,target&$filter=accessPackage/id eq '9bbe5f7d-f1e7-4eb1-a586-38cdf6f8b1ea' and target/objectid eq '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'`. To retrieve only assignments resulting from a particular access package assignment policy, you can include a query for that policy: `$filter=accessPackageAssignmentPolicy/id eq 'd92ebb54-9b46-492d-ab7f-01f76767da7f'`.
+If the caller is on behalf of a delegated user who is assigned only to catalog-specific delegated administrative roles, the request must supply a filter to indicate a specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`. This method also supports some of the OData query parameters to help customize the response. For example, to also return the target subject and access package, include `$expand=target,accessPackage`. To retrieve only delivered assignments, you can include a query `$filter=assignmentState eq 'Delivered'`. To retrieve only assignments for a particular user, you can include a query with assignments targeting the object ID of that user: `$expand=target&$filter=target/objectid+eq+'7deff43e-1f17-44ef-9e5f-d516b0ba11d4'`. To retrieve only assignments for a particular user and a particular access package, you can include a query with assignments targeting that access package and the object ID of that user: `$expand=accessPackage,target&$filter=accessPackage/id eq '9bbe5f7d-f1e7-4eb1-a586-38cdf6f8b1ea' and target/objectid eq '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'`. To retrieve only assignments resulting from a particular access package assignment policy, you can include a query for that policy: `$filter=accessPackageAssignmentPolicy/id eq 'd92ebb54-9b46-492d-ab7f-01f76767da7f'`.
For general information, see [OData query parameters](/graph/query-parameters).
v1.0 https://docs.microsoft.com/en-us/graph/api/accesspackagecatalog-list-accesspackageresources https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackagecatalog-list-accesspackageresources.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of [accessPackageResource](../resources/accesspackageresource.md) objects in an [accessPackageCatalog](../resources/accesspackagecatalog.md).
+Retrieve a list of [accessPackageResource](../resources/accesspackageresource.md) objects in an [accessPackageCatalog](../resources/accesspackagecatalog.md). To request to add or remove an [accessPackageResource](../resources/accesspackageresource.md), use [create accessPackageResourceRequest](accesspackageresourcerequest-post.md).
## Permissions
v1.0 https://docs.microsoft.com/en-us/graph/api/accesspackageresourcerequest-post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageresourcerequest-post.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create a new [accessPackageResourceRequest](../resources/accesspackageresourcerequest.md) object to request the addition of a resource to an access package catalog.
+Create a new [accessPackageResourceRequest](../resources/accesspackageresourcerequest.md) object to request the addition of a resource to an access package catalog, or the removal of a resource from a catalog.
## Permissions
@@ -44,7 +44,9 @@ POST /identityGovernance/entitlementManagement/accessPackageResourceRequests
In the request body, supply a JSON representation of an [accessPackageResourceRequest](../resources/accesspackageresourcerequest.md) object. Include the `accessPackageResource` relationship with an [accessPackageResource](../resources/accesspackageresource.md) object as part of the request.
-To add an Azure AD group as a resource to a catalog, the value of the **originSystem** property within the `accessPackageResource` should be **AadGroup** and the value of the **originId** is the identifier of the group.
+To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group.
+
+To remove an Azure AD app from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).
## Response
v1.0 https://docs.microsoft.com/en-us/graph/api/user-list https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list.md
@@ -441,7 +441,54 @@ Content-type: application/json
} ```
-### Example 8: Use $search to get users with display names that contain the letters 'wa' including a count of returned objects
+### Example 8: Use $filter to get all users with a mail that ends with 'a@contoso.com', including a count of returned objects, with the results ordered by userPrincipalName
+
+#### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_a_count_endsWith"
+} -->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/users?$filter=endswith(mail,'a@contoso.com')&$orderby=userPrincipalName&$count=true
+ConsistencyLevel: eventual
+```
+
+#### Response
+
+The following is an example of the response.
+
+>**Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
+ "@odata.count": 1,
+ "value": [
+ {
+ "displayName": "Grady Archie",
+ "givenName": "Grady",
+ "jobTitle": "Designer",
+ "mail": "GradyA@contoso.com",
+ "userPrincipalName": "GradyA@contoso.com",
+ "id": "e8b753b5-4117-464e-9a08-713e1ff266b3"
+ }
+ ]
+}
+```
+
+### Example 9: Use $search to get users with display names that contain the letters 'wa' including a count of returned objects
#### Request
@@ -487,7 +534,7 @@ Content-type: application/json
```
-### Example 9: Use $search to get users with display names that contain the letters 'wa' or the letters 'to' including a count of returned objects
+### Example 10: Use $search to get users with display names that contain the letters 'wa' or the letters 'to' including a count of returned objects
#### Request
@@ -498,7 +545,7 @@ The following is an example of the request.
"name": "get_to_count" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/users?$search="displayName:wa" OR "displayName:to"&$orderbydisplayName&$count=true
+GET https://graph.microsoft.com/beta/users?$search="displayName:wa" OR "displayName:to"&$orderby=displayName&$count=true
ConsistencyLevel: eventual ```
v1.0 https://docs.microsoft.com/en-us/graph/resources/accesspackageresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresource.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-root.md), an access package resource is a reference to a resource associated with an access package catalog, the roles for which can be used in one or more access packages. To request to associate a resource with an access package catalog, create an [accessPackageResourceRequest](accesspackageresourcerequest.md).
+In [Azure AD entitlement management](entitlementmanagement-root.md), an access package resource is a reference to a resource associated with an access package catalog, the roles for which can be used in one or more access packages. To request to associate a resource with an access package catalog, or remove a resource from a catalog, create an [accessPackageResourceRequest](accesspackageresourcerequest.md).
## Methods
v1.0 https://docs.microsoft.com/en-us/graph/resources/accesspackageresourcerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourcerequest.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-root.md), an access package resource request is a request to a add a resource to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages.
+In [Azure AD entitlement management](entitlementmanagement-root.md), an access package resource request is a request to a add a resource to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages, or to remove a resource from a catalog that is no longer needed by the access packages.
## Methods
@@ -30,10 +30,10 @@ In [Azure AD entitlement management](entitlementmanagement-root.md), an access p
|expirationDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: `'2014-01-01T00:00:00Z'`| |id|String| Read-only.| |isValidationOnly|Boolean|If set, does not add the resource.|
-|justification|String|The requestor's justification for adding the resource.|
-|requestState|String| The outcome of whether the service was able to add the resource to the catalog. The value is `Delivered` if the resource was added. Read-Only.|
+|justification|String|The requestor's justification for adding or removing the resource.|
+|requestState|String| The outcome of whether the service was able to add the resource to the catalog. The value is `Delivered` if the resource was added or removed. Read-Only.|
|requestStatus|String|Read-only.|
-|requestType|String|Use `AdminAdd` to add a resource, if the caller is an administrator or resource owner. |
+|requestType|String|Use `AdminAdd` to add a resource, if the caller is an administrator or resource owner, or `AdminRemove` to remove a resource. |
## Relationships
v1.0 https://docs.microsoft.com/en-us/graph/resources/unifiedrolepermission https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolepermission.md
@@ -60,7 +60,7 @@ The following is an example of a role permission with a condition.
"microsoft.directory/applications/basic/update", "microsoft.directory/applications/credentials/update" ],
- "condition": "@Subject.objectId Any_of @Resource.owners"
+ "condition": "$ResourceIsSelf"
} ]
@@ -98,4 +98,4 @@ The following is a JSON representation of the resource.
"keywords": "", "section": "documentation", "tocPath": ""
-}-->
\ No newline at end of file
+}-->
v1.0 https://docs.microsoft.com/en-us/graph/resources/user https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
@@ -188,7 +188,7 @@ This resource supports:
| lastPasswordChangeDateTime | DateTimeOffset | The time when this Azure AD user last changed their password. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: `'2014-01-01T00:00:00Z'` <br><br>Returned only on `$select`. | | legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. | | licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. <br><br>Returned only on `$select`. Read-only. |
-| mail | String | The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". <br><br>Returned by default. Supports `$filter`. |
+| mail | String | The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". <br><br>Returned by default. Supports `$filter` and `endsWith`. |
| mailboxSettings | [mailboxSettings](mailboxsettings.md) | Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale, and time zone. <br><br>Returned only on `$select`. | | mailNickname | String | The mail alias for the user. This property must be specified when a user is created. <br><br>Returned only on `$select`. Supports `$filter`. | | mobilePhone | String | The primary cellular telephone number for the user. <br><br>Returned by default. Read-only for users synced from on-premises directory. |
@@ -225,7 +225,7 @@ This resource supports:
| streetAddress | String | The street address of the user's place of business. <br><br>Returned only on `$select`.| | surname | String | The user's surname (family name or last name). <br><br>Returned by default. Supports `$filter`. | | usageLocation | String | A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: "US", "JP", and "GB". Not nullable. <br><br>Returned only on `$select`. Supports `$filter`.|
-| userPrincipalName | String | The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the **verifiedDomains** property of [organization](organization.md). <br><br>Returned by default. Supports `$filter` and `$orderby`.
+| userPrincipalName | String | The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the **verifiedDomains** property of [organization](organization.md). <br><br>Returned by default. Supports `$filter`, `$orderby`, and `endsWith`.
| userType | String | A string value that can be used to classify user types in your directory, such as "Member" and "Guest". <br><br>Returned only on `$select`. Supports `$filter`. | ### Legal age group property definitions
v1.0 https://docs.microsoft.com/en-us/graph/api/signin-list https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/signin-list.md
@@ -64,7 +64,6 @@ This method supports the following OData query parameters to help customize the
|deviceDetail/browser| eq, startswith| |deviceDetail/operatingSystem| eq, startswith| |correlationId| eq|
-|isRisky| eq|
## Response
v1.0 https://docs.microsoft.com/en-us/graph/api/user-list https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list.md
@@ -256,7 +256,54 @@ Content-type: application/json
} ```
-### Example 5: Use $search to get users with display names that contain the letters 'wa' including a count of returned objects
+### Example 5: Use $filter to get all users with a mail that ends with 'a@contoso.com', including a count of returned objects, with the results ordered by userPrincipalName
+
+#### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_a_count_endsWith"
+} -->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/users?$filter=endswith(mail,'a@contoso.com')&$orderby=userPrincipalName&$count=true
+ConsistencyLevel: eventual
+```
+
+#### Response
+
+The following is an example of the response.
+
+>**Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
+ "@odata.count": 1,
+ "value": [
+ {
+ "displayName": "Grady Archie",
+ "givenName": "Grady",
+ "jobTitle": "Designer",
+ "mail": "GradyA@contoso.com",
+ "userPrincipalName": "GradyA@contoso.com",
+ "id": "e8b753b5-4117-464e-9a08-713e1ff266b3"
+ }
+ ]
+}
+```
+
+### Example 6: Use $search to get users with display names that contain the letters 'wa' including a count of returned objects
#### Request
@@ -302,7 +349,7 @@ Content-type: application/json
} ```
-### Example 6: Use $search to get users with display names that contain the letters 'wa' or the letters 'to' including a count of returned objects
+### Example 7: Use $search to get users with display names that contain the letters 'wa' or the letters 'to' including a count of returned objects
#### Request
v1.0 https://docs.microsoft.com/en-us/graph/resources/application https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/application.md
@@ -76,7 +76,7 @@ This resource supports using [delta query](/graph/delta-query-overview) to track
| parentalControlSettings | [parentalControlSettings](parentalcontrolsettings.md) |Specifies parental control settings for an application. | | passwordCredentials | [passwordCredential](passwordcredential.md) collection|The collection of password credentials associated with the application. Not nullable.| | publicClient | [publicClientApplication](publicclientapplication.md) | Specifies settings for installed clients such as desktop or mobile devices. |
-| publisherDomain | String | The verified publisher domain for the application. Read-only.|
+| publisherDomain | String | The verified publisher domain for the application. Read-only. For more information, see [How to: Configure an application's publisher domain](/azure/active-directory/develop/howto-configure-publisher-domain).|
| requiredResourceAccess |[requiredResourceAccess](requiredresourceaccess.md) collection|Specifies the resources that the application needs to access. This property also specifies the set of OAuth permission scopes and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. Not nullable.| | signInAudience | String | Specifies the Microsoft accounts that are supported for the current application. Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (single tenant)</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (multi-tenant).</li><li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant.</li><li>`PersonalMicrosoftAccount`: Users with a personal Microsoft account only.</li></ul>For authenticating users with Azure AD B2C user flows, use `AzureADandPersonalMicrosoftAccount`. This value allows for the widest set of user identities including local accounts and user identities from Microsoft, Facebook, Google, Twitter, or any OpenID Connect provider. | | tags |String collection| Custom strings that can be used to categorize and identify the application. Not nullable.|
v1.0 https://docs.microsoft.com/en-us/graph/resources/user https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/user.md
@@ -162,7 +162,7 @@ This resource supports:
|lastPasswordChangeDateTime| DateTimeOffset | The time when this Azure AD user last changed their password. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'| |legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information.| |licenseAssignmentStates|[licenseAssignmentState](licenseassignmentstate.md) collection|State of license assignments for this user. Read-only.|
-|mail|String|The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". <br><br>Returned by default. Supports `$filter`.|
+|mail|String|The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". <br><br>Returned by default. Supports `$filter` and `endsWith`.|
|mailboxSettings|[mailboxSettings](mailboxsettings.md)|Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale and time zone.| |mailNickname|String|The mail alias for the user. This property must be specified when a user is created. Supports `$filter`.| |mobilePhone|String|The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Returned by default. |
@@ -197,7 +197,7 @@ This resource supports:
|streetAddress|String|The street address of the user's place of business.| |surname|String|The user's surname (family name or last name). Returned by default. Supports `$filter`.| |usageLocation|String|A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: "US", "JP", and "GB". Not nullable. Supports `$filter`.|
-|userPrincipalName|String|The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the **verifiedDomains** property of [organization](organization.md). <br><br>Returned by default. Supports `$filter` and `$orderby`.
+|userPrincipalName|String|The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the **verifiedDomains** property of [organization](organization.md). <br><br>Returned by default. Supports `$filter`, `$orderby`, and `endsWith`.
|userType|String|A string value that can be used to classify user types in your directory, such as "Member" and "Guest". Supports `$filter`. | ### Legal age group property definitions
v1.0 https://docs.microsoft.com/en-us/graph/resources/users https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/users.md
@@ -31,7 +31,7 @@ One of the following [permissions](/graph/permissions-reference) is required to
## Common properties
-The following represent the default set of properties that are returned when getting a user or listing users. These are a subset of all available properties. To get more user properties, use the `$select` query parameter.
+The following represent the default set of properties that are returned when getting a user or listing users. These are a subset of all available properties. To get more user properties, use the `$select` query parameter. Learn [how to use the $select query parameter](/graph/query-parameters#select-parameter) and see [properties that support the $select query parameter](../resources/user.md#properties).
|Property |Description | |:----------|:-------------|