Updates from: 02/10/2022 06:31:26
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackage List Accesspackagesincompatiblewith https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-accesspackagesincompatiblewith.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/accessPackagesIncompatibleWith
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
``` ## Optional query parameters
v1.0 Accesspackage List Incompatibleaccesspackages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatibleaccesspackages.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleAccessPackages
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
``` ## Optional query parameters
v1.0 Accesspackage List Incompatiblegroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatiblegroups.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleGroups
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
``` ## Optional query parameters
v1.0 Accesspackageassignmentrequest Reprocess https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-reprocess.md
One of the following permissions is required to call this API. To learn more, in
} --> ```http
-POST /identityGovernance/entitlementManagement/accessPackageAssignmentsRequests/{id}/reprocess
+POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/reprocess
``` ## Request headers
The following is an example of the request.
<!-- { "blockType": "ignored",
- "name": "reprocess_accesspackageassignmentsrequest"
+ "name": "reprocess_accesspackageassignmentrequest"
}--> ```http POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/d82eb508-acc4-43cc-bcf1-7c1c4a2c073b/reprocess
v1.0 Allowedvalue Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/allowedvalue-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Appcatalogs List Teamsapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appcatalogs-list-teamsapps.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | AppCatalog.Read.All, AppCatalog.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Application Post Calls https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/application-post-calls.md
One of the following permissions is required to call this API. To learn more, in
> **Notes:** For a call with app-hosted media, you need the Calls.AccessMedia.All or the Calls.AccessMedia.Chat* permission in addition to one of the permissions listed. >
-> Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Attributeset Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/attributeset-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Channel Delete Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-delete-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Delete.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Delete.Group*, Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get Filesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get-filesfolder.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | File.Read.Group*, Files.Read.All, Files.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Channel Get Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use the `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Channel List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-patch-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-patch.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.ReadWrite.Group*, ChannelSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-post-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | | Application | TeamsTab.Create.Group*, TeamsTab.Create, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-post.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Chat List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChatMessage.Read.Chat*, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chat List Operations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-operations.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- {
v1.0 Chatmessage Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-delta.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not Supported | |Application | ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-list-hostedcontents.md
Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedco
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-list-replies.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Post Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-post-replies.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessage Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-post.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessagehostedcontent-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter which supports the values `A` and `B`, based on the preferred licensing and payment requirements. If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used. Following are the examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Crosstenantaccesspolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-get.md
+
+ Title: "Get crossTenantAccessPolicy"
+description: "Read the properties and relationships of a crossTenantAccessPolicy object."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicy
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy
+```
+
+### Response
+
+>**Note:** If you have never modified your cross-tenant access settings, this response will return `{}`.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicy",
+ "displayName": "CrossTenantAccessPolicy",
+ "lastModifiedDateTime": "08-23-2021Z00:00:00",
+ "definition": "Cross tenant access policy..."
+ }
+}
+```
v1.0 Crosstenantaccesspolicy List Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-list-partners.md
+
+ Title: "List partners"
+description: "Get a list of all partner configurations within a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# List partners
+
+Namespace: microsoft.graph
++
+Get a list of all partner configurations within a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/partners
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.crossTenantAccessPolicyConfigurationPartner)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "tenantId": "123f4846-ba00-4fd7-ba43-dac1f8f63013",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound": null,
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+ }
+ ]
+}
+```
v1.0 Crosstenantaccesspolicy Post Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-post-partners.md
+
+ Title: "Create crossTenantAccessPolicyConfigurationPartner"
+description: "Create a new partner configuration in a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Create crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Create a new partner configuration in a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /policies/crossTenantAccessPolicy/partners
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object.
+
+The following table shows the properties that are required when you create the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md).
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. |
+| tenantId | String | The tenant identifier for the partner Azure Active Directory (Azure AD) organization. |
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_crosstenantaccesspolicyconfigurationpartner_from_"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners
+Content-Type: application/json
+
+{
+ "tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "6f546279-4da5-4b53-a095-09ea0cef9971",
+ "targetType": "group"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "6f546279-4da5-4b53-a095-09ea0cef9971",
+ "targetType": "group"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-update.md
+
+ Title: "Update crossTenantAccessPolicy"
+description: "Update the properties of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicy
+
+Namespace: microsoft.graph
++
+Update the properties of a [cross-tenant access policy](../resources/crosstenantaccesspolicy.md).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|The display name of the cross-tenant access policy.|
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+The [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object size is currently limited to 25KB. This method will return a `400 Bad Request` error code if the size of the policy will exceed 25KB.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicy"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy
+Content-Type: application/json
+
+{
+ "displayName": "CrossTenantAccessPolicy",
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-get.md
+
+ Title: "Get crossTenantAccessPolicyConfigurationDefault"
+description: "Read the default configuration of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicyConfigurationDefault
+
+Namespace: microsoft.graph
++
+Read the [default configuration](../resources/crosstenantaccesspolicyconfigurationdefault.md) of a cross-tenant access policy. This default configuration may be the service default assigned by Azure AD (**isServiceDefault** is `true`) or may be customized in your tenant (**isServiceDefault** is `false`).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/default
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicyconfigurationdefault"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default
+```
+
+### Response
+
+The following response object shows a default cross-tenant policy inherited from Azure AD, as identified by **isServiceDefault** set to `true`.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationDefault"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "isServiceDefault": true,
+ "inboundTrust":
+ {
+ "isMfaAccepted": false,
+ "isCompliantDeviceAccepted": false,
+ "isHybridAzureADJoinedDeviceAccepted": false,
+ },
+ "b2bCollaborationOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bCollaborationInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Resettosystemdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md
+
+ Title: "crossTenantAccessPolicyConfigurationDefault: resetToSystemDefault"
+description: "Reset any changes made to the default configuration in a cross-tenant access policy back to the system default."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationDefault: resetToSystemDefault
+
+Namespace: microsoft.graph
++
+Reset any changes made to the default configuration in a cross-tenant access policy back to the system default.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /policies/crossTenantAccessPolicy/default/resetToSystemDefault
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and an empty response. To confirm that the default configuration has been restored to the system defaults, run [Get crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-get.md) and confirm that **isSystemDefault** is set to `true`.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "crosstenantaccesspolicyconfigurationdefault_resettosystemdefault"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/betefault
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationDefault"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-update.md
+
+ Title: "Update crossTenantAccessPolicyConfigurationDefault"
+description: "Update the default configuration of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicyConfigurationDefault
+
+Namespace: microsoft.graph
++
+Update the [default configuration](../resources/crosstenantaccesspolicyconfigurationdefault.md) of a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy/default
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. |
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicyconfigurationdefault"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default
+Content-Type: application/json
+
+{
+ "b2bCollaborationOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "0be493dc-cb56-4a53-936f-9cf64410b8b0",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-delete.md
+
+ Title: "Delete crossTenantAccessPolicyConfigurationPartner"
+description: "Delete a partner-specific configuration in a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Delete crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Delete a [partner-specific configuration](../resources/crosstenantaccesspolicyconfigurationpartner.md) in a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+DELETE /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+DELETE https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-get.md
+
+ Title: "Get crossTenantAccessPolicyConfigurationPartner"
+description: "Read the properties and relationships of a partner-specific configuration."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [partner-specific](../resources/crosstenantaccesspolicyconfigurationpartner.md) configuration.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "tenantId": "9c5d131d-b1c3-4fc4-9e3f-c6557947d551",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound": null,
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-update.md
+
+ Title: "Update crossTenantAccessPolicyConfigurationPartner"
+description: "Update the properties of a partner-specific configuration."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Update the properties of a [partner-specific](../resources/crosstenantaccesspolicyconfigurationpartner.md) configuration.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure Active Directory (Azure AD) organizations. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/90e29127-71ad-49c7-9ce8-db3f41ea06f1
+Content-Type: application/json
+
+{
+ "inboundTrust":
+ {
+ "isMfaAccepted": true,
+ "isCompliantDeviceAccepted": true,
+ "isHybridAzureADJoinedDeviceAccepted" : true
+ }
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Customsecurityattributedefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition List Allowedvalues https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-list-allowedvalues.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-update.md
PATCH /directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefi
|:|:| |Authorization|Bearer {token}. Required.| |Content-Type|application/json. Required.|
+|OData-Version|4.01. Optional.|
+
+> [!NOTE]
+> To update the predefined values for a custom security attribute, you must add the **OData-Version** header and assign it the value `4.01`.
## Request body In the request body, supply *only* the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
Content-Type: application/json
HTTP/1.1 204 No Content ```
-### Example 2: Deactivate a custom security attribute
+### Example 2: Update the predefined values for a custom security attribute
+
+The following example updates the status of an existing predefined value and adds a new predefined value for a custom security attribute definition.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Update predefined value: `Baker`++ New predefined value: `Skagit`+
+> [!NOTE]
+> For this request, you must add the **OData-Version** header and assign it the value `4.01`.
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` msgraph-interactive
+PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project
+Content-Type: application/json
+OData-Version: 4.01
+
+{
+ "allowedValues@delta": [
+ {
+ "id": "Baker",
+ "isActive": false
+ },
+ {
+ "id": "Skagit",
+ "isActive": true
+ }
+ ]
+}
+```
+
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
+### Example 3: Deactivate a custom security attribute
The following example deactivates a custom security attribute definition.
v1.0 Directory List Attributesets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-attributesets.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory List Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-customsecurityattributedefinitions.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory Post Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-post-customsecurityattributedefinitions.md
Content-length: 310
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customSecurityAttributeDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "id": "Engineering_Project",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true
+}
+```
+
+### Example 3: Add a custom security attribute with a list of predefined values
+
+The following example adds a new custom security attribute definition with a list of predefined values as a collection of strings.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Predefined values: `Alpine`, `Baker`, `Cascade`+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
+Content-Type: application/json
+
+{
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true,
+ "allowedValues": [
+ {
+ "id": "Alpine",
+ "isActive": true
+ },
+ {
+ "id": "Baker",
+ "isActive": true
+ },
+ {
+ "id": "Cascade",
+ "isActive": true
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++ #### Response <!-- { "blockType": "response",
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Driveitem Copy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/driveitem-copy.md
description: "Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name." Last updated 09/10/2017 Title: driveItem: copy
+ Title: "driveItem: copy"
ms.localizationpriority: medium ms.prod: "sharepoint" doc_type: apiPageType
v1.0 Driveitem Createuploadsession https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/driveitem-createuploadsession.md
description: "Create an upload session to allow your app to upload files up to the maximum file size." Title: driveItem: createUploadSession
+ Title: "driveItem: createUploadSession"
ms.localizationpriority: medium ms.prod: "sites-and-lists" doc_type: apiPageType
v1.0 Dynamics Customer Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/dynamics-customer-get.md
Title: Get customers
-description: Gets a customer object in Dynamics 365 Business Central.
+ Title: "Get customers"
+description: "Gets a customer object in Dynamics 365 Business Central."
documentationcenter: ''
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the properties and relationships of a customer object for Dynamics 365 Business Central.
+Retrieve the properties and relationships of a [customer](../resources/dynamics-customer.md) object for Dynamics 365 Business Central.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Application|Financials.ReadWrite.All| ## HTTP request
-```
+```http
GET /financials/companies/{id}/customers/{id} ```
Do not supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and a **customers** object in the response body.
-**Request**
+## Examples
+
+### Request
-Here is an example of the request.
+The following is an example of a request.
```http GET https://graph.microsoft.com/beta/financials/companies/{id}/customers/{id} ```
-**Response**
+### Response
-Here is an example of the response.
+The following is an example of the response.
> **Note**: The response object shown here might be shortened for readability.
v1.0 Educationassignment Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignment-delta.md
Use the `$top` parameter to specify the number of assignments to be returned. Th
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/education/education/classes/72a7baec-c3e9-4213-a850-f62de0adad5f/assignments/delta?$top=2
+GET https://graph.microsoft.com/beta/education/classes/72a7baec-c3e9-4213-a850-f62de0adad5f/assignments/delta?$top=2
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-assignments-delta-csharp-snippets.md)]
v1.0 Educationassignment Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignment-update.md
Content-type: application/json
## See also * [States, transitions, and limitations for assignments and submissions](/graph/assignments-submissions-states-transition)
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC -->
v1.0 Educationassignmentdefaults Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignmentdefaults-update.md
Content-Type: application/json
"notificationChannelUrl": "https://graph.microsoft.com/beta/teams('id')/channels('id')" } ```
+## See also
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
v1.0 Entitlementmanagement Post Accesspackageresourcerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md
Content-type: application/json
} ```
+### Example 6: Create an accessPackageResourceRequest for adding an application
+
+#### Request
+
+The following is an example of the request for adding an application to a catalog, including specifying a required attribute of that application.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_accesspackageresourcerequest_from_accesspackageresourcerequests6"
+}-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageResourceRequests
+Content-type: application/json
+
+{
+ "catalogId": "26ac0c0a-08bc-4a7b-a313-839f58044ba5",
+ "requestType": "AdminAdd",
+ "justification": "",
+ "accessPackageResource": {
+ "displayName": "Faculty cafeteria ordering",
+ "description": "Example application",
+ "url": "https://myapps.microsoft.com/example.com/signin/Faculty%20cafeteria%20ordering/f1e3b407-942d-4934-9a3f-cef1975cb988/",
+ "resourceType": "Application",
+ "originId": "2f1099a6-d4fc-4cc9-a0ef-ddd3f1bf0b7e",
+ "originSystem": "AadApplication",
+ "attributes": [
+ {
+ "attributeName": "extension_2b676109c7c74ae2b41549205f1947ed_personalTitle",
+ "isEditable": true,
+ "isPersistedOnAssignmentRemoval": true,
+ "attributeSource": {
+ "@odata.type": "#microsoft.graph.accessPackageResourceAttributeQuestion",
+ "question": {
+ "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
+ "isRequired": false,
+ "sequence": 0,
+ "isSingleLineQuestion": true,
+ "text": {
+ "defaultText": "Title",
+ "localizedTexts": []
+ }
+ }
+ },
+ "attributeDestination": {
+ "@odata.type": "#microsoft.graph.accessPackageUserDirectoryAttributeStore"
+ }
+ }
+ ]
+ }
+}
+
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageResourceRequest"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "id": "f0e632ed-afd2-41d3-8d6e-ccefda457e5e",
+ "requestType": "AdminAdd",
+ "requestState": "Delivered",
+ "requestStatus": "Fulfilled"
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Identityprotectionroot List Riskyserviceprincipals https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityprotectionroot-list-riskyserviceprincipals.md
+
+ Title: "List riskyServicePrincipals"
+description: "Retrieve the properties and relationships of riskyServicePrincipal objects."
+
+ms.localizationpriority: medium
++
+# List riskyServicePrincipals
+Namespace: microsoft.graph
++
+Retrieve the properties and relationships of [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects.
+
+>**Note:** Using the riskyServicePrincipals API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals
+```
+
+## Optional query parameters
+This method supports the `$count`, `$filter`, `$select`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_riskyserviceprincipal"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.riskyServicePrincipal)"
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#riskyServicePrincipal",
+ "value": [
+ {
+ "id": "9089a539-a539-9089-39a5-899039a58990",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-08-14T13:06:51.0451374Z",
+ "riskLevel": "high",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "displayName": "Contoso App",
+ "appId": "b55552fe-a272-4b56-990b-95038d917878",
+ "servicePrincipalType": "Application"
+ }
+ ]
+}
+```
v1.0 Identityprotectionroot List Serviceprincipalriskdetections https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityprotectionroot-list-serviceprincipalriskdetections.md
+
+ Title: "List servicePrincipalRiskDetections"
+description: "Retrieve the properties of a collection of servicePrincipalRiskDetection objects."
+
+ms.localizationpriority: medium
++
+# List servicePrincipalRiskDetections
+Namespace: microsoft.graph
++
+Retrieve the properties of a collection of [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) objects.
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/servicePrincipalRiskDetections
+```
+
+## Optional query parameters
+This method supports the `$filter` and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) objects in the response body.
+
+## Examples
+
+### Example 1: List risk detections
+
+#### Request
+
+The following is an example of the request.
+<!-- {
+ "blockType": "request",
+ "name": "list_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections
+```
++
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.servicePrincipalRiskDetection)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+ ]
+}
+```
+
+### Example 2: List risk detections and filter the results
+
+#### Request
+The following example shows how to use `$filter` to get the collection of service principal risk detections where the risk level is `medium` or the risk event type is `investigationsThreatIntelligence`.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_filter_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections?$filter=riskEventType eq 'investigationsThreatIntelligence' or riskLevel eq 'medium'
+```
+
+#### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.servicePrincipalRiskDetection)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+ ]
+}
+```
v1.0 Meetingregistration Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/meetingregistration-post.md
In the request body, supply a JSON representation of a [meetingRegistration](../
## Response
-If successful, this method returns a `201 Created` response code and [meetingRegistration](../resources/meetingregistration.md) object in the response body.
+If successful, this method returns a `201 Created` response code and a [meetingRegistration](../resources/meetingregistration.md) object in the response body.
> [!NOTE] >
v1.0 Riskyserviceprincipal Confirmcompromised https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-confirmcompromised.md
+
+ Title: "riskyServicePrincipal: confirmCompromised"
+description: "Confirm one or more riskyServicePrincipal objects as compromised."
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal: confirmCompromised
+Namespace: microsoft.graph
++
+Confirm one or more [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects as compromised. This action sets the targeted service principal account's risk level to `high`. When the risk level of the service principal is confirmed as compromised, the service principal object is disabled and its **disabledByMicrosoftStatus** property is updated.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityProtection/riskyServicePrincipals/confirmCompromised
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+In the request body, specify the collection of ids of the risky service principals in a **servicePrincipalIds** property.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "riskyserviceprincipal_confirmcompromised"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/confirmCompromised
+Content-Type: application/json
+
+{
+ "servicePrincipalIds": [
+ "9089a539-a539-9089-39a5-899039a58990"
+ ]
+}
+```
++
+### Response
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Riskyserviceprincipal Dismiss https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-dismiss.md
+
+ Title: "riskyServicePrincipal: dismiss"
+description: "Dismiss the risk of one or more riskyServicePrincipal objects."
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal: dismiss
+Namespace: microsoft.graph
++
+Dismiss the risk of one or more [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects. This action sets the targeted service principal account's risk level to `none`. You can dismiss up to 60 service principal accounts in one request.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityProtection/riskyServicePrincipals/dismiss
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+In the request body, specify the collection of ids of the risky service principals in a **servicePrincipalIds** property.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "riskyserviceprincipal_dismiss"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/dismiss
+Content-Type: application/json
+
+{
+ "servicePrincipalIds": [
+ "9089a539-a539-9089-39a5-899039a58990"
+ ]
+}
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Riskyserviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-get.md
+
+ Title: "Get riskyServicePrincipal"
+description: "Read the properties and relationships of a riskyServicePrincipal object."
+
+ms.localizationpriority: medium
++
+# Get riskyServicePrincipal
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [riskyServicePrincipal](../resources/riskyserviceprincipal.md) object.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [riskyServicePrincipal](../resources/riskyserviceprincipal.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_riskyserviceprincipal"
+}
+-->
+
+ ``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/9089a539-a539-9089-39a5-899039a58990
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.riskyServicePrincipal"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.riskyServicePrincipal",
+ "id": "9089a539-a539-9089-39a5-899039a58990",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-08-14T13:06:51.0451374Z",
+ "riskLevel": "high",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "displayName": "Contoso App",
+ "appId": "b55552fe-a272-4b56-990b-95038d917878",
+ "servicePrincipalType": "Application"
+ }
+}
+```
+
v1.0 Riskyserviceprincipal List History https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-list-history.md
+
+ Title: "List history (risk history of riskyServicePrincipal)"
+description: "Get the risk history of a riskyServicePrincipal object."
+
+ms.localizationpriority: medium
++
+# List history (risk history of riskyServicePrincipal)
+Namespace: microsoft.graph
++
+Get the risk history of a [riskyServicePrincipal](../resources/riskyServicePrincipal.md) object.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history
+```
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [riskyServicePrincipalHistoryItem](../resources/riskyserviceprincipalhistoryitem.md) objects in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_riskyserviceprincipalhistoryitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.riskyServicePrincipalHistoryItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#riskyServicePrincipalHistoryItem",
+ "value": [
+ {
+ "id": "0fbef39d-9e8c-460b-444e-8ae5abcdffd7",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-10-20T01:14:37.7214159Z",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "riskLevel": "high",
+ "displayName": "Contoso App",
+ "appId": "ede08db0-9492-4a0c-8ae3-8ggg056c5d75",
+ "servicePrincipalType": "Application",
+ "servicePrincipalId": "0fbef39d-9e8c-777b-860e-8ae5abcdffd7",
+ "initiatedBy": null,
+ "activity": null
+ }
+ ]
+}
+```
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-get.md
Content-type: application/json
], "signInAudience": "AzureADandPersonalMicrosoftAccount", "tags": [],
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"addIns": [], "api": { "resourceSpecificApplicationPermissions": []
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 Serviceprincipalriskdetection Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipalriskdetection-get.md
+
+ Title: "Get servicePrincipalRiskDetection"
+description: "Read the properties and relationships of a servicePrincipalRiskDetection object."
+
+ms.localizationpriority: medium
++
+# Get servicePrincipalRiskDetection
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) object.
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId}
+```
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) object in the response body.
+
+## Examples
+
+### Example 1: Get a specific risk detection object
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId}
+```
++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.servicePrincipalRiskDetection"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+}
+```
+
v1.0 Sitepage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/sitepage-get.md
GET /sites/{site-id}/pages/{page-id}
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
GET /sites/{site-id}/pages/{page-id}
-##### Response
+### Response
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.sitePage", "truncated": true } -->
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
Response results are based on the context of the calling app. The following sections describe the common scenarios.
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Tasklist Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/tasklist-delete.md
If successful, this method returns a `204 No Content` response code.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_tasklist" } --> ``` http
-DELETE https://graph.microsoft.com/beta/user/tasks/lists/AAMkAGVjMzJmMWZjLTgyYjgtNGIyNi1hOGQ0LWRjMjNmMGRmOWNiYQAu
+DELETE https://graph.microsoft.com/beta/me/tasks/lists/AAMkAGVjMzJmMWZjLTgyYjgtNGIyNi1hOGQ0LWRjMjNmMGRmOWNiYQAu
```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Team Archive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-archive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Clone https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-clone.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.Create, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Get Photo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-photo.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get Primarychannel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-primarychannel.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (work or school account) | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** | |Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.Read.Group*, TeamMember.Read.All, TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team List Permissiongrants https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-permissiongrants.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, TeamsApp.Read.Group* |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-post.md
One of the following permissions is required to call this API. To learn more, in
> **Note**: The Teamwork.Migrate.All permission is *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Unarchive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-unarchive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Teamsapp Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-delete.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported.| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Publish https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-publish.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-update.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsasyncoperation Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsasyncoperation-get.md
The following permissions are for getting the operation on a chat:
| Delegated (personal Microsoft account) | Not supported. | | Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- {
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
> **Note:** Currently, with user delegated permissions, this operation only works for the `me` user. With application permissions, it works for all users by specifying the specific user ID (`me` alias is not supported with application permissions). For details, see [Known issues](/graph/known-issues#microsoft-teams-users-list-of-joined-teams-preview).
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-update.md
Namespace: microsoft.graph
Update the properties of a [user](../resources/user.md) object. Not all properties can be updated by Member or Guest users with their default permissions without Administrator roles. [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions) to see properties they can manage. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+One of the following pefrmissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
|Permission type | Permissions (from least to most privileged) | |:--|:|
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|assignedLicenses|[assignedLicense](../resources/assignedlicense.md) collection|The licenses that are assigned to the user. Not nullable. | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. **NOTE:** Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |customSecurityAttributes|[customSecurityAttributeValue](../resources/customsecurityattributevalue.md)|An open complex type that holds the value of a custom security attribute that is assigned to a directory object.<br/><br/>To update this property, the calling principal must be assigned the Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates.|
-|employeeId|String|The employee identifier assigned to the user by the organization.|
+|employeeId|String|The employee identifier assigned to the user by the organization. The maximum length is 16 characters.|
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
v1.0 Userinsightssettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userinsightssettings-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/settings/itemInsights
-GET /user/{userId}/settings/itemInsights
+GET /users/{userId}/settings/itemInsights
``` >**Note:** Requests with a `userId` or `userPrincipalName` are only accessible by the user or by a user with the User.ReadWrite.All permissions. To learn more, see [Permissions](/graph/permissions-reference).
v1.0 X509certificateauthenticationmethodconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-delete.md
+
+ Title: "Delete x509CertificateAuthenticationMethodConfiguration"
+description: "Delete a x509CertificateAuthenticationMethodConfiguration object and restores all the other properties to their default settings"
+
+ms.localizationpriority: medium
++
+# Delete x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Restore the [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object to its default configuration.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-get.md
+
+ Title: "Get x509CertificateAuthenticationMethodConfiguration"
+description: "Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Get x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Read the configuration details for the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md) in the [authentication methods policy](../resources/authenticationmethodspolicy.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Global Reader
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Optional query parameters
+This method does not support the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-update.md
+
+ Title: "Update x509CertificateAuthenticationMethodConfiguration"
+description: "Update the properties of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Update x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Update the properties of the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+The following properties can be updated.
+
+|Property|Type|Description|
+|:|:|:|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
+
+>**Note:** The `@odata.type` property with a value of `#microsoft.graph.x509CertificateAuthenticationMethodConfiguration` must be included in the body.
++
+## Response
+
+If successful, this method returns a `204 No Content` response code and an updated [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+Content-Type: application/json
+```
+
v1.0 Accesspackagemultiplechoicequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagemultiplechoicequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A child of **accessPackageQuestion** that presents multiple options that the requestor must choose an answer from.
+A child of **accessPackageQuestion** that presents multiple options that the requestor must choose an answer from. This is used in the **questions** property of an [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) and inside an [accessPackageResourceAttribute](accesspackageresourceattribute.md) of an access package resource.
Inherits from [accessPackageQuestion](../resources/accesspackagequestion.md).
v1.0 Accesspackagequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Used for the `accessPackageQuestion` property of an [access package assignment policy](accesspackageassignmentpolicy.md).
+Used for the **accessPackageQuestion** property of an [access package assignment policy](accesspackageassignmentpolicy.md) and the **accessPackageResourceAttributeQuestion** in an [accessPackageResourceAttribute](accesspackageresourceattribute.md).
-Subtypes include [accessPackageTextInputQuestions](accesspackagetextinputquestion.md) and [accessPackageMultipleChoiceQuestions](accesspackagemultiplechoicequestion.md).
+Subtypes include [accessPackageTextInputQuestion](accesspackagetextinputquestion.md) and [accessPackageMultipleChoiceQuestion](accesspackagemultiplechoicequestion.md).
## Properties |Property|Type|Description|
v1.0 Accesspackageresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresource.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Property | Type | Description | |:-|:|:| |accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.|
-|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains attribute information for the resource.
+|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains information about the attributes to be collected from the requestor and sent to the resource application. |
|addedBy|String|Read-only.| |addedOn|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |description|String|A description for the resource.|
v1.0 Accesspackageresourceattribute https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattribute.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A resource that exposes properties for the requestor of an access package to provide custom information that may be used to make approval decisions for the access package.
+An access package resource attribute is the definition of a property that a user is required to have to be able to access an application. This structure is included in an [accessPackageResource](../resources/accesspackageresource.md) of a catalog, for an application whose roles are included in an access package in that catalog. When a user requests the access package, they must supply the value of the attribute, which, if the request is approved, is then written on the user's directory object. The application can then subsequently [read the attribute of the user](../api/user-get.md).
+ ## Properties |Property|Type|Description| |:|:|:|
-|attributeDestination|[accessPackageResourceAttributeDestination](../resources/accesspackageresourceattributedestination.md)|Information about how to set the attribute.|
-|attributeName|String|The name of the attribute in the end system.|
-|attributeSource|[accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md)|Information about how to populate the attribute value when an **accessPackageAssignmentRequest** is being fulfilled.|
-|id|String|Unique identifier for the attribute.|
+|attributeDestination|[accessPackageResourceAttributeDestination](../resources/accesspackageresourceattributedestination.md)|Information about how to set the attribute, currently a [accessPackageUserDirectoryAttributeStore](accesspackageuserdirectoryattributestore.md) object type.|
+|attributeName|String|The name of the attribute in the end system. If the destination is `accessPackageUserDirectoryAttributeStore`, then a user property such as **jobTitle** or a directory schema extension for the user object type, such as `extension_2b676109c7c74ae2b41549205f1947ed_personalTitle`. |
+|attributeSource|[accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md)|Information about how to populate the attribute value when an **accessPackageAssignmentRequest** is being fulfilled, currently a [accessPackageResourceAttributeQuestion](accesspackageresourceattributequestion.md) object type.|
+|id|String|Unique identifier for the attribute on the access package resource. Read-only. |
|isEditable|String| Specifies whether or not an existing attribute value can be edited by the requester.| |isPersistedOnAssignmentRemoval|Boolean| Specifies whether the attribute will remain in the end system after an assignment ends.| +
+### accessPackageResourceAttribute resource type and extension properties
+
+The **attributeDestination**, **attributeName**, and **attributeSource** properties of an access package resource attribute relate to the [directory extension properties](extensionproperty.md).
+
+If the **attributeDestination** is an [accessPackageUserDirectoryAttributeStore](accesspackageuserdirectoryattributestore.md) object type, then the attribute indicated by **attributeName** must be a writable property of the [user](user.md) object. These writable properties are String types registered as [extension properties](extensionproperty.md) on the target **User** object.
+
+For example, suppose an application requires two user attributes, a user's job title, and their personal title. The values of these attributes could be synchronized to Azure AD from the on-premises Active Directory **jobTitle** and **personalTitle** attributes. Because **personalTitle** is not one of the default properties of the [user](user.md) object, this would require [creating a directory schema extension](../api/application-post-extensionproperty.md) to add the **personalTitle** property to the user object type. When creating a resource request for the application, you can include two access package resource attributes, one for the user property **jobTitle**, and another with the name of the directory schema extension property that was created for the personal title, such as `extension_2b676109c7c74ae2b41549205f1947ed_personalTitle`.
+
+If the **attributeSource** of the attribute is an [accessPackageResourceAttributeQuestion](accesspackageresourceattributequestion.md), then the requestor's supplied value is stored as provided on the user object, and made available to the application and other Microsoft Graph clients.
## Relationships None.
The following is a JSON representation of the resource.
}, "id": "String (identifier)", "isEditable": "Boolean",
+ "isPersistedOnAssignmentRemoval": "Boolean"
} ```
v1.0 Accesspackageresourceattributedestination https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributedestination.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An abstract type used for the **attributeDestination** property of an access package. The actual destination will be a subtype of this complex type.
+An abstract type used for the **attributeDestination** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md). The actual destination will be a subtype of this complex type.
Currently, the only supported subtype is [accessPackageUserDirectoryAttributeStore](../resources/accesspackageuserdirectoryattributestore.md).
v1.0 Accesspackageresourceattributequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Resource that defines the question provided to an end user, for the purpose of obtaining an attribute value to be passed to the end system or the request approver.
+Resource that defines the [question](accesspackagequestion.md) provided to an end user, for the purpose of obtaining an attribute value to be passed to the end system or the request approver.
-Inherits from [accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md).
+This type inherits from [accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md) and is used in the **attributeSource** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md).
+
+The only property is **question**, which could be an [accessPackageTextInputQuestion](accesspackagetextinputquestion.md) or a [accessPackageMultipleChoiceQuestion](accesspackagemultiplechoicequestion.md) object type.
## Properties |Property|Type|Description|
v1.0 Accesspackageresourceattributesource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributesource.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An abstract type that exposes objects that define the properties the user configures with values that are passed to the end system or the request approver. It is inherited by [accessPackageResourceAttributeQuestion](../resources/accesspackageresourceattributequestion.md).
+An abstract type that exposes objects that define the properties the user configures with values that are passed to the end system or the request approver. It is used in the **attributeSource** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md). This type is inherited by [accessPackageResourceAttributeQuestion](../resources/accesspackageresourceattributequestion.md).
## Properties None.
v1.0 Accesspackageresourcerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourcerequest.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package resource request is a request to add a resource to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages, or to remove a resource from a catalog that is no longer needed by the access packages.
+In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package resource request is a request to add a [resource](accesspackageresource.md) to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages, or to remove a resource from a catalog that is no longer needed by the access packages.
## Methods
v1.0 Accesspackagetextinputquestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagetextinputquestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A child of **accessPackageQuestion** that has text input as an answer.
+A child of **accessPackageQuestion** that has text input as an answer. This is used in the **questions** property of an [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) and inside an [accessPackageResourceAttribute](accesspackageresourceattribute.md) of an access package resource.
Inherits from [accessPackageQuestion](../resources/accesspackagequestion.md).
v1.0 Attacksimulationroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/attacksimulationroot.md
This is an abstract type.
|[List simulations](../api/attacksimulationroot-list-simulations.md)|[simulation](../resources/simulation.md) collection|Get the simulation resources from the simulations navigation property.| ## Properties
-|Property|Type|Description|
-|:|:|:|
+None.
## Relationships |Relationship|Type|Description|
v1.0 Authenticationmethodspolicies Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/authenticationmethodspolicies-overview.md
The authentication method policies APIs are used to manage policy settings. For
|[emailauthenticationmethodconfiguration](emailauthenticationmethodconfiguration.md)|Define users who can use email OTP on the Azure AD tenant.| |[passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration](passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration.md) (deprecated)|Define users who can use Passwordless Phone Sign-in to sign in to Azure AD.| |[temporaryaccesspassauthenticationmethodconfiguration](temporaryaccesspassauthenticationmethodconfiguration.md)|Define users who can use Temporary Access Pass to sign in to Azure AD.|
+|[x509CertificateAuthenticationMethodConfiguration](x509CertificateAuthenticationMethodConfiguration.md)|Define users who can use X.509 certificate to sign in to Azure AD.|
## Policies available to push users to set up authentication methods: |Policy | Description |
v1.0 Conditionalaccessconditionset https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessconditionset.md
Represents the type of conditions that govern when the policy applies.
|devices|[conditionalAccessDevices](conditionalaccessdevices.md)| Devices in the policy. | |locations|[conditionalAccessLocations](conditionalaccesslocations.md)| Locations included in and excluded from the policy. | |platforms|[conditionalAccessPlatforms](conditionalaccessplatforms.md)| Platforms included in and excluded from the policy. |
+|servicePrincipalRiskLevels|riskLevel collection| Service principal risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `none`, `unknownFutureValue`.|
|signInRiskLevels|riskLevel collection| Sign-in risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Required.| |userRiskLevels|riskLevel collection| User risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Required.|
The following is a JSON representation of the resource.
```json {
+ "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
"applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"}, "users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"}, "clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
The following is a JSON representation of the resource.
"devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"}, "locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"}, "platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
+ "servicePrincipalRiskLevels": ["String"],
"signInRiskLevels": ["String"] } ```
v1.0 Conditionalaccessplatforms https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessplatforms.md
Platforms included in and excluded from the policy scope.
| Property | Type | Description | |:-|:|:|
-|includePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`.|
-|excludePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`.|
+|includePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `linux`, `all`, `unknownFutureValue`.|
+|excludePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `linux`, `all`, `unknownFutureValue`.|
## Relationships
v1.0 Crosstenantaccesspolicy Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicy-overview.md
+
+ Title: "Cross-tenant access settings API overview"
+description: "Cross-tenant access settings let you manage both B2B collaboration and B2B direct connect for your organization."
+
+ms.localizationpriority: medium
++
+# Cross-tenant access settings API overview
+
+Namespace: microsoft.graph
++
+In the traditional Azure AD B2B collaboration, any invited user from an organization could use their identity to access resources in external organizations. Administrators didn't have control over the user identities in their tenant that are allowed to sign in to external organizations. These limited controls made it difficult to prevent identities from your organization from being used in unauthorized ways.
+
+**Cross-tenant access settings** let you control and manage collaboration between users in your organization and other organizations. The control can be on either **outbound access** (how your users collaborate with other organizations), **inbound access** (how other organizations collaborate with you), or both.
+
+Granular controls let you determine the users, groups, and apps, both in your organization and in external organizations, that can participate in Azure AD B2B collaboration and Azure AD B2B direct connect. These controls are implemented through:
+++ **Default cross-tenant access settings** which set the baseline inbound and outbound access settings.
+ + In Azure AD B2B collaboration, both access settings are enabled by default. This means all your users can be invited to external organizations, and all your users can invite external users.
+ + In Azure AD B2B direct connect, both access settings are disabled by default.
+ + The service default settings may be updated.
++ **Partner-specific access settings** which allow you to configure customized settings for individual organizations. For the configured organizations, this configuration takes precedence over the default settings. Therefore, while Azure AD B2B collaboration and Azure AD B2B direct connect might be disabled across your organization by default, you can enable these features for a specific external organization.+
+> [!IMPORTANT]
+>
+> By configuring B2B direct connect outbound settings, you agree to allow external organizations that you have enabled outbound settings with to access limited contact data about your users. Microsoft shares this data with those organizations to help them send a request to connect with your users. Data collected by external organizations, including limited contact data, is subject to the privacy policies and practices of those organizations.
+
+## Default cross-tenant access settings
+
+Default cross-tenant access settings determine your stance for inbound and outbound collaboration with all other Azure AD organizations. Any external collaboration with an organization not listed explicitly in your cross-tenant access settings will inherit these default settings. Default settings are defined using the [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) resource type.
+
+By default, Azure AD assigns all Azure AD tenants a service default configuration for cross-tenant access settings. You can override these service defaults with your own configuration to suit your organization. You can confirm whether you're using the service default settings or have modified the default settings by looking at the **isServiceDefault** property returned when you query the default endpoint.
+
+## Partner cross-tenant access settings
+
+Partner-specific cross-tenant access settings determine your stance for inbound and outbound collaboration with a specific Azure AD organization. Any collaboration with this organization will inherit these partner-specific settings. Partner settings are defined using the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) resource type.
+
+Even though you have added a partner to your cross-tenant access settings, some of your default settings will still apply. For example, if you configure only **b2bCollaborationInbound** for a partner in your cross-tenant access settings, all other settings for that partner configuration will be inherited from the default cross-tenant access settings. When querying the partner endpoint, any property on the partner object that is `null` means that for that property, it's inheriting settings from the default policy.
+
+## Inbound trust settings in cross-tenant access settings
+
+Inbound trust settings enable you to trust the MFA external users perform in their home directories. This prevents external users from having to perform MFA both in their home directories and in your directory. With inbound trust settings, you enable a seamless authentication experience for your external users and save on the MFA costs incurred by your organization.
+
+For example, when you configure your trust settings to trust MFA, your MFA policies are still applied to external users, but users who have already completed MFA in their home tenants won't have to complete MFA again in your tenant.
+
+Inbound trust settings also enable you to trust devices that are compliant, or hybrid Azure AD joined in their home directories. With inbound trust settings in cross-tenant access settings, you can now protect access to your apps and resources by requiring that external users use compliant, or hybrid Azure AD joined devices.
+
+## Interpreting the API response
+
+The cross-tenant access settings API can be used to set up multiple configurations for allowing or blocking access to and from your organization. The following table highlights scenarios, shows an example of the API response, and what the interpretation should be of that response. **b2bSetting** is used as a placeholder for any B2B inbound (**b2bCollaborationInbound** or **b2bDirectConnectInbound**) or outbound (**b2bCollaborationOutbound** or **b2bDirectConnectOutbound**) configuration.
+
+<table>
+<tr>
+<td> Scenario </td> <td> API output </td> <td> Interpretation </td>
+</tr>
+<tr>
+<td> Block all users and block all applications </td>
+<td>
+
+``` json
+"b2bsetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> - </td>
+</tr>
+<tr>
+<td> Allow all users and allow all applications </td>
+<td>
+
+``` json
+"b2bsetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> - </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' to access any app </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can access any app. All other users not in group 'g1' are blocked. </td>
+</tr>
+<tr>
+<td> Allow access to only application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> All users are only allowed to access application 'a1' </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' and block access to application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> All users in group 'g1' are allowed to access any application <b>except</b> application 'a1'. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' from accessing any application </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": " blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can't access any application. Other users not in group 'g1' have access to all applications. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' and allow access to application 'a1' only </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can't access any application. Any user not in group 'g1' can only access application 'a1'. </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' to access to only application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' are only allowed to access application 'a1'. All users, including users in group 'g1', are blocked from accessing any other application. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' from accessing application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' are blocked from accessing application 'a1' only. All users, including users in group 'g1' are able to access any other application. </td>
+</tr>
+</table>
+
+## Cross-tenant access settings vs tenant restrictions
+
+Cross-tenant access settings outbound controls are for controlling how **your organization's accounts** are used for accessing resources in other Azure AD organizations. Tenant Restrictions are for controlling how your employees use **other Azure AD organizations' accounts while the employee is on your networks or devices**. Critically, outbound controls work all the time because they're associated with your accounts, while Tenant Restrictions require additional signals to be injected into the authentication requests to be enforced, because Tenant Restrictions are scoped to networks and devices, not accounts. Learn more about [Tenant Restrictions](/azure/active-directory/manage-apps/tenant-restrictions).
+
+## Next steps
+++ [Cross-tenant access settings documentation](/azure/active-directory/external-identities/cross-tenant-access-overview)++ [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) resource type++ [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) resource type
v1.0 Crosstenantaccesspolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicy.md
+
+ Title: "crossTenantAccessPolicy resource type"
+description: "Cross-tenant access policy represents the base policy in the directory for cross-tenant access settings."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicy resource type
+
+Namespace: microsoft.graph
++
+Represents the base policy in the directory for cross-tenant access settings.
+
+Inherits from [tenantRelationshipAccessPolicyBase](../resources/tenantrelationshipaccesspolicybase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[Get crossTenantAccessPolicy](../api/crosstenantaccesspolicy-get.md)|[crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md)|Read the properties and relationships of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.|
+|[Update crossTenantAccessPolicy](../api/crosstenantaccesspolicy-update.md)|[crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md)|Update the properties of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| displayName | String | The display name of the cross-tenant access policy. Inherited from [policyBase](../resources/policybase.md).|
+| lastModifiedDateTime | DateTimeOffset | The time that the cross tenant access policy was last modified represented using ISO 8601 format and always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+| definition (deprecated) | String | The raw JSON definition of the cross-tenant access policy. **Deprecated. Do not use.**|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:|:|:|
+|default|[crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md)|Defines the default configuration for how your organization interacts with external Azure Active Directory organizations.|
+|partners|[crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) collection|Defines partner-specific configurations for external Azure Active Directory organizations.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicy",
+ "baseType": "microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicy",
+ "displayName": "String",
+ "lastModifiedDateTime": "String (timestamp)",
+ "definition": "String"
+}
+```
v1.0 Crosstenantaccesspolicyb2bsetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyb2bsetting.md
+
+ Title: "crossTenantAccessPolicyB2BSetting resource type"
+description: "Defines the inbound and outbound rulesets for Azure Active Directory (Azure AD) B2B collaboration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyB2BSetting resource type
+
+Namespace: microsoft.graph
++
+Defines the inbound and outbound rulesets for Azure Active Directory (Azure AD) B2B collaboration.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|applications|[crossTenantAccessPolicyTargetConfiguration](../resources/crosstenantaccesspolicytargetconfiguration.md)|The list of applications targeted with your cross-tenant access policy.|
+|usersAndGroups|[crossTenantAccessPolicyTargetConfiguration](../resources/crosstenantaccesspolicytargetconfiguration.md)|The list of users and groups targeted with your cross-tenant access policy.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyB2BSetting",
+ "usersAndGroups": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+ },
+ "applications": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationbase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationbase.md
+
+ Title: "crossTenantAccessPolicyConfigurationBase resource type"
+description: "Defines the properties that are common in a cross-tenant access policy configuration for the default and partner-specific settings."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationBase resource type
+
+Namespace: microsoft.graph
++
+An abstract type that defines the properties that are common in a cross-tenant access policy configuration for the default and partner-specific settings that govern Azure Active Directory (Azure AD) B2B collaboration and B2B direct connect.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|b2bCollaborationInbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.|
+|b2bCollaborationOutbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.|
+|b2bDirectConnectInbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.|
+|b2bDirectConnectOutbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.|
+|inboundTrust|[crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md)|Determines the configuration for trusting other Conditional Access claims from external Azure AD organizations.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationdefault.md
+
+ Title: "crossTenantAccessPolicyConfigurationDefault resource type"
+description: "The default configuration defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationDefault resource type
+
+Namespace: microsoft.graph
++
+The default configuration defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect.
+
+Inherits from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[Get crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-get.md)|[crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md)|Get the default configuration for B2B collaboration and B2B direct connect inbound and outbound settings.|
+|[Update crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-update.md)|None|Update the default configuration for B2B collaboration and B2B direct connect inbound and outbound settings.|
+|[Reset to system default](../api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md)|None|Reset the default configuration for a cross-tenant access policy to the system default settings.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectInbound |[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| isServiceDefault | Boolean | If `true`, the default configuration is set to the system default configuration. If `false`, the default settings have been customized. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationDefault",
+ "baseType": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationDefault",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "isServiceDefault": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationpartner.md
+
+ Title: "crossTenantAccessPolicyConfigurationPartner resource type"
+description: "The partner-specific configuration that is defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationPartner resource type
+
+Namespace: microsoft.graph
++
+The partner-specific configuration that is defined for inbound and outbound settings of Azure AD B2B and B2B direct connect collaboration.
+
+For any partner-specific property that is `null`, these settings will inherit the behavior configured in your [default cross tenant access settings](../resources/crosstenantaccesspolicyconfigurationdefault.md).
+
+Inherits from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+| [List partners](../api/crosstenantaccesspolicy-list-partners.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) collection | Get a list of all partner-specific configurations. |
+| [Create crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicy-post-partners.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Create a new partner-specific configuration. |
+| [Get crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-get.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Read the partner-specific configuration settings. |
+| [Update crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-update.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Update the properties of a partner-specific configuration. |
+| [Delete crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-delete.md) | None | Delete the partner-specific configuration. |
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| isServiceProvider | Boolean | Identifies whether the partner-specific configuration is a Cloud Service Provider for your organization. |
+| tenantId | String | The tenant identifier for the partner Azure AD organization. Read-only.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner",
+ "baseType": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationPartner",
+ "tenantId": "String",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "isServiceProvider": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicyinboundtrust https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyinboundtrust.md
+
+ Title: "crossTenantAccessPolicyInboundTrust resource type"
+description: "Defines the Conditional Access claims you want to accept from other organizations via your cross-tenant access policy configuration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyInboundTrust resource type
+
+Namespace: microsoft.graph
++
+Defines the Conditional Access claims you want to accept from other Azure AD organizations via your cross-tenant access policy configuration. These can be configured in your default configuration, partner-specific configuration, or both.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| isCompliantDeviceAccepted | Boolean | Specifies whether compliant devices from external Azure AD organizations are trusted. |
+| isHybridAzureADJoinedDeviceAccepted | Boolean | Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted. |
+| isMfaAccepted | Boolean | Specifies whether MFA from external Azure AD organizations is trusted.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyInboundTrust",
+ "isMfaAccepted": "Boolean",
+ "isCompliantDeviceAccepted": "Boolean",
+ "isHybridAzureADJoinedDeviceAccepted": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicytarget https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicytarget.md
+
+ Title: "crossTenantAccessPolicyTarget resource type"
+description: "Defines how to target your cross-tenant access policy settings. Settings can be targeted to specific users, groups, or applications."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyTarget resource type
+
+Namespace: microsoft.graph
++
+Defines how to target your cross-tenant access policy settings. Settings can be targeted to specific users, groups, or applications. You can also use keywords to target specific groups or applications.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| target | String | The unique identifier of the user, group, or application; one of the following keywords: `AllUsers` and `AllApplications`; or for targets that are applications, you may use [reserved values](#reserved-values-for-targets-that-are-applications). |
+| targetType | crossTenantAccessPolicyTargetType | The type of resource that you want to target. The possible values are: `user`, `group`, `application`, `unknownFutureValue`. |
+
+### Reserved values for targets that are applications
+
+When setting application targets, you can also use the following reserved values:
+
+| Symbol | Description |
+|:|:|
+| AllMicrosoftApps | Refers to any [Microsoft cloud application](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#microsoft-cloud-applications). |
+| Office365 | Includes the applications mentioned as part of the [Office365](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#office-365) suite. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTarget"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyTarget",
+ "target": "String",
+ "targetType": "microsoft.graph.crossTenantAccessPolicyTargetType"
+}
+```
v1.0 Crosstenantaccesspolicytargetconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicytargetconfiguration.md
+
+ Title: "crossTenantAccessPolicyTargetConfiguration resource type"
+description: "Defines the target of a cross-tenant access policy setting configuration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyTargetConfiguration resource type
+
+Namespace: microsoft.graph
++
+Defines the target of a cross-tenant access policy setting configuration.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| accessType| crossTenantAccessPolicyTargetConfigurationAccessType | Defines whether access is allowed or blocked. The possible values are: `allowed`, `blocked`, `unknownFutureValue`. |
+|targets|[crossTenantAccessPolicyTarget](../resources/crosstenantaccesspolicytarget.md) collection|Specifies whether to target users, groups, or applications with this rule.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyTargetConfiguration",
+ "accessType": "String",
+ "targets": [
+ {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTarget"
+ }
+ ]
+}
+```
v1.0 Entitlementmanagement Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/entitlementmanagement-overview.md
The entitlement management resource types include:
- [accessPackageAssignment](accesspackageassignment.md): An assignment of an access package to a particular subject, for a period of time. - [accessPackageAssignmentResourceRole](accesspackageassignmentresourcerole.md): Indicates the resource-specific role which a subject has been assigned through an access package assignment. - [accessPackageCatalog](accesspackagecatalog.md): A container for access packages.
+- [accessPackageResource](accesspackageresource.md): A reference to a resource associated with an access package catalog.
- [accessPackageResourceRequest](accesspackageresourcerequest.md): A request to add a resource to an access package catalog. - [accessPackageResourceEnvironment](accesspackageresourceenvironment.md): A reference to the geolocation of the resource. Applicable to Multi-Geo SharePoint Online sites. - [connectedOrganization](connectedorganization.md): A connected organization for external users who can request access.
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
+### crossTenantAccessPolicyTargetConfigurationAccessType values
+
+|Member|
+|:|
+|allowed|
+|blocked|
+|unknownFutureValue|
+
+### crossTenantAccessPolicyTargetType values
+
+|Member|
+|:|
+|user|
+|group|
+ ### accessPackageFilterByCurrentUserOptions values |Member|
Namespace: microsoft.graph
|hidden| |adminConfirmedUserCompromised| |unknownFutureValue|
+|adminConfirmedServicePrincipalCompromised|
+|adminDismissedAllRiskForServicePrincipal|
<!-- maintenance comment: Do not delete enum delcaration for riskEventType until all properties of this type are marked as deleted. Dec 28, 2021: Pending eventTypes (in riskUserActivity) and riskType (in riskDetection)-->
Namespace: microsoft.graph
|block| |unknownFutureValue|
+### x509CertificateAuthenticationMode values
+|Member|
+|:|
+|x509CertificateSingleFactor|
+|x509CertificateMultiFactor|
+|unknownFutureValue|
+
+### x509CertificateRuleType values
+|Member|
+|:|
+|issuerSubject|
+|policyOID|
+|unknownFutureValue|
+ ### anniversaryType values |Member|
Possible values for user account types (group membership), per Windows definitio
|signin| |user| |unknownFutureValue|
+|servicePrincipal|
### chatMessagePolicyViolationUserActionType values
Possible values for user account types (group membership), per Windows definitio
|or| |and| - ### subjectRightsRequestStage values |Member|
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Federatedidentitycredentials Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/federatedidentitycredentials-overview.md
The [federatedIdentityCredential](federatedidentitycredential.md) resource repre
The combination of **issuer** and **subject** must be unique on the app. When the external software workload requests Microsoft identity platform to exchange the external token for an access token, the **issuer** and **subject** values of the federated identity credential are checked against the `issuer` and `subject` claims provided in the external token. If that validation check passes, Microsoft identity platform issues an access token to the external software workload.
-Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object.
- The federated identity credentials API is not available in [national cloud](/graph/deployments) deployments.
+## Design considerations
+
+Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object.
+ ## See also + [federatedIdentityCredential resource type](federatedidentitycredential.md)
v1.0 Identityprotection Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/identityprotection-overview.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization. You can use the following Microsoft Graph APIs to query risks detected by Azure AD Identity Protection:
+Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization.
-* [riskDetection](riskdetection.md) - Query Microsoft Graph for a list of both user and sign-in linked risk detections and associated information about the detection. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
+Use the following Microsoft Graph APIs to query user and service principal risks detected by Azure AD Identity Protection:
+
+## For users
+++ [riskDetection](riskdetection.md) - Query Microsoft Graph for a list of both user and sign-in linked risk detections and associated information about the detection. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. >[!CAUTION] >The **identityRiskEvents** API was deprecated and stopped returning data on January 10, 2020. It was replaced by the [riskDetection](riskdetection.md) API. For more information about the deprecation, see [Deprecation of the identityRiskEvents API](https://developer.microsoft.com/office/blogs/deprecatation-of-the-identityriskevents-api/).
-* [riskyUsers](riskyuser.md) - Query Microsoft Graph for information about users that Azure AD Identity Protection detected as risky. User risk represents the probability that a given identity or account is compromised. These risks are calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.
++ [riskyUsers](riskyuser.md) - Query Microsoft Graph for information about users that Azure AD Identity Protection detected as risky. User risk represents the probability that a given identity or account is compromised. These risks are calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.+++ [signIn](signin.md) - Query Microsoft Graph for information about Azure AD sign-ins with specific properties related to risk state, detail, and level. A sign-in risk represents the probability that a given authentication request isnΓÇÖt authorized by the identity owner. These risks can be calculated in real-time or calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.+
+## For service principals
-* [signIn](signin.md) - Query Microsoft Graph for information about Azure AD sign-ins with specific properties related to risk state, detail, and level. A sign-in risk represents the probability that a given authentication request isnΓÇÖt authorized by the identity owner. These risks can be calculated in real-time or calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.
++ [servicePrincipalRiskDetection](serviceprincipalriskdetection.md) - Query Microsoft Graph for a list of service principal risk detections and associated information about the detections. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to service principal accounts in the directory. ++ [riskyServicePrincipals](riskyserviceprincipal.md) - Query Microsoft Graph for information about service principals that Azure AD Identity Protection detected as risky. Service principal risk represents the probability that a given identity or account is compromised. These risks are calculated asynchronously using data and patterns from MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources. ## What can I do with identity protection APIs in Microsoft Graph?
-The following are popular requests for working with audit log data:
+The following are popular requests:
Operation | URL :-|:-
v1.0 Identityprotectionroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/identityprotectionroot.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Container for the navigation properties for Microsoft Graph identity protection resources.
+Container for the navigation properties for [Microsoft Graph identity protection](identityprotection-overview.md) resources.
## Methods
None.
|:|:|:| |riskDetections|[riskDetection](../resources/riskdetection.md) collection| Risk detection in Azure AD Identity Protection and the associated information about the detection.| |riskyUsers|[riskyUser](../resources/riskyuser.md) collection|Users that are flagged as at-risk by Azure AD Identity Protection. |
+|riskyServicePrincipals| [riskyServicePrincipal](riskyserviceprincipal.md) collection | Azure AD service principals that are at risk. |
+|servicePrincipalRiskDetections| [servicePrincipalRiskDetection](serviceprincipalriskdetection.md) collection | Represents information about detected at-risk service principals in an Azure AD tenant.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licenseAssignmentState.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 Policyroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/policyroot.md
None
## Properties None - ## Relationships
-| Relationship | Type | Description |
-|:|:-|:|
-| accessReviewPolicy | [accessReviewPolicy](accessreviewpolicy.md) | The policy that contains directory-level access review settings. |
-| activityBasedTimeoutPolicies | [activityBasedTimeoutPolicy](activitybasedtimeoutpolicy.md) collection | The policy that controls the idle time out for web sessions for applications. |
-| adminConsentRequestPolicy | [adminConsentRequestPolicy](adminconsentrequestpolicy.md) | The policy by which consent requests are created and managed for the entire tenant. |
-| appManagementPolicies | [appManagementPolicy](appmanagementpolicy.md) collection | The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy. |
-| authenticationFlowsPolicy | [authenticationFlowsPolicy](authenticationflowspolicy.md) | The policy configuration of the self-service sign-up experience of external users. |
-| authenticationMethodsPolicy | [authenticationMethodsPolicy](authenticationmethodspolicy.md) | The authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). |
-| authorizationPolicy | [authorizationPolicy](authorizationpolicy.md) collection | The policy that controls Azure AD authorization settings. |
-| b2cAuthenticationMethodsPolicy | [b2cAuthenticationMethodsPolicy](b2cauthenticationmethodspolicy.md) | The Azure AD B2C policies that define how end users register via local accounts. |
-| claimsMappingPolicies | [claimsMappingPolicy](claimsmappingpolicy.md) collection | The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. |
-| conditionalAccessPolicies | [conditionalAccessPolicy](conditionalaccesspolicy.md) | The custom rules that define an access scenario. |
-| defaultAppManagementPolicy | [tenantAppManagementPolicy](tenantappmanagementpolicy.md) | The tenant-wide policy that enforces app management restrictions for all applications and service principals. |
-| deviceRegistrationPolicy | [deviceRegistrationPolicy](deviceregistrationpolicy.md) | Represents the policy scope that controls quota restrictions, additional authentication, and authorization policies to register device identities to your organization. |
-| featureRolloutPolicies | [featureRolloutPolicy](featurerolloutpolicy.md) collection | The feature rollout policy associated with a directory object. |
-| homeRealmDiscoveryPolicies | [homeRealmDiscoveryPolicy](homerealmdiscoverypolicy.md) collection | The policy to control Azure AD authentication behavior for federated users. |
-| identitySecurityDefaultsEnforcementPolicy | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | The policy that represents the security defaults that protect against common attacks. |
-| mobileAppManagementPolicies | [mobilityManagementPolicy](mobilitymanagementpolicy.md) collection | The policy that defines auto-enrollment configuration for a mobility management (MDM or MAM) application. |
-| permissionGrantPolicies | [permissionGrantPolicy](permissiongrantpolicy.md) collection | The policy that specifies the conditions under which consent can be granted. |
-| roleManagementPolicies | [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection | Represents the role management policies. |
-| roleManagementPolicyAssignments | [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection | Represents the role management policy assignments. |
-| tokenIssuancePolicies | [tokenIssuancePolicy](tokenissuancepolicy.md) collection | The policy that specifies the characteristics of SAML tokens issued by Azure AD. |
-| tokenLifetimePolicies | [tokenLifetimePolicy](tokenlifetimepolicy.md) collection | The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Azure AD. |
+
+| Relationship | Type | Description |
+|:|:-|:|
+| accessReviewPolicy | [accessReviewPolicy](accessreviewpolicy.md) | The policy that contains directory-level access review settings. |
+| activityBasedTimeoutPolicies | [activityBasedTimeoutPolicy](activitybasedtimeoutpolicy.md) collection | The policy that controls the idle time out for web sessions for applications. |
+| adminConsentRequestPolicy | [adminConsentRequestPolicy](adminconsentrequestpolicy.md) | The policy by which consent requests are created and managed for the entire tenant. |
+| appManagementPolicies | [appManagementPolicy](appmanagementpolicy.md) collection | The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy. |
+| authenticationFlowsPolicy | [authenticationFlowsPolicy](authenticationflowspolicy.md) | The policy configuration of the self-service sign-up experience of external users. |
+| authenticationMethodsPolicy | [authenticationMethodsPolicy](authenticationmethodspolicy.md) | The authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). |
+| authorizationPolicy | [authorizationPolicy](authorizationpolicy.md) collection | The policy that controls Azure AD authorization settings. |
+| b2cAuthenticationMethodsPolicy | [b2cAuthenticationMethodsPolicy](b2cauthenticationmethodspolicy.md) | The Azure AD B2C policies that define how end users register via local accounts. |
+| claimsMappingPolicies | [claimsMappingPolicy](claimsmappingpolicy.md) collection | The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. |
+| conditionalAccessPolicies | [conditionalAccessPolicy](conditionalaccesspolicy.md) | The custom rules that define an access scenario. |
+| crossTenantAccessPolicy | [crossTenantAccessPolicy](crosstenantaccesspolicy.md) | The custom rules that define an access scenario when interacting with external Azure AD tenants. |
+| defaultAppManagementPolicy | [tenantAppManagementPolicy](tenantappmanagementpolicy.md) | The tenant-wide policy that enforces app management restrictions for all applications and service principals. |
+| featureRolloutPolicies | [featureRolloutPolicy](featurerolloutpolicy.md) collection | The feature rollout policy associated with a directory object. |
+| homeRealmDiscoveryPolicies | [homeRealmDiscoveryPolicy](homerealmdiscoverypolicy.md) collection | The policy to control Azure AD authentication behavior for federated users. |
+| identitySecurityDefaultsEnforcementPolicy | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | The policy that represents the security defaults that protect against common attacks. |
+| mobileAppManagementPolicies | [mobilityManagementPolicy](mobilitymanagementpolicy.md) collection | The policy that defines auto-enrollment configuration for a mobility management (MDM or MAM) application. |
+| permissionGrantPolicies | [permissionGrantPolicy](permissiongrantpolicy.md) collection | The policy that specifies the conditions under which consent can be granted. |
+| roleManagementPolicies | [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection | Represents the role management policies. |
+| roleManagementPolicyAssignments | [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection | Represents the role management policy assignments. |
+| tokenIssuancePolicies | [tokenIssuancePolicy](tokenissuancepolicy.md) collection | The policy that specifies the characteristics of SAML tokens issued by Azure AD. |
+| tokenLifetimePolicies | [tokenLifetimePolicy](tokenlifetimepolicy.md) collection | The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Azure AD. |
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"@odata.type": "#microsoft.graph.policyRoot" } ```-
v1.0 Resulttemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/resulttemplate.md
The following is a JSON representation of the resource.
```json {
- "resultTemplateId": {
- "displayName": "String",
- "body": "Json schema"
- }
+ "resultTemplateId": {
+ "displayName": "String",
+ "body": "Json schema"
+ }
} ```
v1.0 Riskserviceprincipalactivity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskserviceprincipalactivity.md
+
+ Title: "riskServicePrincipalActivity resource type"
+description: "Represents the risk activity of an Azure AD service principal as determined by Azure AD Identity Protection."
+
+ms.localizationpriority: medium
++
+# riskServicePrincipalActivity resource type
+
+Namespace: microsoft.graph
+
+Represents the risk activity of an Azure AD service principal as determined by Azure AD Identity Protection.
+
+## Properties
+
+| Property | Type |Description|
+|:|:--|:-|
+|riskEventType|String|The type of risk event detected. The possible values are: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, `adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, `unknownFutureValue`.|
+| detail | riskDetail | Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+
+## JSON representation
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [ ],
+ "@odata.type": "microsoft.graph.riskServicePrincipalActivity"
+}-->
+```json
+{
+ "riskEventTypes": ["String"],
+ "detail": "String"
+}
+```
+<!--
+{
+ "type": "#page.annotation",
+ "description": "",
+ "keywords": "",
+ "section": "",
+ "tocPath": "",
+ "suppressions": []
+}
+-->
+
v1.0 Riskyserviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskyserviceprincipal.md
+
+ Title: "riskyServicePrincipal resource type"
+description: "Represents Azure AD workload identities that are at risk, including risk for applications, service principals and Managed Identities. "
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal resource type
+
+Namespace: microsoft.graph
++
+Represents Azure AD service principals that are at-risk. Azure AD continually evaluates service principal risk based on various signals and machine learning. This API provides programmatic access to all at-risk service principals in your Azure AD tenant.
+
+Inherits from [entity](../resources/entity.md).
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List riskyServicePrincipals](../api/identityprotectionroot-list-riskyserviceprincipals.md)|[riskyServicePrincipal](../resources/riskyserviceprincipal.md) collection|List risky service principals and their risk properties.|
+|[Get riskyServicePrincipal](../api/riskyserviceprincipal-get.md)|[riskyServicePrincipal](../resources/riskyserviceprincipal.md)|Get a specific risky service principal and its risk properties.|
+|[dismiss](../api/riskyserviceprincipal-dismiss.md)|None|Dismiss the risk of a risky service principal.|
+|[confirmCompromised](../api/riskyserviceprincipal-confirmcompromised.md)|None|Confirm a risky service principal as compromised.|
+|[List history](../api/riskyserviceprincipal-list-history.md) | [riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Get the risk history of an Azure AD service principal.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|accountEnabled|Boolean|`true` if the service principal account is enabled; otherwise, `false`.|
+|appId|String|The globally unique identifier for the associated application (its **appId** property), if any.|
+|displayName|String|The display name for the service principal.|
+|id|String|The unique identifier assigned to the service principal at risk. Inherited from [entity](../resources/entity.md).|
+|isProcessing|Boolean|Indicates whether Azure AD is currently processing the service principal's risky state.|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskLastUpdatedDateTime|DateTimeOffset|The date and time that the risk state was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is `2021-01-01T00:00:00Z`. Supports `$filter` (`eq`).|
+|riskLevel|riskLevel|Level of the detected risky workload identity. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Supports `$filter` (`eq`).|
+|riskState|riskState|State of the service principal's risk. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
+|servicePrincipalType|String|Identifies whether the service principal represents an `Application`, a `ManagedIdentity`, or a legacy application (`socialIdp`). This is set by Azure AD internally and is inherited from [servicePrincipal](../resources/servicePrincipal.md). |
+
+## Relationships
+
+|Method|Return type|Description|
+|:|:|:|
+|history|[riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Represents the risk history of Azure AD service principals.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.riskyServicePrincipal",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.riskyServicePrincipal",
+ "id": "String (identifier)",
+ "accountEnabled": "Boolean",
+ "isProcessing": "Boolean",
+ "riskLastUpdatedDateTime": "String (timestamp)",
+ "riskLevel": "String",
+ "riskState": "String",
+ "riskDetail": "String",
+ "displayName": "String",
+ "appId": "String",
+ "servicePrincipalType": "String"
+}
+```
+
v1.0 Riskyserviceprincipalhistoryitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskyserviceprincipalhistoryitem.md
+
+ Title: "riskyServicePrincipalHistoryItem resource type"
+description: "Represents the risk history of Azure AD service principals"
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipalHistoryItem resource type
+
+Namespace: microsoft.graph
+
+Represents the risk history of an Azure AD service principal as determined by Azure AD Identity Protection. Inherits from [riskyServicePrincipal](riskyserviceprincipal.md).
+
+## Methods
+
+| Method | Return Type|Description|
+|:|:--|:-|
+|[List history](../api/riskyserviceprincipal-list-history.md) | [riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Get the risk history of an Azure AD service principal.|
++
+## Properties
+
+| Property | Type | Description |
+|:|:--|:|
+| servicePrincipalId | string | The identifier of the service principal. |
+| initiatedBy | bool | The identifier of the actor of the operation. |
+| activity | [riskServicePrincipalActivity](riskserviceprincipalactivity.md)| The activity related to service principal risk level change. |
+
+## JSON representation
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [ ],
+ "@odata.type": "microsoft.graph.riskyServicePrincipalHistoryItem",
+ "baseType": "microsoft.graph.riskyServicePrincipal"
+}-->
+
+```json
+{
+ "servicePrincipalId": "String",
+ "initiatedBy": "String",
+ "activity": {"@odata.type": "microsoft.graph.riskServicePrincipalActivity"}
+}
+```
++
+<!--
+{
+ "type": "#page.annotation",
+ "description": "riskyServicePrincipalHistoryItem resource type",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+
+ ]
+}
+-->
v1.0 Serviceprincipalriskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipalriskdetection.md
+
+ Title: "servicePrincipalRiskDetection resource type"
+description: "Represents information about a detected at-risk service principal in an Azure AD tenant."
+
+ms.localizationpriority: medium
++
+# servicePrincipalRiskDetection resource type
+
+Namespace: microsoft.graph
++
+Represents information about detected at-risk service principals in an Azure AD tenant. Azure AD continually evaluates risks based on various signals and machine learning. This API provides programmatic access to all service principal risk detections in your Azure AD environment.
+
+Inherits from [entity](../resources/entity.md).
+
+For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection).
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List servicePrincipalRiskDetections](../api/identityprotectionroot-list-serviceprincipalriskdetections.md)|[servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) collection|List service principal risk detections and their properties.|
+|[Get servicePrincipalRiskDetection](../api/serviceprincipalriskdetection-get.md)|[servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md)|Get a specific service principal risk detection and its properties.|
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|activity|activityType|Indicates the activity type the detected risk is linked to. The possible values are: `signin`, `unknownFutureValue`, `servicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `servicePrincipal`. |
+|activityDateTime|DateTimeOffset|Date and time when the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
+|additionalInfo|String|Additional information associated with the risk detection. This string value is represented as a JSON object with the quotations escaped. |
+|appId|String|The unique identifier for the associated application.|
+|correlationId|String|Correlation ID of the sign-in activity associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in activity.|
+|detectedDateTime|DateTimeOffset|Date and time when the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|detectionTimingType|riskDetectionTimingType|Timing of the detected risk , whether real-time or offline). The possible values are: `notDefined`, `realtime`, `nearRealtime`, `offline`, `unknownFutureValue`.|
+|id|String|Unique identifier of the risk detection. Inherited from [entity](../resources/entity.md).|
+|ipAddress|String|Provides the IP address of the client from where the risk occurred.|
+|keyIds|String collection|The unique identifier (GUID) for the key credential associated with the risk detection.|
+|lastUpdatedDateTime|DateTimeOffset|Date and time when the risk detection was last updated.|
+|location|[signInLocation](signinlocation.md)|Location from where the sign-in was initiated. |
+|requestId|String|Request identifier of the sign-in activity associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in activity. Supports `$filter` (`eq`).|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `hidden`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskEventType|String|The type of risk event detected. The possible values are: `investigationsThreatIntelligence`, `generic`, `adminConfirmedServicePrincipalCompromised`, `suspiciousSignins`, `leakedCredentials`, `unknownFutureValue`. Supports `$filter` (`eq`).|
+|riskLevel|riskLevel|Level of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.|
+|riskState|riskState|The state of a detected risky service principal or sign-in activity. The possible values are: `none`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
+|servicePrincipalDisplayName|String| The display name for the service principal.|
+|servicePrincipalId|String|The unique identifier for the service principal. Supports `$filter` (`eq`).|
+|source|String|Source of the risk detection. For example, `identityProtection`.|
+|tokenIssuerType|tokenIssuerType|Indicates the type of token issuer for the detected sign-in risk. The possible values are: `AzureAD`, `UnknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.servicePrincipalRiskDetection",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "String (identifier)",
+ "requestId": "String",
+ "correlationId": "String",
+ "riskEventType": "String",
+ "riskState": "String",
+ "riskLevel": "String",
+ "riskDetail": "String",
+ "source": "String",
+ "detectionTimingType": "String",
+ "activity": "String",
+ "tokenIssuerType": "String",
+ "ipAddress": "String",
+ "location": {
+ "@odata.type": "microsoft.graph.signInLocation"
+ },
+ "activityDateTime": "String (timestamp)",
+ "detectedDateTime": "String (timestamp)",
+ "lastUpdatedDateTime": "String (timestamp)",
+ "servicePrincipalId": "String",
+ "servicePrincipalDisplayName": "String",
+ "appId": "String",
+ "keyIds": [
+ "String"
+ ],
+ "additionalInfo": "String"
+}
+```
+
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/team.md
For a POST request example, see [Request (create team in migration state)](/micr
| Relationship | Type | Description | |:|:--|:-|
-|channels|[channel](channel.md) collection|The collection of channels & messages associated with the team.|
+|channels|[channel](channel.md) collection|The collection of channels and messages associated with the team.|
|installedApps|[teamsAppInstallation](teamsappinstallation.md) collection|The apps installed in this team.| |members|[conversationMember](../resources/conversationmember.md) collection|Members and owners of the team.| |owners|[user](user.md)| The list of this team's owners. Currently, when creating a team using application permissions, exactly one owner must be specified. When using user delegated permissions, no owner can be specified (the current user is the owner). Owner must be specified as an object ID (GUID), not a UPN. |
v1.0 Tenantrelationshipaccesspolicybase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/tenantrelationshipaccesspolicybase.md
+
+ Title: "tenantRelationshipAccessPolicyBase resource type"
+description: "The base type that defines a tenant relationship."
+
+ms.localizationpriority: medium
++
+# tenantRelationshipAccessPolicyBase resource type
+
+Namespace: microsoft.graph
++
+The base type that defines a tenant relationship. This is an abstract type that's inherited by cross-tenant policy objects including [crossTenantAccessPolicy](crosstenantaccesspolicy.md).
+
+Inherits from [policyBase](policybase.md).
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| definition (deprecated) | String collection | The raw JSON definition of the cross-tenant access policy. **Deprecated. Do not use.** |
+| description | String | Description for this policy. Required. Inherited from [policyBase](../resources/policybase.md). |
+| displayName | String collection | Display name for this policy. Required. Inherited from [policyBase](../resources/policybase.md). |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "baseType": "microsoft.graph.policyBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "definition": [
+ "String"
+ ],
+ "description": "String",
+ "displayName": "String"
+}
+```
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
This resource supports:
|:|:--|:| | aboutMe | String | A freeform text entry field for the user to describe themselves. <br><br>Returned only on `$select`. | | accountEnabled | Boolean | `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
+| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
| assignedLicenses | [assignedLicense](assignedlicense.md) collection | The licenses that are assigned to the user, including inherited (group-based) licenses. <br><br>Not nullable. Supports `$filter` (`eq` and `not`). | | assignedPlans | [assignedPlan](assignedplan.md) collection | The plans that are assigned to the user. Read-only. Not nullable.<br><br>Supports `$filter` (`eq` and `not`). | | birthday | DateTimeOffset | The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z` <br><br>Returned only on `$select`. | | businessPhones | String collection | The telephone numbers for the user. Only one number can be set for this property. <br><br>Read-only for users synced from on-premises directory. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| | city | String | The city in which the user is located. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). |
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
| country | String | The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). | | createdDateTime | DateTimeOffset | The date and time the user was created. The value cannot be modified and is automatically populated when the entity is created. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. Property is nullable. A null value indicates that an accurate creation time couldn't be determined for the user. Read-only. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`). | | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`). </ul> <br>Read-only.<br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
This resource supports:
| department | String | The name for the department in which the user works. Maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values). | | displayName | String | The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| | externalUserState | String | For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `in`). |
This resource supports:
| isResourceAccount | Boolean | Do not use ΓÇô reserved for future use. | | jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| | lastPasswordChangeDateTime | DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, , whichever date the latest action was performed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. <br><br>Returned only on `$select`. |
-| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
+| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
| licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. Read-only. <br><br>Returned only on `$select`. | | mail | String | The SMTP address for the user, for example, `admin@contoso.com`. Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters. <br><br> Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values). | | mailboxSettings | [mailboxSettings](mailboxsettings.md) | Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale, and time zone. For more information, see [User preferences for languages and regional formats](#user-preferences-for-languages-and-regional-formats). <br><br>Returned only on `$select`. |
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 X509certificateauthenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmethodconfiguration.md
+
+ Title: "x509CertificateAuthenticationMethodConfiguration resource type"
+description: "Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationMethodConfiguration resource type
+
+Namespace: microsoft.graph
++
+Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it.
+
+Inherits from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[Get x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-get.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Update x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-update.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Update the properties of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Restore the x509CertificateAuthenticationMethodConfiguration object to its default configuration.|
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The identifier for the authentication method policy. The value is always `X509Certificate`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
++
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of users or groups who are enabled to use the authentication method.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "baseType": "microsoft.graph.authenticationMethodConfiguration",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "String (identifier)",
+ "state": "String",
+ "certificateUserBindings": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+ }
+}
+```
+
v1.0 X509certificateauthenticationmodeconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmodeconfiguration.md
+
+ Title: "x509CertificateAuthenticationModeConfiguration resource type"
+description: "Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationModeConfiguration resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|rules|[x509CertificateRule](../resources/x509certificaterule.md) collection| Rules are configured in addition to the authentication mode to bind a specific **x509CertificateRuleType** to an **x509CertificateAuthenticationMode**. For example, bind the `policyOID` with identifier `1.32.132.343` to `x509CertificateMultiFactor` authentication mode.|
+|x509CertificateAuthenticationDefaultMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationModeConfiguration",
+ "x509CertificateAuthenticationDefaultMode": "String",
+ "rules": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+ }
+ ]
+}
+```
+
v1.0 X509certificaterule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificaterule.md
+
+ Title: "x509CertificateRule resource type"
+description: "Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode."
+
+ms.localizationpriority: medium
++
+# x509CertificateRule resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|identifier|String| The identifier of the X.509 certificate. Required.|
+|x509CertificateAuthenticationMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`. Required.|
+|x509CertificateRuleType|x509CertificateRuleType| The type of the X.509 certificate mode configuration rule. The possible values are: `issuerSubject`, `policyOID`, `unknownFutureValue`. Required.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateRule",
+ "x509CertificateRuleType": "String",
+ "identifier": "String",
+ "x509CertificateAuthenticationMode": "String"
+}
+```
+
v1.0 X509certificateuserbinding https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateuserbinding.md
+
+ Title: "x509CertificateUserBinding resource type"
+description: "Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account."
+
+ms.localizationpriority: medium
++
+# x509CertificateUserBinding resource type
+
+Namespace: microsoft.graph
++
+Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|priority|Int32|The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the **certificateUserBindings** property of an **x509CertificateAuthenticationMethodConfiguration** object. Required|
+|userProperty|String|Defines the Azure AD user property of the user object to use for the binding. The possible values are: **userPrincipalName**, `onPremisesUserPrincipalName`, `email`. Required.|
+|x509CertificateField|String|The field on the X.509 certificate to use for the binding. The possible values are: `PrincipalName`, `RFC822Name`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateUserBinding",
+ "x509CertificateField": "String",
+ "userProperty": "String",
+ "priority": "Integer"
+}
+```
+
v1.0 Accesspackagecatalog Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accesspackagecatalog-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accesspackagecatalog" } --> ```http
-PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageCatalogs/{accessPackageCatalogId}
+PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/catalogs/{accessPackageCatalogId}
Content-Type: application/json { "displayName":"Catalog One" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Appcatalogs List Teamsapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/appcatalogs-list-teamsapps.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | AppCatalog.Read.All, AppCatalog.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Application Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/application-get.md
Content-type: application/json
"addIns": [], "publisherDomain": "contoso.onmicrosoft.com", "signInAudience": "AzureADandPersonalMicrosoftAccount",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"tags": [], "tokenEncryptionKeyId": null, "api": {
v1.0 Channel Delete Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-delete-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Delete.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Delete.Group*, Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get Filesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get-filesfolder.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Files.Read.All, Files.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Channel Get Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Channel List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-patch-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-patch.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.ReadWrite.Group*, ChannelSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-post-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | | Application | TeamsTab.Create.Group*, TeamsTab.Create, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-post.md
One of the following permissions is required to call this API. To learn more, in
|Application | Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All**, Directory.ReadWrite.All** | > **Notes**:
-> Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> > This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of. >
v1.0 Chat Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-get.md
Content-type: application/json
} ```
+### Example 4: Get the meeting details of a chat associated with a Microsoft Teams meeting
+#### Request
+The following is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_meeting_chat"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/chats/19:meeting_ZDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4@thread.v2
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+#### Response
+The following example shows the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "id": "19:meeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4@thread.v2",
+ "topic": "Test Meeting",
+ "createdDateTime": "2021-08-17T12:21:37.322Z",
+ "lastUpdatedDateTime": "2021-08-18T00:31:31.817Z",
+ "chatType": "meeting",
+ "webUrl": "https://teams.microsoft.com/l/chat/19%3Ameeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4%40thread.v2/0?tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34",
+ "tenantId": "2432b57b-0abd-43db-aa7b-16eadd115d35",
+ "onlineMeetingInfo": {
+ "calendarEventId": "AAMkADAzMjNhY2NiLWVmNDItNDVjYS05MnFjLTExY2U0ZWMyZTNmZQBGAAAAAAARDMODhhR0TZRGWo9nN0NcBwAmvYmLhDvYR6hCFdQLgxR-AAAAAAENAAAmvYmLhDvYR6hCFdQLgxR-AABkrglJAAA=",
+ "joinWebUrl": "https://teams.microsoft.com/l/meetup-join/19%3Ameeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4%40thread.v2/0?context=%7b%22Tid%22%3a%222432b57b-0abd-43db-aa7b-16eadd115d34%22%2c%22Oid%22%3a%22bfb5bb25-3a8d-487d-9828-7875ced51a30%22%7d",
+ "organizer": {
+ "id": "bfb5bb25-3a8d-487d-9828-7875ced51a30",
+ "displayName": null,
+ "userIdentityType": "aadUser"
+ }
+ }
+}
+```
+ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Chatmessage Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-delta.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not Supported | |Application | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-list-hostedcontents.md
Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedco
|Delegated (personal Microsoft account)|Not supported.| |Application| Chat.Read.All, Chat.ReadWrite.All|
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage List Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-list-replies.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Post Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-post-replies.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessagehostedcontent-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| Chat.Read.All, Chat.ReadWrite.All|
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmemberobjects.md
doc_type: "apiPageType"
Namespace: microsoft.graph
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmemberobjects.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Driveitem Copy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/driveitem-copy.md
Title: driveItem: copy
+ Title: "driveItem: copy"
ms.localizationpriority: medium ms.prod: "sharepoint" description: "Asynchronously creates a copy of an driveItem (including any children), under a new parent item or with a new name."
v1.0 Educationassignment Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/educationassignment-update.md
Content-type: application/json
## See also * [States, transitions, and limitations for assignments and submissions](/graph/assignments-submissions-states-transition)
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC -->
v1.0 Educationassignmentdefaults Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/educationassignmentdefaults-update.md
Content-Type: application/json
} ```
+## See also
+
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Addtokensigningcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-addtokensigningcertificate.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/javascript/serviceprincipal-addtokensigningcertificate-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-get.md
Content-type: application/json
"endpoints": [], "homepage": null, "id": "00af5dfb-85da-4b41-a677-0c6b86dd34f8",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"info": { "termsOfServiceUrl": null, "supportUrl": null,
v1.0 Serviceprincipal List Homerealmdiscoverypolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-list-homerealmdiscoverypolicies.md
HTTP/1.1 200 OK
Content-type: application/json {
- "value": [
- {
- "definition": [
- "definition-value"
- ],
- "displayName": "displayName-value",
- "isOrganizationDefault": true,
- "id": "id-value"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.homeRealmDiscoveryPolicy)",
+ "value": [
+ {
+ "id": "6c6f154f-cb39-4ff9-bf5b-62d5ad585cde",
+ "deletedDateTime": null,
+ "definition": [
+ "{\"HomeRealmDiscoveryPolicy\": {\"AccelerateToFederatedDomain\":true, \"PreferredDomain\":\"federated.example.edu\", \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ ],
+ "displayName": "Contoso default HRD Policy",
+ "isOrganizationDefault": false
+ }
+ ]
} ```
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
|[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
Response results are based on the context of the calling app. The following sections describe the common scenarios.
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Team Archive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-archive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Clone https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-clone.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.Create, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Get Primarychannel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get-primarychannel.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-list-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.Read.Group*, TeamMember.Read.All, TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Team Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post.md
One of the following permissions is required to call this API. To learn more, in
> **Note**: The Teamwork.Migrate.All permission is *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All, Directory.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Unarchive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-unarchive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Teamsapp Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-delete.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Publish https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-publish.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Teamsapp Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-update.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
## HTTP request
v1.0 Termstore Group List Sets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/termstore-group-list-sets.md
Title: "List sets"
description: "Get a list of the set objects and their properties." ms.localizationpriority: medium doc_type: apiPageType
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_set_1" }--> ``` http
-GET https://graph.microsoft.com/v1.0/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/groups/03577abb-975e-4fb4-9ee0-4102a9108f94/sets
+GET https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/groups/03577abb-975e-4fb4-9ee0-4102a9108f94/sets
```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Termstore Relation Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/termstore-relation-post.md
Title: "Create relation"
description: "Create a new relation object." ms.localizationpriority: medium doc_type: apiPageType
If successful, this method returns a `201 Created` response code and a [microsof
--> ``` http
-POST https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/v1.0/27fd2d26-60d3-485c-9420-0c71f74a0cfd/terms/8861b57a-c777-49e7-826f-47d6afecf80d/relations
+POST https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/27fd2d26-60d3-485c-9420-0c71f74a0cfd/terms/8861b57a-c777-49e7-826f-47d6afecf80d/relations
Content-Type: application/json {
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use different permissions and avoid using these permissions going forward.
> **Note:** Currently, with user delegated permissions, this operation only works for the `me` user. With application permissions, it works for all users by specifying the specific user ID (`me` alias is not supported with application permissions). For details, see [Known issues](/graph/known-issues#microsoft-teams-users-list-of-joined-teams-preview).
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. |
-| employeeId | String | The employee identifier assigned to the user by the organization. |
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. |
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| lastUpdatedDateTime| dateTimeOffset| Date and time at which the chat was renamed or list of members were last changed. Read-only.| | topic| String| (Optional) Subject or topic for the chat. Only available for group chats.| | webUrl | String| The URL for the chat in Microsoft Teams. The URL should be treated as an opaque blob, and not parsed. Read-only. |
+| tenantId| String | The identifier of the tenant in which the chat was created. Read-only.|
+| onlineMeetingInfo | [teamworkOnlineMeetingInfo](../resources/teamworkonlinemeetinginfo.md) | Represents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty. Read-only.|
### chatType values
Here is a JSON representation of the resource.
"createdDateTime": "dateTimeOffset", "lastUpdatedDateTime": "dateTimeOffset", "chatType": "string",
- "webUrl": "string"
+ "webUrl": "string",
+ "tenantId": "string",
+ "onlineMeetingInfo": {
+ "@odata.type": "microsoft.graph.teamworkOnlineMeetingInfo"
+ }
} ```
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/licenseassignmentstate.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/team.md
For a POST request example, see [Request (create team in migration state)](/micr
| Relationship | Type | Description | |:|:--|:-|
-|channels|[channel](channel.md) collection|The collection of channels & messages associated with the team.|
+|channels|[channel](channel.md) collection|The collection of channels and messages associated with the team.|
|installedApps|[teamsAppInstallation](teamsappinstallation.md) collection|The apps installed in this team.| |members|[conversationMember](../resources/conversationmember.md) collection|Members and owners of the team.| |operations|[teamsAsyncOperation](teamsasyncoperation.md) collection| The async operations that ran or are running on this team. |
v1.0 Teamworkonlinemeetinginfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/teamworkonlinemeetinginfo.md
+
+ Title: "teamworkOnlineMeetingInfo resource type"
+description: "Represents details about an online meeting in Microsoft Teams."
+
+ms.localizationpriority: medium
++
+# teamworkOnlineMeetingInfo resource type
+
+Namespace: microsoft.graph
+
+Represents details about an online meeting in Microsoft Teams.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|calendarEventId|String|The identifier of the calendar event associated with the meeting.|
+|joinWebUrl|String|The URL that users click to join or uniquely identify the meeting.|
+|organizer|[teamworkUserIdentity](teamworkuseridentity.md)|The organizer of the meeting.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.teamworkOnlineMeetingInfo"
+}
+-->
+``` json
+{
+ "calendarEventId": "string",
+ "joinWebUrl": "string",
+ "organizer": {"@odata.type": "microsoft.graph.teamworkUserIdentity"}
+}
+```
+
+## See also
+- [Chat](chat.md)
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/user.md
This resource supports:
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves. Returned only on `$select`.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|assignedLicenses|[assignedLicense](assignedlicense.md) collection|The licenses that are assigned to the user, including inherited (group-based) licenses. Not nullable. Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |assignedPlans|[assignedPlan](assignedplan.md) collection|The plans that are assigned to the user. Read-only. Not nullable. <br><br>Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.| |businessPhones|String collection|The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. <br><br>Returned by default. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| |city|String|The city in which the user is located. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|country|String|The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |createdDateTime | DateTimeOffset |The created date of the user object. Read-only. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`).</ul> <br>Read-only.<br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `in`). |
This resource supports:
|department|String|The name for the department in which the user works. Maximum length is 64 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values).| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| |externalUserState|String|For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `in`).|
This resource supports:
|isResourceAccount|Boolean| Do not use ΓÇô reserved for future use.| |jobTitle|String|The user's job title. Maximum length is 128 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |lastPasswordChangeDateTime| DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.|
-|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
+|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
|licenseAssignmentStates|[licenseAssignmentState](licenseassignmentstate.md) collection|State of license assignments for this user. Read-only. <br><br>Returned only on `$select`.| |mail|String|The SMTP address for the user, for example, `jeff@contoso.onmicrosoft.com`.<br>Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters.<br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values).| |mailboxSettings|[mailboxSettings](mailboxsettings.md)|Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale and time zone. <br><br>Returned only on `$select`.|
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
- name: Assignment settings href: resources/educationassignmentsettings.md items:
- - name: Get assignment settings
+ - name: Get
href: api/educationassignmentsettings-get.md
- - name: Update assignment settings
+ - name: Update
href: api/educationassignmentsettings-update.md - name: Assignment defaults href: resources/educationassignmentdefaults.md items:
- - name: Get assignment defaults
+ - name: Get
href: api/educationassignmentdefaults-get.md
- - name: Update assignment defaults
+ - name: Update
href: api/educationassignmentdefaults-update.md - name: Category href: resources/educationcategory.md items:
- - name: Create category
+ - name: Create
href: api/educationclass-post-category.md
- - name: Get category
+ - name: Get
href: api/educationcategory-get.md
- - name: Delete category
+ - name: Delete
href: api/educationcategory-delete.md - name: Rubric href: resources/educationrubric.md items:
- - name: Create rubric
+ - name: Create
href: api/educationuser-post-rubrics.md
- - name: Get rubric
+ - name: Get
href: api/educationrubric-get.md
- - name: Update rubric
+ - name: Update
href: api/educationrubric-update.md
- - name: Delete rubric
+ - name: Delete
href: api/educationrubric-delete.md - name: Submission href: resources/educationsubmission.md