Updates from: 02/14/2022 02:07:53
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackage List Accesspackagesincompatiblewith https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-accesspackagesincompatiblewith.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/accessPackagesIncompatibleWith
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
``` ## Optional query parameters
v1.0 Accesspackage List Incompatibleaccesspackages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatibleaccesspackages.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleAccessPackages
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
``` ## Optional query parameters
v1.0 Accesspackage List Incompatiblegroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatiblegroups.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleGroups
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
``` ## Optional query parameters
v1.0 Accesspackageassignmentrequest Reprocess https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-reprocess.md
One of the following permissions is required to call this API. To learn more, in
} --> ```http
-POST /identityGovernance/entitlementManagement/accessPackageAssignmentsRequests/{id}/reprocess
+POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/reprocess
``` ## Request headers
The following is an example of the request.
<!-- { "blockType": "ignored",
- "name": "reprocess_accesspackageassignmentsrequest"
+ "name": "reprocess_accesspackageassignmentrequest"
}--> ```http POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/d82eb508-acc4-43cc-bcf1-7c1c4a2c073b/reprocess
v1.0 Accesspackageresourceenvironment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageresourceenvironment-get.md
One of the following permissions is required to call this API. To learn more, in
|:|:| |Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All| |Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
## HTTP request
v1.0 Accessreviewhistorydefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewhistorydefinition-get.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object by its identifier. All of the properties of the access review history definition object are returned. If the definition is 30 days or older, a 404 error is returned.
+Retrieve an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object by its identifier. All of the properties of the access review history definition object are returned. If the definition is 30 days or older, a `404 Not Found` error is returned.
## Permissions
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewhistorydefinition-list-instances.md
Title: "List instances"
+ Title: "List instances (of an accessReviewHistoryDefinition)"
description: "Retrieve the instances of an access review history definition." ms.localizationpriority: medium
ms.prod: "governance"
doc_type: apiPageType
-# List instances
+# List instances (of an accessReviewHistoryDefinition)
Namespace: microsoft.graph
v1.0 Allowedvalue Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/allowedvalue-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Appcatalogs List Teamsapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/appcatalogs-list-teamsapps.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | AppCatalog.Read.All, AppCatalog.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Application Post Calls https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/application-post-calls.md
One of the following permissions is required to call this API. To learn more, in
> **Notes:** For a call with app-hosted media, you need the Calls.AccessMedia.All or the Calls.AccessMedia.Chat* permission in addition to one of the permissions listed. >
-> Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Attributeset Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/attributeset-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Channel Delete Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-delete-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Delete.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Delete.Group*, Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get Filesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get-filesfolder.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | File.Read.Group*, Files.Read.All, Files.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Channel Get Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use the `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Channel List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-list.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-patch-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-patch.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.ReadWrite.Group*, ChannelSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-post-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | | Application | TeamsTab.Create.Group*, TeamsTab.Create, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-post.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Chat List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChatMessage.Read.Chat*, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chat List Operations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-operations.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- {
v1.0 Chatmessage Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-delta.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not Supported | |Application | ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-list-hostedcontents.md
Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedco
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-list-replies.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Post Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-post-replies.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessage Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-post.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessagehostedcontent-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter which supports the values `A` and `B`, based on the preferred licensing and payment requirements. If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used. Following are the examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Cloudpcorganizationsettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/cloudpcorganizationsettings-get.md
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-GET /deviceManagement/virtualEndpoint/cloudPcOrganizationSettings
+GET /deviceManagement/virtualEndpoint/organizationSettings
``` ## Optional query parameters
If successful, this method returns a `200 OK` response code and a [cloudPcOrgani
} --> ``` http
-GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/cloudPcOrganizationSettings
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/organizationSettings
``` ### Response
->**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Cloudpcorganizationsettings Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/cloudpcorganizationsettings-update.md
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-PATCH /deviceManagement/virtualEndpoint/cloudPcOrganizationSettings
+PATCH /deviceManagement/virtualEndpoint/organizationSettings
``` ## Request headers
v1.0 Crosstenantaccesspolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-get.md
+
+ Title: "Get crossTenantAccessPolicy"
+description: "Read the properties and relationships of a crossTenantAccessPolicy object."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicy
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy
+```
+
+### Response
+
+>**Note:** If you have never modified your cross-tenant access settings, this response will return `{}`.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicy",
+ "displayName": "CrossTenantAccessPolicy",
+ "lastModifiedDateTime": "08-23-2021Z00:00:00",
+ "definition": "Cross tenant access policy..."
+ }
+}
+```
v1.0 Crosstenantaccesspolicy List Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-list-partners.md
+
+ Title: "List partners"
+description: "Get a list of all partner configurations within a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# List partners
+
+Namespace: microsoft.graph
++
+Get a list of all partner configurations within a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/partners
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.crossTenantAccessPolicyConfigurationPartner)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "tenantId": "123f4846-ba00-4fd7-ba43-dac1f8f63013",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound": null,
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+ }
+ ]
+}
+```
v1.0 Crosstenantaccesspolicy Post Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-post-partners.md
+
+ Title: "Create crossTenantAccessPolicyConfigurationPartner"
+description: "Create a new partner configuration in a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Create crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Create a new partner configuration in a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /policies/crossTenantAccessPolicy/partners
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object.
+
+The following table shows the properties that are required when you create the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md).
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. |
+| tenantId | String | The tenant identifier for the partner Azure Active Directory (Azure AD) organization. |
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_crosstenantaccesspolicyconfigurationpartner_from_"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners
+Content-Type: application/json
+
+{
+ "tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "6f546279-4da5-4b53-a095-09ea0cef9971",
+ "targetType": "group"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "tenantId": "3d0f5dec-5d3d-455c-8016-e2af1ae4d31a",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "6f546279-4da5-4b53-a095-09ea0cef9971",
+ "targetType": "group"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicy-update.md
+
+ Title: "Update crossTenantAccessPolicy"
+description: "Update the properties of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicy
+
+Namespace: microsoft.graph
++
+Update the properties of a [cross-tenant access policy](../resources/crosstenantaccesspolicy.md).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|The display name of the cross-tenant access policy.|
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+The [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object size is currently limited to 25KB. This method will return a `400 Bad Request` error code if the size of the policy will exceed 25KB.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicy"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy
+Content-Type: application/json
+
+{
+ "displayName": "CrossTenantAccessPolicy",
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-get.md
+
+ Title: "Get crossTenantAccessPolicyConfigurationDefault"
+description: "Read the default configuration of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicyConfigurationDefault
+
+Namespace: microsoft.graph
++
+Read the [default configuration](../resources/crosstenantaccesspolicyconfigurationdefault.md) of a cross-tenant access policy. This default configuration may be the service default assigned by Azure AD (**isServiceDefault** is `true`) or may be customized in your tenant (**isServiceDefault** is `false`).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/default
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicyconfigurationdefault"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default
+```
+
+### Response
+
+The following response object shows a default cross-tenant policy inherited from Azure AD, as identified by **isServiceDefault** set to `true`.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationDefault"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "isServiceDefault": true,
+ "inboundTrust":
+ {
+ "isMfaAccepted": false,
+ "isCompliantDeviceAccepted": false,
+ "isHybridAzureADJoinedDeviceAccepted": false,
+ },
+ "b2bCollaborationOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bCollaborationInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ },
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Resettosystemdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md
+
+ Title: "crossTenantAccessPolicyConfigurationDefault: resetToSystemDefault"
+description: "Reset any changes made to the default configuration in a cross-tenant access policy back to the system default."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationDefault: resetToSystemDefault
+
+Namespace: microsoft.graph
++
+Reset any changes made to the default configuration in a cross-tenant access policy back to the system default.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /policies/crossTenantAccessPolicy/default/resetToSystemDefault
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code. To confirm that the default configuration has been restored to the system defaults, run [Get crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-get.md) and confirm that **isSystemDefault** is set to `true`.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "crosstenantaccesspolicyconfigurationdefault_resettosystemdefault"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/betefault
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-update.md
+
+ Title: "Update crossTenantAccessPolicyConfigurationDefault"
+description: "Update the default configuration of a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicyConfigurationDefault
+
+Namespace: microsoft.graph
++
+Update the [default configuration](../resources/crosstenantaccesspolicyconfigurationdefault.md) of a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy/default
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. |
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicyconfigurationdefault"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default
+Content-Type: application/json
+
+{
+ "b2bCollaborationOutbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "0be493dc-cb56-4a53-936f-9cf64410b8b0",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-delete.md
+
+ Title: "Delete crossTenantAccessPolicyConfigurationPartner"
+description: "Delete a partner-specific configuration in a cross-tenant access policy."
+
+ms.localizationpriority: medium
++
+# Delete crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Delete a [partner-specific configuration](../resources/crosstenantaccesspolicyconfigurationpartner.md) in a cross-tenant access policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+DELETE /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+DELETE https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-get.md
+
+ Title: "Get crossTenantAccessPolicyConfigurationPartner"
+description: "Read the properties and relationships of a partner-specific configuration."
+
+ms.localizationpriority: medium
++
+# Get crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [partner-specific](../resources/crosstenantaccesspolicyconfigurationpartner.md) configuration.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.Read.All, Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "tenantId": "9c5d131d-b1c3-4fc4-9e3f-c6557947d551",
+ "inboundTrust": null,
+ "b2bCollaborationInbound": null,
+ "b2bCollaborationOutbound": null,
+ "b2bDirectConnectOutbound": null,
+ "b2bDirectConnectInbound":
+ {
+ "usersAndGroups":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications":
+ {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "Office365",
+ "targetType": "application"
+ }
+ ]
+ }
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-update.md
+
+ Title: "Update crossTenantAccessPolicyConfigurationPartner"
+description: "Update the properties of a partner-specific configuration."
+
+ms.localizationpriority: medium
++
+# Update crossTenantAccessPolicyConfigurationPartner
+
+Namespace: microsoft.graph
++
+Update the properties of a [partner-specific](../resources/crosstenantaccesspolicyconfigurationpartner.md) configuration.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.CrossTenantAccess|
+|Delegated (personal Microsoft account)|Not applicable|
+|Application|Policy.ReadWrite.CrossTenantAccess|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/crossTenantAccessPolicy/partners/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure Active Directory (Azure AD) organizations. |
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_crosstenantaccesspolicyconfigurationpartner"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/90e29127-71ad-49c7-9ce8-db3f41ea06f1
+Content-Type: application/json
+
+{
+ "inboundTrust":
+ {
+ "isMfaAccepted": true,
+ "isCompliantDeviceAccepted": true,
+ "isHybridAzureADJoinedDeviceAccepted" : true
+ }
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Customsecurityattributedefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition List Allowedvalues https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-list-allowedvalues.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-update.md
PATCH /directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefi
|:|:| |Authorization|Bearer {token}. Required.| |Content-Type|application/json. Required.|
+|OData-Version|4.01. Optional.|
+
+> [!NOTE]
+> To update the predefined values for a custom security attribute, you must add the **OData-Version** header and assign it the value `4.01`.
## Request body In the request body, supply *only* the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
Content-Type: application/json
HTTP/1.1 204 No Content ```
-### Example 2: Deactivate a custom security attribute
+### Example 2: Update the predefined values for a custom security attribute
+
+The following example updates the status of an existing predefined value and adds a new predefined value for a custom security attribute definition.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Update predefined value: `Baker`++ New predefined value: `Skagit`+
+> [!NOTE]
+> For this request, you must add the **OData-Version** header and assign it the value `4.01`.
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` msgraph-interactive
+PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project
+Content-Type: application/json
+OData-Version: 4.01
+
+{
+ "allowedValues@delta": [
+ {
+ "id": "Baker",
+ "isActive": false
+ },
+ {
+ "id": "Skagit",
+ "isActive": true
+ }
+ ]
+}
+```
+
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
+### Example 3: Deactivate a custom security attribute
The following example deactivates a custom security attribute definition.
v1.0 Directory List Attributesets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-attributesets.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory List Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-customsecurityattributedefinitions.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory Post Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-post-customsecurityattributedefinitions.md
Content-length: 310
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customSecurityAttributeDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "id": "Engineering_Project",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true
+}
+```
+
+### Example 3: Add a custom security attribute with a list of predefined values
+
+The following example adds a new custom security attribute definition with a list of predefined values as a collection of strings.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Predefined values: `Alpine`, `Baker`, `Cascade`+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
+Content-Type: application/json
+
+{
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true,
+ "allowedValues": [
+ {
+ "id": "Alpine",
+ "isActive": true
+ },
+ {
+ "id": "Baker",
+ "isActive": true
+ },
+ {
+ "id": "Cascade",
+ "isActive": true
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++ #### Response <!-- { "blockType": "response",
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Driveitem Copy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/driveitem-copy.md
description: "Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name." Last updated 09/10/2017 Title: driveItem: copy
+ Title: "driveItem: copy"
ms.localizationpriority: medium ms.prod: "sharepoint" doc_type: apiPageType
v1.0 Driveitem Createuploadsession https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/driveitem-createuploadsession.md
description: "Create an upload session to allow your app to upload files up to the maximum file size." Title: driveItem: createUploadSession
+ Title: "driveItem: createUploadSession"
ms.localizationpriority: medium ms.prod: "sites-and-lists" doc_type: apiPageType
v1.0 Dynamics Customer Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/dynamics-customer-get.md
Title: Get customers
-description: Gets a customer object in Dynamics 365 Business Central.
+ Title: "Get customers"
+description: "Gets a customer object in Dynamics 365 Business Central."
documentationcenter: ''
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the properties and relationships of a customer object for Dynamics 365 Business Central.
+Retrieve the properties and relationships of a [customer](../resources/dynamics-customer.md) object for Dynamics 365 Business Central.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Application|Financials.ReadWrite.All| ## HTTP request
-```
+```http
GET /financials/companies/{id}/customers/{id} ```
Do not supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and a **customers** object in the response body.
-**Request**
+## Examples
+
+### Request
-Here is an example of the request.
+The following is an example of a request.
```http GET https://graph.microsoft.com/beta/financials/companies/{id}/customers/{id} ```
-**Response**
+### Response
-Here is an example of the response.
+The following is an example of the response.
> **Note**: The response object shown here might be shortened for readability.
v1.0 Educationassignment Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignment-delta.md
Use the `$top` parameter to specify the number of assignments to be returned. Th
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/education/education/classes/72a7baec-c3e9-4213-a850-f62de0adad5f/assignments/delta?$top=2
+GET https://graph.microsoft.com/beta/education/classes/72a7baec-c3e9-4213-a850-f62de0adad5f/assignments/delta?$top=2
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-assignments-delta-csharp-snippets.md)]
v1.0 Educationassignment Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignment-update.md
Content-type: application/json
## See also * [States, transitions, and limitations for assignments and submissions](/graph/assignments-submissions-states-transition)
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC -->
v1.0 Educationassignmentdefaults Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignmentdefaults-update.md
Content-Type: application/json
"notificationChannelUrl": "https://graph.microsoft.com/beta/teams('id')/channels('id')" } ```
+## See also
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
v1.0 Entitlementmanagement List Accesspackageresourceenvironment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/entitlementmanagement-list-accesspackageresourceenvironment.md
One of the following permissions is required to call this API. To learn more, in
|:|:| |Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All| |Delegated (personal Microsoft account)|Not supported|
-|Application|Not supported|
+|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
## HTTP request
v1.0 Entitlementmanagement Post Accesspackageresourcerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md
One of the following permissions is required to call this API. To learn more, in
|:|:--| | Delegated (work or school account) | EntitlementManagement.ReadWrite.All | | Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+| Application | EntitlementManagement.ReadWrite.All |
## HTTP request
Content-type: application/json
} ```
+### Example 6: Create an accessPackageResourceRequest for adding an application
+
+#### Request
+
+The following is an example of the request for adding an application to a catalog, including specifying a required attribute of that application.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_accesspackageresourcerequest_from_accesspackageresourcerequests6"
+}-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageResourceRequests
+Content-type: application/json
+
+{
+ "catalogId": "26ac0c0a-08bc-4a7b-a313-839f58044ba5",
+ "requestType": "AdminAdd",
+ "justification": "",
+ "accessPackageResource": {
+ "displayName": "Faculty cafeteria ordering",
+ "description": "Example application",
+ "url": "https://myapps.microsoft.com/example.com/signin/Faculty%20cafeteria%20ordering/f1e3b407-942d-4934-9a3f-cef1975cb988/",
+ "resourceType": "Application",
+ "originId": "2f1099a6-d4fc-4cc9-a0ef-ddd3f1bf0b7e",
+ "originSystem": "AadApplication",
+ "attributes": [
+ {
+ "attributeName": "extension_2b676109c7c74ae2b41549205f1947ed_personalTitle",
+ "isEditable": true,
+ "isPersistedOnAssignmentRemoval": true,
+ "attributeSource": {
+ "@odata.type": "#microsoft.graph.accessPackageResourceAttributeQuestion",
+ "question": {
+ "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
+ "isRequired": false,
+ "sequence": 0,
+ "isSingleLineQuestion": true,
+ "text": {
+ "defaultText": "Title",
+ "localizedTexts": []
+ }
+ }
+ },
+ "attributeDestination": {
+ "@odata.type": "#microsoft.graph.accessPackageUserDirectoryAttributeStore"
+ }
+ }
+ ]
+ }
+}
+
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageResourceRequest"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "id": "f0e632ed-afd2-41d3-8d6e-ccefda457e5e",
+ "requestType": "AdminAdd",
+ "requestState": "Delivered",
+ "requestStatus": "Fulfilled"
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Identityprotectionroot List Riskyserviceprincipals https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityprotectionroot-list-riskyserviceprincipals.md
+
+ Title: "List riskyServicePrincipals"
+description: "Retrieve the properties and relationships of riskyServicePrincipal objects."
+
+ms.localizationpriority: medium
++
+# List riskyServicePrincipals
+Namespace: microsoft.graph
++
+Retrieve the properties and relationships of [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects.
+
+>**Note:** Using the riskyServicePrincipals API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals
+```
+
+## Optional query parameters
+This method supports the `$count`, `$filter`, `$select`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_riskyserviceprincipal"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.riskyServicePrincipal)"
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#riskyServicePrincipal",
+ "value": [
+ {
+ "id": "9089a539-a539-9089-39a5-899039a58990",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-08-14T13:06:51.0451374Z",
+ "riskLevel": "high",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "displayName": "Contoso App",
+ "appId": "b55552fe-a272-4b56-990b-95038d917878",
+ "servicePrincipalType": "Application"
+ }
+ ]
+}
+```
v1.0 Identityprotectionroot List Serviceprincipalriskdetections https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityprotectionroot-list-serviceprincipalriskdetections.md
+
+ Title: "List servicePrincipalRiskDetections"
+description: "Retrieve the properties of a collection of servicePrincipalRiskDetection objects."
+
+ms.localizationpriority: medium
++
+# List servicePrincipalRiskDetections
+Namespace: microsoft.graph
++
+Retrieve the properties of a collection of [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) objects.
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/servicePrincipalRiskDetections
+```
+
+## Optional query parameters
+This method supports the `$filter` and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) objects in the response body.
+
+## Examples
+
+### Example 1: List risk detections
+
+#### Request
+
+The following is an example of the request.
+<!-- {
+ "blockType": "request",
+ "name": "list_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections
+```
++
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.servicePrincipalRiskDetection)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+ ]
+}
+```
+
+### Example 2: List risk detections and filter the results
+
+#### Request
+The following example shows how to use `$filter` to get the collection of service principal risk detections where the risk level is `medium` or the risk event type is `investigationsThreatIntelligence`.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_filter_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections?$filter=riskEventType eq 'investigationsThreatIntelligence' or riskLevel eq 'medium'
+```
+
+#### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.servicePrincipalRiskDetection)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+ ]
+}
+```
v1.0 Meetingregistration Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/meetingregistration-post.md
In the request body, supply a JSON representation of a [meetingRegistration](../
## Response
-If successful, this method returns a `201 Created` response code and [meetingRegistration](../resources/meetingregistration.md) object in the response body.
+If successful, this method returns a `201 Created` response code and a [meetingRegistration](../resources/meetingregistration.md) object in the response body.
> [!NOTE] >
v1.0 Organizationalbranding Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbranding-get.md
Content-Type: application/json
"@odata.context": "https://graph.microsoft.com/beta/$metadata#branding", "@odata.id": "https://graph.microsoft.com/v2/99b24e1b-abec-4598-9d63-a2baf0a3cea1/directoryObjects/$/Microsoft.DirectoryServices.Organization('99b24e1b-abec-4598-9d63-a2baf0a3cea1')/branding/0", "id": "0",
- "backgroundColor": "",
+ "backgroundColor": " ",
"backgroundImageRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/illustration?ts=637535563816027796", "bannerLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/bannerlogo?ts=637535563824629275", "cdnList": [
Content-Type: application/json
"aadcdn.msftauthimages.net", "aadcdn.msauthimages.net" ],
+ "customAccountResetCredentialsUrl": null,
+ "customCannotAccessYourAccountText": null,
+ "customCannotAccessYourAccountUrl": null,
+ "customForgotMyPasswordText": null,
+ "customPrivacyAndCookiesText": null,
+ "customPrivacyAndCookiesUrl": null,
+ "customTermsOfUseText": null,
+ "customTermsOfUseUrl": null,
+ "customResetItNowText": null,
+ "faviconRelativeUrl": null,
+ "headerBackgroundColor": null,
"signInPageText": "Contoso", "squareLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/tilelogo?ts=637535563832888580",
- "usernameHintText": ""
+ "usernameHintText": " ",
+ "loginPageTextVisibilitySettings": {
+ "hideCannotAccessYourAccount": false,
+ "hideForgotMyPassword": false,
+ "hideResetItNow": false,
+ "hideTermsOfUse": true,
+ "hidePrivacyAndCookies": true
+ }
} ```
The following example returns the **bannerLogo** object which hadn't been set fo
The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_organizationalbranding_frlocale_bannerLogo"
The following is an example of the request.
```msgraph-interactive GET https://graph.microsoft.com/beta/organization/d69179bf-f4a4-41a9-a9de-249c0f2efb1d/branding/localizations/default/bannerLogo ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-- #### Response
v1.0 Organizationalbranding List Localizations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbranding-list-localizations.md
Content-Type: application/json
{ "@odata.id": "https://graph.microsoft.com/v2/84841066-274d-4ec0-a5c1-276be684bdd3/directoryObjects/$/Microsoft.DirectoryServices.Organization('84841066-274d-4ec0-a5c1-276be684bdd3')//localizations/0", "id": "0",
- "backgroundColor": "",
+ "backgroundColor": " ",
"backgroundImageRelativeUrl": "c1c6b6c8-ctwpxrbizfcsectmtir3yvna3hrhaib9j7ueqv0ldne/logintenantbranding/0/illustration?ts=637635061764954395", "bannerLogoRelativeUrl": "c1c6b6c8-ctwpxrbizfcsectmtir3yvna3hrhaib9j7ueqv0ldne/logintenantbranding/0/bannerlogo?ts=637635061773126717", "cdnList": [
Content-Type: application/json
"aadcdn.msftauthimages.net", "aadcdn.msauthimages.net" ],
+ "customAccountResetCredentialsUrl": null,
+ "customCannotAccessYourAccountText": null,
+ "customCannotAccessYourAccountUrl": null,
+ "customForgotMyPasswordText": null,
+ "customPrivacyAndCookiesText": null,
+ "customPrivacyAndCookiesUrl": null,
+ "customTermsOfUseText": null,
+ "customTermsOfUseUrl": null,
+ "customResetItNowText": null,
+ "faviconRelativeUrl": null,
+ "headerBackgroundColor": null,
"signInPageText": "Contoso",
- "squareLogoRelativeUrl": "c1c6b6c8-ctwpxrbizfcsectmtir3yvna3hrhaib9j7ueqv0ldne/logintenantbranding/0/tilelogo?ts=637635061781098977",
- "usernameHintText": ""
+ "squareLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/tilelogo?ts=637535563832888580",
+ "usernameHintText": " ",
+ "loginPageTextVisibilitySettings": {
+ "hideCannotAccessYourAccount": false,
+ "hideForgotMyPassword": false,
+ "hideResetItNow": false,
+ "hideTermsOfUse": true,
+ "hidePrivacyAndCookies": true
+ }
}, { "@odata.id": "https://graph.microsoft.com/v2/84841066-274d-4ec0-a5c1-276be684bdd3/directoryObjects/$/Microsoft.DirectoryServices.Organization('84841066-274d-4ec0-a5c1-276be684bdd3')//localizations/fr",
Content-Type: application/json
"backgroundImageRelativeUrl": null, "bannerLogoRelativeUrl": null, "cdnList": [],
- "signInPageText": "Welcome",
- "squareLogoRelativeUrl": null,
- "usernameHintText": "hint"
+ "customAccountResetCredentialsUrl": null,
+ "customCannotAccessYourAccountText": null,
+ "customCannotAccessYourAccountUrl": null,
+ "customForgotMyPasswordText": null,
+ "customPrivacyAndCookiesText": null,
+ "customPrivacyAndCookiesUrl": null,
+ "customTermsOfUseText": null,
+ "customTermsOfUseUrl": null,
+ "customResetItNowText": null,
+ "faviconRelativeUrl": null,
+ "headerBackgroundColor": null,
+ "signInPageText": "Contoso",
+ "squareLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/tilelogo?ts=637535563832888580",
+ "usernameHintText": " ",
+ "loginPageTextVisibilitySettings": {
+ "hideCannotAccessYourAccount": false,
+ "hideForgotMyPassword": false,
+ "hideResetItNow": false,
+ "hideTermsOfUse": true,
+ "hidePrivacyAndCookies": true
+ }
} ] }
v1.0 Organizationalbranding Post Localizations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbranding-post-localizations.md
Content-Type: application/json
"@odata.context": "https://graph.microsoft.com/beta/$metadata#organization('d69179bf-f4a4-41a9-a9de-249c0f2efb1d')/branding/localizations/$entity", "@odata.id": "https://graph.microsoft.com/v2/d69179bf-f4a4-41a9-a9de-249c0f2efb1d/directoryObjects/$/Microsoft.DirectoryServices.Organization('d69179bf-f4a4-41a9-a9de-249c0f2efb1d')//localizations/fr-FR", "id": "fr-FR",
- "backgroundColor": "",
+ "backgroundColor": " ",
"backgroundImageRelativeUrl": null, "bannerLogoRelativeUrl": null, "cdnList": [], "signInPageText": " ", "squareLogoRelativeUrl": null,
- "usernameHintText": ""
+ "usernameHintText": " "
} ```
v1.0 Organizationalbranding Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbranding-update.md
PATCH /organization/{organizationId}/branding
|Accept-Language|A valid ISO 639-1 locale. Required.| ## Request body
-In the request body, supply *only* the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
-
-The following table specifies the properties that can be updated.
| Property | Type | Description | |:-|:|:|
-| backgroundColor | String | Color that will appear in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
+| backgroundColor | String | Color that appears in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. |
-| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG no larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
-| signInPageText | String | Text that appears at the bottom of the sign-in box. You can use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters. |
-| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG no larger than 240 x 240 pixels and no more than 10 KB in size. We recommend using a transparent image with no padding around the logo. |
-| usernameHintText | String | String that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. |
-
+| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG not larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
+| customAccountResetCredentialsUrl | String | A custom URL for resetting account credentials. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customCannotAccessYourAccountText | String | A string to replace the default "Can't access your account?" self-service password reset (SSPR) hyperlink text on the sign-in page. This text must be in Unicode format and not exceed 256 characters. |
+| customForgotMyPasswordText | String | A string to replace the default "Forgot my password" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesText | String | A string to replace the default "Privacy and Cookies" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesUrl | String | A custom URL to replace the default URL of the "Privacy and Cookies" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customTermsOfUseText | String | A string to replace the the default "Terms of Use" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customTermsOfUseUrl | String | A custom URL to replace the default URL of the "Terms of Use" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128characters. |
+| favicon | Stream | A custom icon (favicon) to replace a default Microsoft product favicon on an Azure AD tenant. |
+| headerBackgroundColor | String | The RGB color to apply to customize the color of the header. |
+| loginPageTextVisibilitySettings | [loginPageTextVisibilitySettings](../resources/loginPageTextVisibilitySettings.md) | Represents the various texts that can be hidden on the login page for a tenant. All the properties can be updated. |
+| signInPageText | String | Text that appears at the bottom of the sign-in box. Use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be in Unicode format and not exceed 1024 characters. |
+| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG not larger than 240 x 240 pixels and not more than 10 KB in size. We recommend using a transparent image with no padding around the logo.|
+| usernameHintText | String | A string that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. |
## Response
The following is an example of the request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_organizationalbrandinglocaliation_2"
Content-Type: image/jpeg
<Image> ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
---
v1.0 Organizationalbrandinglocalization Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandinglocalization-get.md
Content-Type: application/json
"@odata.type": "#microsoft.graph.organizationalBrandingProperties", "@odata.id": "https://graph.microsoft.com/v2/99b24e1b-abec-4598-9d63-a2baf0a3cea1/directoryObjects/$/Microsoft.DirectoryServices.Organization('99b24e1b-abec-4598-9d63-a2baf0a3cea1')//localizations('fr-FR')/fr-FR", "id": "fr-FR",
- "backgroundColor": "",
+ "backgroundColor": " ",
"backgroundImageRelativeUrl": null, "bannerLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/1036/bannerlogo?ts=637673868626068858", "cdnList": [
Content-Type: application/json
"aadcdn.msftauthimages.net", "aadcdn.msauthimages.net" ],
- "signInPageText": "Welcome to Contoso France",
- "usernameHintText": "Welcome to Contoso France"
+ "customAccountResetCredentialsUrl": null,
+ "customCannotAccessYourAccountText": null,
+ "customCannotAccessYourAccountUrl": null,
+ "customForgotMyPasswordText": null,
+ "customPrivacyAndCookiesText": null,
+ "customPrivacyAndCookiesUrl": null,
+ "customTermsOfUseText": null,
+ "customTermsOfUseUrl": null,
+ "customResetItNowText": null,
+ "faviconRelativeUrl": null,
+ "headerBackgroundColor": null,
+ "signInPageText": "Contoso",
+ "squareLogoRelativeUrl": "c1c6b6c8-urr-dzbkz44n5kuo9kzl1kziuujjcdqonoe2owyacso/logintenantbranding/0/tilelogo?ts=637535563832888580",
+ "usernameHintText": " ",
+ "loginPageTextVisibilitySettings": {
+ "hideCannotAccessYourAccount": false,
+ "hideForgotMyPassword": false,
+ "hideResetItNow": false,
+ "hideTermsOfUse": true,
+ "hidePrivacyAndCookies": true
+ }
} ```
v1.0 Organizationalbrandinglocalization Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandinglocalization-update.md
PUT /organization/{organizationId}/branding/localizations/{organizationalBrandin
|Content-Type|application/json. Required.| ## Request body
-In the request body, supply *only* the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
-The following table specifies the properties that can be updated.
| Property | Type | Description | |:-|:|:|
-| backgroundColor | String | Color that will appear in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
+| backgroundColor | String | Color that appears in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. |
-| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG no larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
-| signInPageText | String | Text that appears at the bottom of the sign-in box. You can use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters. |
-| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG no larger than 240 x 240 pixels and no more than 10 KB in size. We recommend using a transparent image with no padding around the logo.|
-| usernameHintText | String | String that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters.|
+| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG not larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
+| customAccountResetCredentialsUrl | String | A custom URL for resetting account credentials. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customCannotAccessYourAccountText | String | A string to replace the default "Can't access your account?" self-service password reset (SSPR) hyperlink text on the sign-in page. This text must be in Unicode format and not exceed 256 characters. |
+| customForgotMyPasswordText | String | A string to replace the default "Forgot my password" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesText | String | A string to replace the default "Privacy and Cookies" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesUrl | String | A custom URL to replace the default URL of the "Privacy and Cookies" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customTermsOfUseText | String | A string to replace the the default "Terms of Use" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customTermsOfUseUrl | String | A custom URL to replace the default URL of the "Terms of Use" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128characters. |
+| favicon | Stream | A custom icon (favicon) to replace a default Microsoft product favicon on an Azure AD tenant. |
+| headerBackgroundColor | String | The RGB color to apply to customize the color of the header. |
+| loginPageTextVisibilitySettings | [loginPageTextVisibilitySettings](../resources/loginPageTextVisibilitySettings.md) | Represents the various texts that can be hidden on the login page for a tenant. All the properties can be updated. |
+| signInPageText | String | Text that appears at the bottom of the sign-in box. Use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be in Unicode format and not exceed 1024 characters. |
+| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG not larger than 240 x 240 pixels and not more than 10 KB in size. We recommend using a transparent image with no padding around the logo.|
+| usernameHintText | String | A string that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. |
## Response
Content-Type: image/jpeg
} --> ```http
-HTTP/1.1 204 NO CONTENT
+HTTP/1.1 204 No Content
``` ### Example 2: Update the backgroundColor and signInPageText for the fr-FR localization using PATCH
Content-Type: application/json
#### Response
+Following the request, the **usernameHintText** for the `fr-FR` localization will be empty instead of inheriting the value from the default branding object.
+ <!-- { "blockType": "response" } -->
Content-Type: application/json
```http HTTP/1.1 204 No Content ```-
-Following this request, usernameHintText for the `fr-FR` localization will be empty instead of inheriting the value from the default branding object.
v1.0 Riskyserviceprincipal Confirmcompromised https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-confirmcompromised.md
+
+ Title: "riskyServicePrincipal: confirmCompromised"
+description: "Confirm one or more riskyServicePrincipal objects as compromised."
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal: confirmCompromised
+Namespace: microsoft.graph
++
+Confirm one or more [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects as compromised. This action sets the targeted service principal account's risk level to `high`. When the risk level of the service principal is confirmed as compromised, the service principal object is disabled and its **disabledByMicrosoftStatus** property is updated.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityProtection/riskyServicePrincipals/confirmCompromised
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+In the request body, specify the collection of ids of the risky service principals in a **servicePrincipalIds** property.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "riskyserviceprincipal_confirmcompromised"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/confirmCompromised
+Content-Type: application/json
+
+{
+ "servicePrincipalIds": [
+ "9089a539-a539-9089-39a5-899039a58990"
+ ]
+}
+```
++
+### Response
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Riskyserviceprincipal Dismiss https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-dismiss.md
+
+ Title: "riskyServicePrincipal: dismiss"
+description: "Dismiss the risk of one or more riskyServicePrincipal objects."
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal: dismiss
+Namespace: microsoft.graph
++
+Dismiss the risk of one or more [riskyServicePrincipal](../resources/riskyserviceprincipal.md) objects. This action sets the targeted service principal account's risk level to `none`. You can dismiss up to 60 service principal accounts in one request.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityProtection/riskyServicePrincipals/dismiss
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+In the request body, specify the collection of ids of the risky service principals in a **servicePrincipalIds** property.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "riskyserviceprincipal_dismiss"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/dismiss
+Content-Type: application/json
+
+{
+ "servicePrincipalIds": [
+ "9089a539-a539-9089-39a5-899039a58990"
+ ]
+}
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Riskyserviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-get.md
+
+ Title: "Get riskyServicePrincipal"
+description: "Read the properties and relationships of a riskyServicePrincipal object."
+
+ms.localizationpriority: medium
++
+# Get riskyServicePrincipal
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [riskyServicePrincipal](../resources/riskyserviceprincipal.md) object.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [riskyServicePrincipal](../resources/riskyserviceprincipal.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_riskyserviceprincipal"
+}
+-->
+
+ ``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/9089a539-a539-9089-39a5-899039a58990
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.riskyServicePrincipal"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.riskyServicePrincipal",
+ "id": "9089a539-a539-9089-39a5-899039a58990",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-08-14T13:06:51.0451374Z",
+ "riskLevel": "high",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "displayName": "Contoso App",
+ "appId": "b55552fe-a272-4b56-990b-95038d917878",
+ "servicePrincipalType": "Application"
+ }
+}
+```
+
v1.0 Riskyserviceprincipal List History https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/riskyserviceprincipal-list-history.md
+
+ Title: "List history (risk history of riskyServicePrincipal)"
+description: "Get the risk history of a riskyServicePrincipal object."
+
+ms.localizationpriority: medium
++
+# List history (risk history of riskyServicePrincipal)
+Namespace: microsoft.graph
++
+Get the risk history of a [riskyServicePrincipal](../resources/riskyServicePrincipal.md) object.
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history
+```
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [riskyServicePrincipalHistoryItem](../resources/riskyserviceprincipalhistoryitem.md) objects in the response body.
+
+## Example
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_riskyserviceprincipalhistoryitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.riskyServicePrincipalHistoryItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#riskyServicePrincipalHistoryItem",
+ "value": [
+ {
+ "id": "0fbef39d-9e8c-460b-444e-8ae5abcdffd7",
+ "accountEnabled": true,
+ "isProcessing": false,
+ "riskLastUpdatedDateTime": "2021-10-20T01:14:37.7214159Z",
+ "riskState": "atRisk",
+ "riskDetail": "none",
+ "riskLevel": "high",
+ "displayName": "Contoso App",
+ "appId": "ede08db0-9492-4a0c-8ae3-8ggg056c5d75",
+ "servicePrincipalType": "Application",
+ "servicePrincipalId": "0fbef39d-9e8c-777b-860e-8ae5abcdffd7",
+ "initiatedBy": null,
+ "activity": null
+ }
+ ]
+}
+```
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-get.md
Content-type: application/json
], "signInAudience": "AzureADandPersonalMicrosoftAccount", "tags": [],
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"addIns": [], "api": { "resourceSpecificApplicationPermissions": []
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 Serviceprincipalriskdetection Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipalriskdetection-get.md
+
+ Title: "Get servicePrincipalRiskDetection"
+description: "Read the properties and relationships of a servicePrincipalRiskDetection object."
+
+ms.localizationpriority: medium
++
+# Get servicePrincipalRiskDetection
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) object.
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|IdentityRiskyServicePrincipal.Read.All, IdentityRiskyServicePrincipal.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId}
+```
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) object in the response body.
+
+## Examples
+
+### Example 1: Get a specific risk detection object
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_serviceprincipalriskdetection"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId}
+```
++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.servicePrincipalRiskDetection"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "2856d6e87c5c3a74021ff70291fa68107570c150d8dc145bdea5",
+ "requestId": null,
+ "correlationId": null,
+ "riskEventType": "investigationsThreatIntelligence",
+ "riskState": "atRisk",
+ "riskLevel": "high",
+ "riskDetail": "none",
+ "source": "IdentityProtection",
+ "detectionTimingType": "offline",
+ "activity": "servicePrincipal",
+ "tokenIssuerType": "AzureAD",
+ "ipAddress": null,
+ "location": null,
+ "activityDateTime": "2021-10-26T00:00:00Z",
+ "detectedDateTime": "2021-10-26T00:00:00Z",
+ "lastUpdatedDateTime": "2021-10-26T16:28:17.8202975Z)",
+ "servicePrincipalId": "99b8d28b-11ae-4e84-9bef-0e767e286grg",
+ "servicePrincipalDisplayName": "Contoso App",
+ "appId": "0grb38ac-a572-491d-a9db-b07197643457",
+ "keyIds": [
+ "9d9fea30-d8e3-481b-b57c-0ef569a989e5"
+ ],
+ "additionalInfo": "[{\"Key\":\"alertUrl\",\"Value\":null}]"
+ }
+}
+```
+
v1.0 Site Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/site-get.md
description: "Retrieve properties and relationships for a site resource." Previously updated : 09/10/2017 Title: Get a SharePoint Site ms.localizationpriority: medium ms.prod: "sharepoint"
v1.0 Sitepage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/sitepage-get.md
GET /sites/{site-id}/pages/{page-id}
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
GET /sites/{site-id}/pages/{page-id}
-##### Response
+### Response
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.sitePage", "truncated": true } -->
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
Response results are based on the context of the calling app. The following sections describe the common scenarios.
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
|[baseTask](../resources/basetask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Tasklist Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/tasklist-delete.md
If successful, this method returns a `204 No Content` response code.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_tasklist" } --> ``` http
-DELETE https://graph.microsoft.com/beta/user/tasks/lists/AAMkAGVjMzJmMWZjLTgyYjgtNGIyNi1hOGQ0LWRjMjNmMGRmOWNiYQAu
+DELETE https://graph.microsoft.com/beta/me/tasks/lists/AAMkAGVjMzJmMWZjLTgyYjgtNGIyNi1hOGQ0LWRjMjNmMGRmOWNiYQAu
```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Team Archive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-archive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Clone https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-clone.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.Create, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
## HTTP request
v1.0 Team Get Photo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-photo.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get Primarychannel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get-primarychannel.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (work or school account) | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** | |Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
## HTTP request
v1.0 Team List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.Read.Group*, TeamMember.Read.All, TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team List Permissiongrants https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-list-permissiongrants.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, TeamsApp.Read.Group* |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-post.md
One of the following permissions is required to call this API. To learn more, in
> **Note**: The Teamwork.Migrate.All permission is *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Unarchive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-unarchive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/team-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Teamsapp Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-delete.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported.| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Publish https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-publish.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsapp-update.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsasyncoperation Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsasyncoperation-get.md
The following permissions are for getting the operation on a chat:
| Delegated (personal Microsoft account) | Not supported. | | Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- {
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
> **Note:** Currently, with user delegated permissions, this operation only works for the `me` user. With application permissions, it works for all users by specifying the specific user ID (`me` alias is not supported with application permissions). For details, see [Known issues](/graph/known-issues#microsoft-teams-users-list-of-joined-teams-preview).
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-update.md
Namespace: microsoft.graph
Update the properties of a [user](../resources/user.md) object. Not all properties can be updated by Member or Guest users with their default permissions without Administrator roles. [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions) to see properties they can manage. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+One of the following pefrmissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
|Permission type | Permissions (from least to most privileged) | |:--|:|
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|assignedLicenses|[assignedLicense](../resources/assignedlicense.md) collection|The licenses that are assigned to the user. Not nullable. | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. **NOTE:** Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |customSecurityAttributes|[customSecurityAttributeValue](../resources/customsecurityattributevalue.md)|An open complex type that holds the value of a custom security attribute that is assigned to a directory object.<br/><br/>To update this property, the calling principal must be assigned the Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates.|
-|employeeId|String|The employee identifier assigned to the user by the organization.|
+|employeeId|String|The employee identifier assigned to the user by the organization. The maximum length is 16 characters.|
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
v1.0 Userinsightssettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userinsightssettings-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/settings/itemInsights
-GET /user/{userId}/settings/itemInsights
+GET /users/{userId}/settings/itemInsights
``` >**Note:** Requests with a `userId` or `userPrincipalName` are only accessible by the user or by a user with the User.ReadWrite.All permissions. To learn more, see [Permissions](/graph/permissions-reference).
v1.0 X509certificateauthenticationmethodconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-delete.md
+
+ Title: "Delete x509CertificateAuthenticationMethodConfiguration"
+description: "Delete a x509CertificateAuthenticationMethodConfiguration object and restores all the other properties to their default settings"
+
+ms.localizationpriority: medium
++
+# Delete x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Restore the [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object to its default configuration.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-get.md
+
+ Title: "Get x509CertificateAuthenticationMethodConfiguration"
+description: "Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Get x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Read the configuration details for the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md) in the [authentication methods policy](../resources/authenticationmethodspolicy.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Global Reader
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Optional query parameters
+This method does not support the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-update.md
+
+ Title: "Update x509CertificateAuthenticationMethodConfiguration"
+description: "Update the properties of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Update x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Update the properties of the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+The following properties can be updated.
+
+|Property|Type|Description|
+|:|:|:|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
+
+>**Note:** The `@odata.type` property with a value of `#microsoft.graph.x509CertificateAuthenticationMethodConfiguration` must be included in the body.
++
+## Response
+
+If successful, this method returns a `204 No Content` response code and an updated [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+Content-Type: application/json
+```
+
v1.0 Accesspackagemultiplechoicequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagemultiplechoicequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A child of **accessPackageQuestion** that presents multiple options that the requestor must choose an answer from.
+A child of **accessPackageQuestion** that presents multiple options that the requestor must choose an answer from. This is used in the **questions** property of an [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) and inside an [accessPackageResourceAttribute](accesspackageresourceattribute.md) of an access package resource.
Inherits from [accessPackageQuestion](../resources/accesspackagequestion.md).
v1.0 Accesspackagequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Used for the `accessPackageQuestion` property of an [access package assignment policy](accesspackageassignmentpolicy.md).
+Used for the **accessPackageQuestion** property of an [access package assignment policy](accesspackageassignmentpolicy.md) and the **accessPackageResourceAttributeQuestion** in an [accessPackageResourceAttribute](accesspackageresourceattribute.md).
-Subtypes include [accessPackageTextInputQuestions](accesspackagetextinputquestion.md) and [accessPackageMultipleChoiceQuestions](accesspackagemultiplechoicequestion.md).
+Subtypes include [accessPackageTextInputQuestion](accesspackagetextinputquestion.md) and [accessPackageMultipleChoiceQuestion](accesspackagemultiplechoicequestion.md).
## Properties |Property|Type|Description|
v1.0 Accesspackageresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresource.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Property | Type | Description | |:-|:|:| |accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.|
-|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains attribute information for the resource.
-|addedBy|String|Read-only.|
+|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains information about the attributes to be collected from the requestor and sent to the resource application. |
+|addedBy|String|The name of the user or application that first added this resource. Read-only.|
|addedOn|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |description|String|A description for the resource.| |displayName|String|The display name of the resource, such as the application name, group name or site name.|
v1.0 Accesspackageresourceattribute https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattribute.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A resource that exposes properties for the requestor of an access package to provide custom information that may be used to make approval decisions for the access package.
+An access package resource attribute is the definition of a property that a user is required to have to be able to access an application. This structure is included in an [accessPackageResource](../resources/accesspackageresource.md) of a catalog, for an application whose roles are included in an access package in that catalog. When a user requests the access package, they must supply the value of the attribute, which, if the request is approved, is then written on the user's directory object. The application can then subsequently [read the attribute of the user](../api/user-get.md).
+ ## Properties |Property|Type|Description| |:|:|:|
-|attributeDestination|[accessPackageResourceAttributeDestination](../resources/accesspackageresourceattributedestination.md)|Information about how to set the attribute.|
-|attributeName|String|The name of the attribute in the end system.|
-|attributeSource|[accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md)|Information about how to populate the attribute value when an **accessPackageAssignmentRequest** is being fulfilled.|
-|id|String|Unique identifier for the attribute.|
+|attributeDestination|[accessPackageResourceAttributeDestination](../resources/accesspackageresourceattributedestination.md)|Information about how to set the attribute, currently a [accessPackageUserDirectoryAttributeStore](accesspackageuserdirectoryattributestore.md) object type.|
+|attributeName|String|The name of the attribute in the end system. If the destination is `accessPackageUserDirectoryAttributeStore`, then a user property such as **jobTitle** or a directory schema extension for the user object type, such as `extension_2b676109c7c74ae2b41549205f1947ed_personalTitle`. |
+|attributeSource|[accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md)|Information about how to populate the attribute value when an **accessPackageAssignmentRequest** is being fulfilled, currently a [accessPackageResourceAttributeQuestion](accesspackageresourceattributequestion.md) object type.|
+|id|String|Unique identifier for the attribute on the access package resource. Read-only. |
|isEditable|String| Specifies whether or not an existing attribute value can be edited by the requester.| |isPersistedOnAssignmentRemoval|Boolean| Specifies whether the attribute will remain in the end system after an assignment ends.| +
+### accessPackageResourceAttribute resource type and extension properties
+
+The **attributeDestination**, **attributeName**, and **attributeSource** properties of an access package resource attribute relate to the [directory extension properties](extensionproperty.md).
+
+If the **attributeDestination** is an [accessPackageUserDirectoryAttributeStore](accesspackageuserdirectoryattributestore.md) object type, then the attribute indicated by **attributeName** must be a writable property of the [user](user.md) object. These writable properties are String types registered as [extension properties](extensionproperty.md) on the target **User** object.
+
+For example, suppose an application requires two user attributes, a user's job title, and their personal title. The values of these attributes could be synchronized to Azure AD from the on-premises Active Directory **jobTitle** and **personalTitle** attributes. Because **personalTitle** is not one of the default properties of the [user](user.md) object, this would require [creating a directory schema extension](../api/application-post-extensionproperty.md) to add the **personalTitle** property to the user object type. When creating a resource request for the application, you can include two access package resource attributes, one for the user property **jobTitle**, and another with the name of the directory schema extension property that was created for the personal title, such as `extension_2b676109c7c74ae2b41549205f1947ed_personalTitle`.
+
+If the **attributeSource** of the attribute is an [accessPackageResourceAttributeQuestion](accesspackageresourceattributequestion.md), then the requestor's supplied value is stored as provided on the user object, and made available to the application and other Microsoft Graph clients.
## Relationships None.
The following is a JSON representation of the resource.
}, "id": "String (identifier)", "isEditable": "Boolean",
+ "isPersistedOnAssignmentRemoval": "Boolean"
} ```
v1.0 Accesspackageresourceattributedestination https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributedestination.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An abstract type used for the **attributeDestination** property of an access package. The actual destination will be a subtype of this complex type.
+An abstract type used for the **attributeDestination** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md). The actual destination will be a subtype of this complex type.
Currently, the only supported subtype is [accessPackageUserDirectoryAttributeStore](../resources/accesspackageuserdirectoryattributestore.md).
v1.0 Accesspackageresourceattributequestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributequestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Resource that defines the question provided to an end user, for the purpose of obtaining an attribute value to be passed to the end system or the request approver.
+Resource that defines the [question](accesspackagequestion.md) provided to an end user, for the purpose of obtaining an attribute value to be passed to the end system or the request approver.
-Inherits from [accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md).
+This type inherits from [accessPackageResourceAttributeSource](../resources/accesspackageresourceattributesource.md) and is used in the **attributeSource** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md).
+
+The only property is **question**, which could be an [accessPackageTextInputQuestion](accesspackagetextinputquestion.md) or a [accessPackageMultipleChoiceQuestion](accesspackagemultiplechoicequestion.md) object type.
## Properties |Property|Type|Description|
v1.0 Accesspackageresourceattributesource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourceattributesource.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An abstract type that exposes objects that define the properties the user configures with values that are passed to the end system or the request approver. It is inherited by [accessPackageResourceAttributeQuestion](../resources/accesspackageresourceattributequestion.md).
+An abstract type that exposes objects that define the properties the user configures with values that are passed to the end system or the request approver. It is used in the **attributeSource** property of an [accessPackageResourceAttribute](accesspackageresourceattribute.md). This type is inherited by [accessPackageResourceAttributeQuestion](../resources/accesspackageresourceattributequestion.md).
## Properties None.
v1.0 Accesspackageresourcerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageresourcerequest.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package resource request is a request to add a resource to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages, or to remove a resource from a catalog that is no longer needed by the access packages.
+In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package resource request is a request to add a [resource](accesspackageresource.md) to a catalog so that the roles of the resource can be used in one or more of the catalog's access packages, or to remove a resource from a catalog that is no longer needed by the access packages.
## Methods
v1.0 Accesspackagetextinputquestion https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackagetextinputquestion.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A child of **accessPackageQuestion** that has text input as an answer.
+A child of **accessPackageQuestion** that has text input as an answer. This is used in the **questions** property of an [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) and inside an [accessPackageResourceAttribute](accesspackageresourceattribute.md) of an access package resource.
Inherits from [accessPackageQuestion](../resources/accesspackagequestion.md).
v1.0 Accessreviewhistorydefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewhistorydefinition.md
An **accessReviewHistoryDefinition** contains a list of [accessReviewHistoryInst
|reviewHistoryPeriodStartDateTime|DateTimeOffset|A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined.| | scheduleSettings |[accessReviewHistoryScheduleSettings](accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined.| |scopes|[accessReviewScope](accessreviewscope.md) collection|Used to scope what reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required.|
-|status|String collection|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`.|
+|status| accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`.|
## Relationships
v1.0 Accessreviewhistoryinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewhistoryinstance.md
Namespace: microsoft.graph
|reviewHistoryPeriodEndDateTime|DateTimeOffset|Timestamp, reviews ending on or before this date will be included in the fetched history data.| |reviewHistoryPeriodStartDateTime|DateTimeOffset|Timestamp, reviews starting on or after this date will be included in the fetched history data.| |runDateTime|DateTimeOffset|Timestamp when the instance's history data is scheduled to be generated.|
-|status|String collection|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`. Once the **status** has been marked as `done`, a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md) method.|
+|status|accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`. Once the **status** has been marked as `done`, a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md) method.|
## JSON representation
v1.0 Accessreviewsv2 Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewsv2-overview.md
The following table lists the methods that you can use to interact with access r
|[Create historyDefinitions](../api/accessreviewset-post-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.| |[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.| |[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Generate a URI for an instance that can be used to retrieve review history data.|
-|[List historyInstances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
+|[List instances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
|**Policy**| | | |[Get accessReviewPolicy](../api/accessreviewpolicy-get.md)|[accessReviewPolicy](../resources/accessreviewpolicy.md)|Read the properties and relationships of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object.| |[Update accessReviewPolicy](../api/accessreviewpolicy-update.md)|[accessReviewPolicy](../resources/accessreviewpolicy.md)|Update the properties of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object.|
v1.0 Attacksimulationroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/attacksimulationroot.md
This is an abstract type.
|[List simulations](../api/attacksimulationroot-list-simulations.md)|[simulation](../resources/simulation.md) collection|Get the simulation resources from the simulations navigation property.| ## Properties
-|Property|Type|Description|
-|:|:|:|
+None.
## Relationships |Relationship|Type|Description|
v1.0 Authenticationmethodspolicies Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/authenticationmethodspolicies-overview.md
The authentication method policies APIs are used to manage policy settings. For
|[emailauthenticationmethodconfiguration](emailauthenticationmethodconfiguration.md)|Define users who can use email OTP on the Azure AD tenant.| |[passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration](passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration.md) (deprecated)|Define users who can use Passwordless Phone Sign-in to sign in to Azure AD.| |[temporaryaccesspassauthenticationmethodconfiguration](temporaryaccesspassauthenticationmethodconfiguration.md)|Define users who can use Temporary Access Pass to sign in to Azure AD.|
+|[x509CertificateAuthenticationMethodConfiguration](x509CertificateAuthenticationMethodConfiguration.md)|Define users who can use X.509 certificate to sign in to Azure AD.|
## Policies available to push users to set up authentication methods: |Policy | Description |
v1.0 Conditionalaccessconditionset https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessconditionset.md
Represents the type of conditions that govern when the policy applies.
|devices|[conditionalAccessDevices](conditionalaccessdevices.md)| Devices in the policy. | |locations|[conditionalAccessLocations](conditionalaccesslocations.md)| Locations included in and excluded from the policy. | |platforms|[conditionalAccessPlatforms](conditionalaccessplatforms.md)| Platforms included in and excluded from the policy. |
+|servicePrincipalRiskLevels|riskLevel collection| Service principal risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `none`, `unknownFutureValue`.|
|signInRiskLevels|riskLevel collection| Sign-in risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Required.| |userRiskLevels|riskLevel collection| User risk levels included in the policy. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Required.|
The following is a JSON representation of the resource.
```json {
+ "@odata.type": "#microsoft.graph.conditionalAccessConditionSet",
"applications": {"@odata.type": "microsoft.graph.conditionalAccessApplications"}, "users": {"@odata.type": "microsoft.graph.conditionalAccessUsers"}, "clientApplications": {"@odata.type": "microsoft.graph.conditionalAccessClientApplications"},
The following is a JSON representation of the resource.
"devices": {"@odata.type": "microsoft.graph.conditionalAccessDevices"}, "locations": {"@odata.type": "microsoft.graph.conditionalAccessLocations"}, "platforms": {"@odata.type": "microsoft.graph.conditionalAccessPlatforms"},
+ "servicePrincipalRiskLevels": ["String"],
"signInRiskLevels": ["String"] } ```
v1.0 Conditionalaccessplatforms https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessplatforms.md
Platforms included in and excluded from the policy scope.
| Property | Type | Description | |:-|:|:|
-|includePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`.|
-|excludePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`.|
+|includePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`, `linux`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `linux`. |
+|excludePlatforms|conditionalAccessDevicePlatform collection| Possible values are: `android`, `iOS`, `windows`, `windowsPhone`, `macOS`, `all`, `unknownFutureValue`, `linux`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `linux`. |
## Relationships
v1.0 Crosstenantaccesspolicy Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicy-overview.md
+
+ Title: "Cross-tenant access settings API overview"
+description: "Cross-tenant access settings let you manage both B2B collaboration and B2B direct connect for your organization."
+
+ms.localizationpriority: medium
++
+# Cross-tenant access settings API overview
+
+Namespace: microsoft.graph
++
+In the traditional Azure AD B2B collaboration, any invited user from an organization could use their identity to access resources in external organizations. Administrators didn't have control over the user identities in their tenant that are allowed to sign in to external organizations. These limited controls made it difficult to prevent identities from your organization from being used in unauthorized ways.
+
+**Cross-tenant access settings** let you control and manage collaboration between users in your organization and other organizations. The control can be on either **outbound access** (how your users collaborate with other organizations), **inbound access** (how other organizations collaborate with you), or both.
+
+Granular controls let you determine the users, groups, and apps, both in your organization and in external organizations, that can participate in Azure AD B2B collaboration and Azure AD B2B direct connect. These controls are implemented through:
+++ **Default cross-tenant access settings** which set the baseline inbound and outbound access settings.
+ + In Azure AD B2B collaboration, both access settings are enabled by default. This means all your users can be invited to external organizations, and all your users can invite external users.
+ + In Azure AD B2B direct connect, both access settings are disabled by default.
+ + The service default settings may be updated.
++ **Partner-specific access settings** which allow you to configure customized settings for individual organizations. For the configured organizations, this configuration takes precedence over the default settings. Therefore, while Azure AD B2B collaboration and Azure AD B2B direct connect might be disabled across your organization by default, you can enable these features for a specific external organization.+
+> [!IMPORTANT]
+>
+> By configuring B2B direct connect outbound settings, you agree to allow external organizations that you have enabled outbound settings with to access limited contact data about your users. Microsoft shares this data with those organizations to help them send a request to connect with your users. Data collected by external organizations, including limited contact data, is subject to the privacy policies and practices of those organizations.
+
+## Default cross-tenant access settings
+
+Default cross-tenant access settings determine your stance for inbound and outbound collaboration with all other Azure AD organizations. Any external collaboration with an organization not listed explicitly in your cross-tenant access settings will inherit these default settings. Default settings are defined using the [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) resource type.
+
+By default, Azure AD assigns all Azure AD tenants a service default configuration for cross-tenant access settings. You can override these service defaults with your own configuration to suit your organization. You can confirm whether you're using the service default settings or have modified the default settings by looking at the **isServiceDefault** property returned when you query the default endpoint.
+
+## Partner cross-tenant access settings
+
+Partner-specific cross-tenant access settings determine your stance for inbound and outbound collaboration with a specific Azure AD organization. Any collaboration with this organization will inherit these partner-specific settings. Partner settings are defined using the [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) resource type.
+
+Even though you have added a partner to your cross-tenant access settings, some of your default settings will still apply. For example, if you configure only **b2bCollaborationInbound** for a partner in your cross-tenant access settings, all other settings for that partner configuration will be inherited from the default cross-tenant access settings. When querying the partner endpoint, any property on the partner object that is `null` means that for that property, it's inheriting settings from the default policy.
+
+## Inbound trust settings in cross-tenant access settings
+
+Inbound trust settings enable you to trust the MFA external users perform in their home directories. This prevents external users from having to perform MFA both in their home directories and in your directory. With inbound trust settings, you enable a seamless authentication experience for your external users and save on the MFA costs incurred by your organization.
+
+For example, when you configure your trust settings to trust MFA, your MFA policies are still applied to external users, but users who have already completed MFA in their home tenants won't have to complete MFA again in your tenant.
+
+Inbound trust settings also enable you to trust devices that are compliant, or hybrid Azure AD joined in their home directories. With inbound trust settings in cross-tenant access settings, you can now protect access to your apps and resources by requiring that external users use compliant, or hybrid Azure AD joined devices.
+
+## Interpreting the API response
+
+The cross-tenant access settings API can be used to set up multiple configurations for allowing or blocking access to and from your organization. The following table highlights scenarios, shows an example of the API response, and what the interpretation should be of that response. **b2bSetting** is used as a placeholder for any B2B inbound (**b2bCollaborationInbound** or **b2bDirectConnectInbound**) or outbound (**b2bCollaborationOutbound** or **b2bDirectConnectOutbound**) configuration.
+
+<table>
+<tr>
+<td> Scenario </td> <td> API output </td> <td> Interpretation </td>
+</tr>
+<tr>
+<td> Block all users and block all applications </td>
+<td>
+
+``` json
+"b2bsetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> - </td>
+</tr>
+<tr>
+<td> Allow all users and allow all applications </td>
+<td>
+
+``` json
+"b2bsetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> - </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' to access any app </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can access any app. All other users not in group 'g1' are blocked. </td>
+</tr>
+<tr>
+<td> Allow access to only application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "AllUsers",
+ "targetType": "user"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> All users are only allowed to access application 'a1' </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' and block access to application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> All users in group 'g1' are allowed to access any application <b>except</b> application 'a1'. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' from accessing any application </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": " blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "AllApplications",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can't access any application. Other users not in group 'g1' have access to all applications. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' and allow access to application 'a1' only </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' can't access any application. Any user not in group 'g1' can only access application 'a1'. </td>
+</tr>
+<tr>
+<td> Allow users in group 'g1' to access to only application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "allowed",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' are only allowed to access application 'a1'. All users, including users in group 'g1', are blocked from accessing any other application. </td>
+</tr>
+<tr>
+<td> Block users in group 'g1' from accessing application 'a1' </td>
+<td>
+
+``` json
+"b2bSetting": {
+ "usersAndGroups": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "g1",
+ "targetType": "group"
+ }
+ ]
+ },
+ "applications": {
+ "accessType": "blocked",
+ "targets": [
+ {
+ "target": "a1",
+ "targetType": "application"
+ }
+ ]
+ }
+}
+```
+
+</td>
+<td> Users in group 'g1' are blocked from accessing application 'a1' only. All users, including users in group 'g1' are able to access any other application. </td>
+</tr>
+</table>
+
+## Cross-tenant access settings vs tenant restrictions
+
+Cross-tenant access settings outbound controls are for controlling how **your organization's accounts** are used for accessing resources in other Azure AD organizations. Tenant Restrictions are for controlling how your employees use **other Azure AD organizations' accounts while the employee is on your networks or devices**. Critically, outbound controls work all the time because they're associated with your accounts, while Tenant Restrictions require additional signals to be injected into the authentication requests to be enforced, because Tenant Restrictions are scoped to networks and devices, not accounts. Learn more about [Tenant Restrictions](/azure/active-directory/manage-apps/tenant-restrictions).
+
+## Next steps
+++ [Cross-tenant access settings documentation](/azure/active-directory/external-identities/cross-tenant-access-overview)++ [crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md) resource type++ [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) resource type
v1.0 Crosstenantaccesspolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicy.md
+
+ Title: "crossTenantAccessPolicy resource type"
+description: "Cross-tenant access policy represents the base policy in the directory for cross-tenant access settings."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicy resource type
+
+Namespace: microsoft.graph
++
+Represents the base policy in the directory for cross-tenant access settings.
+
+Inherits from [tenantRelationshipAccessPolicyBase](../resources/tenantrelationshipaccesspolicybase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[Get crossTenantAccessPolicy](../api/crosstenantaccesspolicy-get.md)|[crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md)|Read the properties and relationships of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.|
+|[Update crossTenantAccessPolicy](../api/crosstenantaccesspolicy-update.md)|[crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md)|Update the properties of a [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| displayName | String | The display name of the cross-tenant access policy. Inherited from [policyBase](../resources/policybase.md).|
+| lastModifiedDateTime | DateTimeOffset | The time that the cross tenant access policy was last modified represented using ISO 8601 format and always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+| definition (deprecated) | String | The raw JSON definition of the cross-tenant access policy. **Deprecated. Do not use.**|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:|:|:|
+|default|[crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md)|Defines the default configuration for how your organization interacts with external Azure Active Directory organizations.|
+|partners|[crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) collection|Defines partner-specific configurations for external Azure Active Directory organizations.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicy",
+ "baseType": "microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicy",
+ "displayName": "String",
+ "lastModifiedDateTime": "String (timestamp)",
+ "definition": "String"
+}
+```
v1.0 Crosstenantaccesspolicyb2bsetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyb2bsetting.md
+
+ Title: "crossTenantAccessPolicyB2BSetting resource type"
+description: "Defines the inbound and outbound rulesets for Azure Active Directory (Azure AD) B2B collaboration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyB2BSetting resource type
+
+Namespace: microsoft.graph
++
+Defines the inbound and outbound rulesets for Azure Active Directory (Azure AD) B2B collaboration.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|applications|[crossTenantAccessPolicyTargetConfiguration](../resources/crosstenantaccesspolicytargetconfiguration.md)|The list of applications targeted with your cross-tenant access policy.|
+|usersAndGroups|[crossTenantAccessPolicyTargetConfiguration](../resources/crosstenantaccesspolicytargetconfiguration.md)|The list of users and groups targeted with your cross-tenant access policy.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyB2BSetting",
+ "usersAndGroups": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+ },
+ "applications": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationbase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationbase.md
+
+ Title: "crossTenantAccessPolicyConfigurationBase resource type"
+description: "Defines the properties that are common in a cross-tenant access policy configuration for the default and partner-specific settings."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationBase resource type
+
+Namespace: microsoft.graph
++
+An abstract type that defines the properties that are common in a cross-tenant access policy configuration for the default and partner-specific settings that govern Azure Active Directory (Azure AD) B2B collaboration and B2B direct connect.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|b2bCollaborationInbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.|
+|b2bCollaborationOutbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.|
+|b2bDirectConnectInbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.|
+|b2bDirectConnectOutbound|[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md)|Defines your configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.|
+|inboundTrust|[crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md)|Determines the configuration for trusting other Conditional Access claims from external Azure AD organizations.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ }
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationdefault.md
+
+ Title: "crossTenantAccessPolicyConfigurationDefault resource type"
+description: "The default configuration defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationDefault resource type
+
+Namespace: microsoft.graph
++
+The default configuration defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect.
+
+Inherits from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[Get crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-get.md)|[crossTenantAccessPolicyConfigurationDefault](../resources/crosstenantaccesspolicyconfigurationdefault.md)|Get the default configuration for B2B collaboration and B2B direct connect inbound and outbound settings.|
+|[Update crossTenantAccessPolicyConfigurationDefault](../api/crosstenantaccesspolicyconfigurationdefault-update.md)|None|Update the default configuration for B2B collaboration and B2B direct connect inbound and outbound settings.|
+|[Reset to system default](../api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md)|None|Reset the default configuration for a cross-tenant access policy to the system default settings.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectInbound |[crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your default configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) |Defines your default configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the default configuration for trusting other Conditional Access claims from external Azure AD organizations. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| isServiceDefault | Boolean | If `true`, the default configuration is set to the system default configuration. If `false`, the default settings have been customized. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationDefault",
+ "baseType": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationDefault",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "isServiceDefault": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicyconfigurationpartner https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyconfigurationpartner.md
+
+ Title: "crossTenantAccessPolicyConfigurationPartner resource type"
+description: "The partner-specific configuration that is defined for inbound and outbound settings of Azure AD B2B collaboration and B2B direct connect."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyConfigurationPartner resource type
+
+Namespace: microsoft.graph
++
+The partner-specific configuration that is defined for inbound and outbound settings of Azure AD B2B and B2B direct connect collaboration.
+
+For any partner-specific property that is `null`, these settings will inherit the behavior configured in your [default cross tenant access settings](../resources/crosstenantaccesspolicyconfigurationdefault.md).
+
+Inherits from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+| [List partners](../api/crosstenantaccesspolicy-list-partners.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) collection | Get a list of all partner-specific configurations. |
+| [Create crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicy-post-partners.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Create a new partner-specific configuration. |
+| [Get crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-get.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Read the partner-specific configuration settings. |
+| [Update crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-update.md) | [crossTenantAccessPolicyConfigurationPartner](../resources/crosstenantaccesspolicyconfigurationpartner.md) | Update the properties of a partner-specific configuration. |
+| [Delete crossTenantAccessPolicyConfigurationPartner](../api/crosstenantaccesspolicyconfigurationpartner-delete.md) | None | Delete the partner-specific configuration. |
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| b2bCollaborationInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bCollaborationOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectInbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| b2bDirectConnectOutbound | [crossTenantAccessPolicyB2BSetting](../resources/crosstenantaccesspolicyb2bsetting.md) | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| inboundTrust | [crossTenantAccessPolicyInboundTrust](../resources/crosstenantaccesspolicyinboundtrust.md) | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. Inherited from [crossTenantAccessPolicyConfigurationBase](../resources/crosstenantaccesspolicyconfigurationbase.md). |
+| isServiceProvider | Boolean | Identifies whether the partner-specific configuration is a Cloud Service Provider for your organization. |
+| tenantId | String | The tenant identifier for the partner Azure AD organization. Read-only.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyConfigurationPartner",
+ "baseType": "microsoft.graph.crossTenantAccessPolicyConfigurationBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyConfigurationPartner",
+ "tenantId": "String",
+ "inboundTrust": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+ },
+ "b2bCollaborationOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bCollaborationInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectOutbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "b2bDirectConnectInbound": {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyB2BSetting"
+ },
+ "isServiceProvider": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicyinboundtrust https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicyinboundtrust.md
+
+ Title: "crossTenantAccessPolicyInboundTrust resource type"
+description: "Defines the Conditional Access claims you want to accept from other organizations via your cross-tenant access policy configuration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyInboundTrust resource type
+
+Namespace: microsoft.graph
++
+Defines the Conditional Access claims you want to accept from other Azure AD organizations via your cross-tenant access policy configuration. These can be configured in your default configuration, partner-specific configuration, or both.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| isCompliantDeviceAccepted | Boolean | Specifies whether compliant devices from external Azure AD organizations are trusted. |
+| isHybridAzureADJoinedDeviceAccepted | Boolean | Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted. |
+| isMfaAccepted | Boolean | Specifies whether MFA from external Azure AD organizations is trusted.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyInboundTrust"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyInboundTrust",
+ "isMfaAccepted": "Boolean",
+ "isCompliantDeviceAccepted": "Boolean",
+ "isHybridAzureADJoinedDeviceAccepted": "Boolean"
+}
+```
v1.0 Crosstenantaccesspolicytarget https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicytarget.md
+
+ Title: "crossTenantAccessPolicyTarget resource type"
+description: "Defines how to target your cross-tenant access policy settings. Settings can be targeted to specific users, groups, or applications."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyTarget resource type
+
+Namespace: microsoft.graph
++
+Defines how to target your cross-tenant access policy settings. Settings can be targeted to specific users, groups, or applications. You can also use keywords to target specific groups or applications.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| target | String | The unique identifier of the user, group, or application; one of the following keywords: `AllUsers` and `AllApplications`; or for targets that are applications, you may use [reserved values](#reserved-values-for-targets-that-are-applications). |
+| targetType | crossTenantAccessPolicyTargetType | The type of resource that you want to target. The possible values are: `user`, `group`, `application`, `unknownFutureValue`. |
+
+### Reserved values for targets that are applications
+
+When setting application targets, you can also use the following reserved values:
+
+| Symbol | Description |
+|:|:|
+| AllMicrosoftApps | Refers to any [Microsoft cloud application](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#microsoft-cloud-applications). |
+| Office365 | Includes the applications mentioned as part of the [Office365](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#office-365) suite. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTarget"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyTarget",
+ "target": "String",
+ "targetType": "microsoft.graph.crossTenantAccessPolicyTargetType"
+}
+```
v1.0 Crosstenantaccesspolicytargetconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/crosstenantaccesspolicytargetconfiguration.md
+
+ Title: "crossTenantAccessPolicyTargetConfiguration resource type"
+description: "Defines the target of a cross-tenant access policy setting configuration."
+
+ms.localizationpriority: medium
++
+# crossTenantAccessPolicyTargetConfiguration resource type
+
+Namespace: microsoft.graph
++
+Defines the target of a cross-tenant access policy setting configuration.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| accessType| crossTenantAccessPolicyTargetConfigurationAccessType | Defines whether access is allowed or blocked. The possible values are: `allowed`, `blocked`, `unknownFutureValue`. |
+|targets|[crossTenantAccessPolicyTarget](../resources/crosstenantaccesspolicytarget.md) collection|Specifies whether to target users, groups, or applications with this rule.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTargetConfiguration"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.crossTenantAccessPolicyTargetConfiguration",
+ "accessType": "String",
+ "targets": [
+ {
+ "@odata.type": "microsoft.graph.crossTenantAccessPolicyTarget"
+ }
+ ]
+}
+```
v1.0 Entitlementmanagement Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/entitlementmanagement-overview.md
The entitlement management resource types include:
- [accessPackageAssignment](accesspackageassignment.md): An assignment of an access package to a particular subject, for a period of time. - [accessPackageAssignmentResourceRole](accesspackageassignmentresourcerole.md): Indicates the resource-specific role which a subject has been assigned through an access package assignment. - [accessPackageCatalog](accesspackagecatalog.md): A container for access packages.
+- [accessPackageResource](accesspackageresource.md): A reference to a resource associated with an access package catalog.
- [accessPackageResourceRequest](accesspackageresourcerequest.md): A request to add a resource to an access package catalog. - [accessPackageResourceEnvironment](accesspackageresourceenvironment.md): A reference to the geolocation of the resource. Applicable to Multi-Geo SharePoint Online sites. - [connectedOrganization](connectedorganization.md): A connected organization for external users who can request access.
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
+### accessReviewHistoryStatus values
+
+|Member|
+|:|
+|done|
+|inprogress|
+|error|
+|requested|
+|unknownFutureValue|
+
+### crossTenantAccessPolicyTargetConfigurationAccessType values
+
+|Member|
+|:|
+|allowed|
+|blocked|
+|unknownFutureValue|
+
+### crossTenantAccessPolicyTargetType values
+
+|Member|
+|:|
+|user|
+|group|
+ ### accessPackageFilterByCurrentUserOptions values |Member|
Namespace: microsoft.graph
|hidden| |adminConfirmedUserCompromised| |unknownFutureValue|
+|adminConfirmedServicePrincipalCompromised|
+|adminDismissedAllRiskForServicePrincipal|
<!-- maintenance comment: Do not delete enum delcaration for riskEventType until all properties of this type are marked as deleted. Dec 28, 2021: Pending eventTypes (in riskUserActivity) and riskType (in riskDetection)-->
Namespace: microsoft.graph
|block| |unknownFutureValue|
+### x509CertificateAuthenticationMode values
+|Member|
+|:|
+|x509CertificateSingleFactor|
+|x509CertificateMultiFactor|
+|unknownFutureValue|
+
+### x509CertificateRuleType values
+|Member|
+|:|
+|issuerSubject|
+|policyOID|
+|unknownFutureValue|
+ ### anniversaryType values |Member|
Possible values for user account types (group membership), per Windows definitio
|signin| |user| |unknownFutureValue|
+|servicePrincipal|
### chatMessagePolicyViolationUserActionType values
Possible values for user account types (group membership), per Windows definitio
|or| |and| - ### subjectRightsRequestStage values |Member|
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Federatedidentitycredentials Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/federatedidentitycredentials-overview.md
Traditionally, developers use certificates or client secrets for their applicati
+ The risk of leaking secrets. + Certificates expiring and service disruptions because of failed authentication.
-**Federated identity credentials** are a new type of credential that enables workload identity federation for software workloads. Workload identity federation allows you to access Azure Active Directory (Azure AD) protected resources without needing to manage secrets (for supported scenarios). You create a trust relationship between an external identity provider and an app in Azure AD by configuring a federated identity credential. The federated identity credential is used to indicate which token from the external IdP should be trusted by your application. Once that trust relationship is created, your software workload can exchange trusted tokens from the external identity provider for access tokens from Microsoft identity platform. Your software workload then uses that access token to access the Azure AD protected resources to which the workload has been granted access. This eliminates the maintenance burden of manually managing credentials and eliminates the risk of leaking secrets or having certificates expire. For more information and supported scenarios, read about [workload identity federation](/azure/active-directory/develop/workload-identity-federation).
+**Federated identity credentials** are a new type of credential that enables workload identity federation for software workloads. Workload identity federation allows you to access Azure Active Directory (Azure AD) protected resources without needing to manage secrets (for supported scenarios).
-The [federatedIdentityCredential](federatedidentitycredential.md) resource represents the configuration of a federated identity credential via Microsoft Graph API. The following properties are the building blocks of federated identity credentials:
+## How do federated identity credentials work?
-+ **audiences**ΓÇöLists the audiences that can appear in the external token. This field is mandatory, and defaults to "api://AzureADTokenExchange". It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your IdP to serve as the audience of this token.
-+ **issuer**ΓÇöThe URL of the external identity provider and must match the `issuer` claim of the external token being exchanged.
-+ **subject**ΓÇöThe identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD.
+You create a trust relationship between an external identity provider (IdP) and an app in Azure AD by configuring a federated identity credential. The federated identity credential is used to indicate which token from the external IdP should be trusted by your application. After that trust relationship is created, your software workload can exchange trusted tokens from the external identity provider for access tokens from the Microsoft identity platform. Your software workload then uses that access token to access the Azure AD protected resources to which the workload has been granted access. This eliminates the maintenance burden of manually managing credentials and eliminates the risk of leaking secrets or having certificates expire. For more information and supported scenarios, see [workload identity federation](/azure/active-directory/develop/workload-identity-federation).
-The combination of **issuer** and **subject** must be unique on the app. When the external software workload requests Microsoft identity platform to exchange the external token for an access token, the **issuer** and **subject** values of the federated identity credential are checked against the `issuer` and `subject` claims provided in the external token. If that validation check passes, Microsoft identity platform issues an access token to the external software workload.
+## Set up federated identity credentials through Microsoft Graph
-Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object.
+The [federatedIdentityCredential](federatedidentitycredential.md) resource represents the configuration of a federated identity credential via Microsoft Graph. The following properties are the building blocks of federated identity credentials:
+++ **audiences** ΓÇö Lists the audiences that can appear in the external token. This field is mandatory, and defaults to `api://AzureADTokenExchange`. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token.++ **issuer** ΓÇö The URL of the external identity provider. Must match the **issuer** claim of the external token being exchanged.++ **subject** ΓÇö The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD.+
+The combination of **issuer** and **subject** must be unique on the app. When the external software workload requests Microsoft identity platform to exchange the external token for an access token, the **issuer** and **subject** values of the federated identity credential are checked against the `issuer` and `subject` claims provided in the external token. If that validation check passes, Microsoft identity platform issues an access token to the external software workload.
The federated identity credentials API is not available in [national cloud](/graph/deployments) deployments.
+## Design considerations
+
+Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object.
+ ## See also + [federatedIdentityCredential resource type](federatedidentitycredential.md)
v1.0 Homerealmdiscoverypolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/homerealmdiscoverypolicy.md
Inherits from [stsPolicy](stsPolicy.md).
| Property | Type | Description | |:-|:|:| |id|String| Unique identifier for this policy. Read-only.|
-|definition|String collection| A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required.|
+|definition|String collection| A string collection containing a JSON string that defines the rules and settings for this policy. See [Properties of a home realm discovery policy definition](#properties-of-a-home-realm-discovery-policy-definition) for more details about the JSON schema for this property. Required.|
|description|String| Description for this policy.| |displayName|String| Display name for this policy. Required.|
-|isOrganizationDefault|Boolean|If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.|
+|isOrganizationDefault|Boolean|If set to `true`, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is `false`.|
### Properties of a home realm discovery policy definition
The properties below form the JSON object that represents a token lifetime polic
}--> ``` json "definition": [
- "{\"HomeRealmDiscoveryPolicy\":
- {\"AccelerateToFederatedDomain\":true,
- \"PreferredDomain\":\"federated.example.edu\",
- \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ "{
+ \"HomeRealmDiscoveryPolicy\": {
+ \"AccelerateToFederatedDomain\":true,
+ \"AllowCloudPasswordValidation\": false,
+ \"PreferredDomain\":\"federated.example.edu\",
+ \"AlternateIdLogin\":{
+ \"Enabled\":true
+ }
+ }
+ }"
] ``` | Property | Type |Description| |:|:--|:-| |AccelerateToFederatedDomain|Boolean| Set to `true` for auto-acceleration (bypass home realm discovery). If `true` and there is only one verified and federated domain in the tenant, then users will be taken straight to the federated identity provider (such as ADFS) for sign in. If `true` and there is more than one verified domain in the tenant, **PreferredDomain** must be specified. Optional.|
-|PreferredDomain|String| Specifies a domain to accelerate sign-in to. It can be omitted if the tenant has only one federated domain. If it is omitted, and there is more than one verified federated domain, this policy has no effect. Required if **AccelerateToFederatedDomain** is `true`.|
|AllowCloudPasswordValidation|Boolean| Set to `true` to allow an application to authenticate a federated user by presenting username/password credentials directly to the Azure Active Directory token endpoint. Only works if Password Hash Sync is enabled. Optional.|
-|AlternateIdLogin| Json |Set to {"Enabled": true} to allow Azure AD sign-in using email as [an alternate login ID](/azure/active-directory/authentication/howto-authentication-use-email-signin). Only works when **IsOrganizationDefault** is set to `true`. Optional.|
+|AlternateIdLogin| Json |Set to `{\"Enabled\": true}` to allow Azure AD sign-in using email as [an alternate login ID](/azure/active-directory/authentication/howto-authentication-use-email-signin). Only works when **IsOrganizationDefault** is set to `true`. Optional.|
+|PreferredDomain|String| Specifies a domain to accelerate sign-in to. It can be omitted if the tenant has only one federated domain. If it is omitted, and there is more than one verified federated domain, this policy has no effect. Required if **AccelerateToFederatedDomain** is `true`.|
## Relationships
v1.0 Identityprotection Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/identityprotection-overview.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization. You can use the following Microsoft Graph APIs to query risks detected by Azure AD Identity Protection:
+Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization.
-* [riskDetection](riskdetection.md) - Query Microsoft Graph for a list of both user and sign-in linked risk detections and associated information about the detection. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
+Use the following Microsoft Graph APIs to query user and service principal risks detected by Azure AD Identity Protection:
+
+## For users
+++ [riskDetection](riskdetection.md) - Query Microsoft Graph for a list of both user and sign-in linked risk detections and associated information about the detection. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. >[!CAUTION] >The **identityRiskEvents** API was deprecated and stopped returning data on January 10, 2020. It was replaced by the [riskDetection](riskdetection.md) API. For more information about the deprecation, see [Deprecation of the identityRiskEvents API](https://developer.microsoft.com/office/blogs/deprecatation-of-the-identityriskevents-api/).
-* [riskyUsers](riskyuser.md) - Query Microsoft Graph for information about users that Azure AD Identity Protection detected as risky. User risk represents the probability that a given identity or account is compromised. These risks are calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.
++ [riskyUsers](riskyuser.md) - Query Microsoft Graph for information about users that Azure AD Identity Protection detected as risky. User risk represents the probability that a given identity or account is compromised. These risks are calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.+++ [signIn](signin.md) - Query Microsoft Graph for information about Azure AD sign-ins with specific properties related to risk state, detail, and level. A sign-in risk represents the probability that a given authentication request isnΓÇÖt authorized by the identity owner. These risks can be calculated in real-time or calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.+
+## For service principals
-* [signIn](signin.md) - Query Microsoft Graph for information about Azure AD sign-ins with specific properties related to risk state, detail, and level. A sign-in risk represents the probability that a given authentication request isnΓÇÖt authorized by the identity owner. These risks can be calculated in real-time or calculated offline using MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources.
++ [servicePrincipalRiskDetection](serviceprincipalriskdetection.md) - Query Microsoft Graph for a list of service principal risk detections and associated information about the detections. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to service principal accounts in the directory. ++ [riskyServicePrincipals](riskyserviceprincipal.md) - Query Microsoft Graph for information about service principals that Azure AD Identity Protection detected as risky. Service principal risk represents the probability that a given identity or account is compromised. These risks are calculated asynchronously using data and patterns from MicrosoftΓÇÖs internal and external threat intelligence sources, including security researchers, law enforcement professionals, security teams at Microsoft, and other trusted sources. ## What can I do with identity protection APIs in Microsoft Graph?
-The following are popular requests for working with audit log data:
+The following are popular requests:
Operation | URL :-|:-
v1.0 Identityprotectionroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/identityprotectionroot.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Container for the navigation properties for Microsoft Graph identity protection resources.
+Container for the navigation properties for [Microsoft Graph identity protection](identityprotection-overview.md) resources.
## Methods
None.
|:|:|:| |riskDetections|[riskDetection](../resources/riskdetection.md) collection| Risk detection in Azure AD Identity Protection and the associated information about the detection.| |riskyUsers|[riskyUser](../resources/riskyuser.md) collection|Users that are flagged as at-risk by Azure AD Identity Protection. |
+|riskyServicePrincipals| [riskyServicePrincipal](riskyserviceprincipal.md) collection | Azure AD service principals that are at risk. |
+|servicePrincipalRiskDetections| [servicePrincipalRiskDetection](serviceprincipalriskdetection.md) collection | Represents information about detected at-risk service principals in an Azure AD tenant.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Keycredential https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/keycredential.md
Contains a key credential associated with an application or a service principal.
|:|:--|:-| |customKeyIdentifier|Binary| Custom key identifier | | displayName | String | Friendly name for the key. Optional. |
-|endDateTime|DateTimeOffset|The date and time at which the credential expires.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|key|Binary| Value for the key credential. Should be a base 64 encoded value. |
+|endDateTime|DateTimeOffset|The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|key|Binary| Value for the key credential. Should be a Base64 encoded value. Returned only on `$select` for a single object, that is, `GET applications/{applicationId}?$select=keyCredentials` or `GET servicePrincipals/{servicePrincipalId}?$select=keyCredentials`; otherwise, it is always `null`. |
|keyId|Guid|The unique identifier for the key.| |startDateTime|DateTimeOffset|The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|type|String|The type of key credential; for example, `Symmetric`.|
+|type|String|The type of key credential; for example, `Symmetric`, `AsymmetricX509Cert`.|
|usage|String|A string that describes the purpose for which the key can be used; for example, `Verify`.| ## JSON representation
-Here is a JSON representation of the resource
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licenseAssignmentState.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 Loginpagetextvisibilitysettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/loginpagetextvisibilitysettings.md
+
+ Title: "loginPageTextVisibilitySettings resource type"
+description: "Contains details of the organization's branding."
+
+ms.localizationpriority: medium
++
+# loginPageTextVisibilitySettings resource type
+
+Namespace: microsoft.graph
++
+This is a complex type that represents the various texts that can be hidden on the sign-in page for a tenant.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| hideCannotAccessYourAccount | Boolean | Option to hide the self-service password reset (SSPR) "Can't access your account?" hyperlink on the sign-in form. |
+| hideForgotMyPassword | Boolean | Option to hide the self-service password reset (SSPR) "Forgot my password" hyperlink on the sign-in form. |
+| hideResetItNow | Boolean | Option to hide the self-service password reset (SSPR) "reset it now" hyperlink on the sign-in form. |
+| hideTermsOfUse | Boolean | Option to hide the "Terms of Use" hyperlink in the footer. |
+| hidePrivacyAndCookies | Boolean | Option to hide the "Privacy & Cookies" hyperlink in the footer. |
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.loginPageTextVisibilitySettings"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.loginPageTextVisibilitySettings",
+ "hideCannotAccessYourAccount": "Boolean",
+ "hideForgotMyPassword": "Boolean",
+ "hidePrivacyAndCookies": "Boolean",
+ "hideResetItNow": "Boolean",
+ "hideTermsOfUse": "Boolean"
+}
+```
v1.0 Onenoteresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/onenoteresource.md
You can get the binary data of a resource, but getting a JSON representation of
"content": "String (Stream)", "contentUrl": "String" }- ```+ Get the binary data of a specific resource by sending a GET request to the resource's `content` endpoint:
-```
+```http
GET ../onenote/resources/{id}/content ``` The file's resource URI is returned when you get a page's HTML content using the following request:
-```
+```http
GET ../onenote/pages/{id}/content ``` In the page HTML, an `img` tag includes endpoints for the original image resource in the `data-fullres-src` attribute and the optimized image in the `src` attribute:
-```
+
+```html
<img src="image-resource-url" data-src-type="media-type"
In the page HTML, an `img` tag includes endpoints for the original image resourc
An `object` tag (which represents files such as PDF, DOCX, and PNG) includes the endpoint for the file resource in the `data` attribute:
-```
+```html
<object data="file-resource-url" data-attachment="file-name.file-type" type="media-type" ... /> ```
+## Methods
+| Method | Return Type |Description|
+|:|:--|:-|
+|[Get resource binary data](../api/resource-get.md) | Stream |Retrieve the binary data of a file or image resource.|
+ ## Properties | Property | Type |Description| |:|:--|:-|
An `object` tag (which represents files such as PDF, DOCX, and PNG) includes the
## Relationships None. -
-## Methods
-| Method | Return Type |Description|
-|:|:--|:-|
-|[Get resource binary data](../api/resource-get.md) | Stream |Retrieve the binary data of a file or image resource.|
- <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Organizationalbranding https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organizationalbranding.md
You can't change your original configuration's language. However, companies can
<!--| [Delete organizationalBranding](../api/organizationalbranding-delete.md) | None | Delete an [organizationalBranding](../resources/organizationalbranding.md) object. |--> ## Properties+ | Property | Type | Description | |:-|:|:|
-| backgroundColor | String | Color that will appear in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). Returned only on `$select`. |
-| backgroundImageRelativeUrl | String | A relative URL for the **backgroundImage** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG no larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). Returned only on `$select`. |
-| bannerLogoRelativeUrl | String | A relative url for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| cdnList | String collection | A list of base URLs for all available CDN providers that are serving the assets of the current resource. Several CDN providers are used at the same time for high availability of read requests. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| id | String | An identifier that represents the locale specified using culture names. Culture names follow the RFC 1766 standard in the format "languagecode2-country/regioncode2", where "languagecode2" is a lowercase two-letter code derived from ISO 639-1 and "country/regioncode2" is an uppercase two-letter code derived from ISO 3166. For example, U.S. English is `en-US`. The **id** for the default /branding is always the String types `0` or `default`. Read-only. <br/><br/>**NOTE:** Multiple branding for a single locale are currently not supported. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| signInPageText | String | Text that appears at the bottom of the sign-in box. You can use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG no larger than 240 x 240 pixels and no more than 10 KB in size. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). Returned only on `$select`.|
-| squareLogoRelativeUrl | String | A relative url for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| usernameHintText | String | String that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
+| backgroundColor | String | Color that appears in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| backgroundImageRelativeUrl | String | A relative URL for the **backgroundImage** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG not larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| bannerLogoRelativeUrl | String | A relative URL for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| cdnList | String collection | A list of base URLs for all available CDN providers that are serving the assets of the current resource. Several CDN providers are used at the same time for high availability of read requests. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customAccountResetCredentialsUrl | String | A custom URL for resetting account credentials. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customCannotAccessYourAccountText | String | A string to replace the default "Can't access your account?" self-service password reset (SSPR) hyperlink text on the sign-in page. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customCannotAccessYourAccountUrl | String | A custom URL to replace the default URL of the self-service password reset (SSPR) "Can't access your account?" hyperlink on the sign-in page. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. <br/><br/>**DO NOT USE.** Use **customAccountResetCredentialsUrl** instead. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customForgotMyPasswordText | String | A string to replace the default "Forgot my password" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customPrivacyAndCookiesText | String | A string to replace the default "Privacy and Cookies" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customPrivacyAndCookiesUrl | String | A custom URL to replace the default URL of the "Privacy and Cookies" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customResetItNowText | String | A string to replace the default "reset it now" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. <br/><br/>**DO NOT USE:** Customization of the "reset it now" hyperlink text is currently not supported. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customTermsOfUseText | String | A string to replace the the default "Terms of Use" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customTermsOfUseUrl | String | A custom URL to replace the default URL of the "Terms of Use" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| favicon | Stream | A custom icon (favicon) to replace a default Microsoft product favicon on an Azure AD tenant. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| faviconRelativeUrl | String | A relative url for the favicon above that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| headerBackgroundColor | String | The RGB color to apply to customize the color of the header. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| id | String | An identifier that represents the locale specified using culture names. Culture names follow the RFC 1766 standard in the format "languagecode2-country/regioncode2", where "languagecode2" is a lowercase two-letter code derived from ISO 639-1 and "country/regioncode2" is an uppercase two-letter code derived from ISO 3166. For example, U.S. English is `en-US`. The **id** for the default /branding is always the String types `0` or `default`. Read-only. <br/><br/>**NOTE:** Multiple branding for a single locale are currently not supported. |
+| loginPageTextVisibilitySettings | [loginPageTextVisibilitySettings](loginPageTextVisibilitySettings.md) | Represents the various texts that can be hidden on the login page for a tenant. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| signInPageText | String | Text that appears at the bottom of the sign-in box. Use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be in Unicode format and not exceed 1024 characters. |
+| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG not larger than 240 x 240 pixels and not more than 10 KB in size. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md).|
+| squareLogoRelativeUrl | String | A relative URL for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| usernameHintText | String | A string that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+ ## Relationships+ |Relationship|Type|Description| |:|:|:|
-| localizations | [organizationalBrandingLocalization](../resources/organizationalbrandinglocalization.md) collection | Add different branding based on a locale. |
+| localizations | [organizationalBrandingLocalization](organizationalbrandinglocalization.md) collection | Add different branding based on a locale. |
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"signInPageText": "String", "squareLogo": "Stream", "squareLogoRelativeUrl": "String",
- "usernameHintText": "String"
+ "usernameHintText": "String",
+ "customAccountResetCredentialsUrl": "String",
+ "customCannotAccessYourAccountText": "String",
+ "customCannotAccessYourAccountUrl": "String",
+ "customForgotMyPasswordText": "String",
+ "customPrivacyAndCookiesText": "String",
+ "customPrivacyAndCookiesUrl": "String",
+ "customResetItNowText": "String",
+ "customTermsOfUseText": "String",
+ "customTermsOfUseUrl": "String",
+ "favicon": "Stream",
+ "faviconRelativeUrl": "String",
+ "headerBackgroundColor": "String",
+ "loginPageTextVisibilitySettings": {
+ "@odata.type": "microsoft.graph.loginPageTextVisibilitySettings"
+ }
}
-```
+```
v1.0 Organizationalbrandinglocalization https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organizationalbrandinglocalization.md
Namespace: microsoft.graph
Resource that supports managing language-specific branding. While you can't change your original configuration's language, this resource allows you to create a new configuration for a different language.
-Inherits from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md).
+Inherits from [organizationalBrandingProperties](organizationalbrandingproperties.md).
## Methods |Method|Return type|Description|
Inherits from [organizationalBrandingProperties](../resources/organizationalbran
|[Delete organizationalBrandingLocalization](../api/organizationalbrandinglocalization-delete.md)|None|Deletes an [organizationalBrandingLocalization](../resources/organizationalbrandinglocalization.md) object.| ## Properties+ | Property | Type | Description | |:-|:|:|
-| backgroundColor | String | Color that will appear in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| backgroundImageRelativeUrl | String | A relative URL for the **backgroundImage** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG no larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| bannerLogoRelativeUrl | String | A relative url for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| cdnList | String collection | A list of base URLs for all available CDN providers that are serving the assets of the current resource. Several CDN providers are used at the same time for high availability of read requests. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| id | String | An identifier that represents the locale specified using culture names. Culture names follow the RFC 1766 standard in the format "languagecode2-country/regioncode2", where "languagecode2" is a lowercase two-letter code derived from ISO 639-1 and "country/regioncode2" is an uppercase two-letter code derived from ISO 3166. For example, U.S. English is `en-US`. The **id** for the default /branding is always the String types `0` or `default`. Read-only. <br/><br/>**NOTE:** Multiple branding for a single locale are currently not supported. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| signInPageText | String | Text that appears at the bottom of the sign-in box. You can use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG no larger than 240 x 240 pixels and no more than 10 KB in size. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md).|
-| squareLogoRelativeUrl | String | A relative url for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
-| usernameHintText | String | String that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. Inherited from [organizationalBrandingProperties](../resources/organizationalbrandingproperties.md). |
+| backgroundColor | String | Color that appears in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| backgroundImageRelativeUrl | String | A relative URL for the **backgroundImage** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG not larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| bannerLogoRelativeUrl | String | A relative URL for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| cdnList | String collection | A list of base URLs for all available CDN providers that are serving the assets of the current resource. Several CDN providers are used at the same time for high availability of read requests. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customAccountResetCredentialsUrl | String | A custom URL for resetting account credentials. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customCannotAccessYourAccountText | String | A string to replace the default "Can't access your account?" self-service password reset (SSPR) hyperlink text on the sign-in page. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customCannotAccessYourAccountUrl | String | A custom URL to replace the default URL of the self-service password reset (SSPR) "Can't access your account?" hyperlink on the sign-in page. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. <br/><br/>**DO NOT USE.** Use **customAccountResetCredentialsUrl** instead. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customForgotMyPasswordText | String | A string to replace the default "Forgot my password" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customPrivacyAndCookiesText | String | A string to replace the default "Privacy and Cookies" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customPrivacyAndCookiesUrl | String | A custom URL to replace the default URL of the "Privacy and Cookies" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customResetItNowText | String | A string to replace the default "reset it now" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. <br/><br/>**DO NOT USE:** Customization of the "reset it now" hyperlink text is currently not supported. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customTermsOfUseText | String | A string to replace the the default "Terms of Use" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| customTermsOfUseUrl | String | A custom URL to replace the default URL of the "Terms of Use" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| favicon | Stream | A custom icon (favicon) to replace a default Microsoft product favicon on an Azure AD tenant. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| faviconRelativeUrl | String | A relative url for the favicon above that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| headerBackgroundColor | String | The RGB color to apply to customize the color of the header. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| id | String | An identifier that represents the locale specified using culture names. Culture names follow the RFC 1766 standard in the format "languagecode2-country/regioncode2", where "languagecode2" is a lowercase two-letter code derived from ISO 639-1 and "country/regioncode2" is an uppercase two-letter code derived from ISO 3166. For example, U.S. English is `en-US`. The **id** for the default /branding is always the String types `0` or `default`. Read-only. <br/><br/>**NOTE:** Multiple branding for a single locale are currently not supported. |
+| loginPageTextVisibilitySettings | [loginPageTextVisibilitySettings](loginPageTextVisibilitySettings.md) | Represents the various texts that can be hidden on the login page for a tenant. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| signInPageText | String | Text that appears at the bottom of the sign-in box. Use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be in Unicode format and not exceed 1024 characters. |
+| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG not larger than 240 x 240 pixels and not more than 10 KB in size. We recommend using a transparent image with no padding around the logo. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md).|
+| squareLogoRelativeUrl | String | A relative URL for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
+| usernameHintText | String | A string that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. Inherited from [organizationalBrandingProperties](organizationalbrandingproperties.md). |
## Relationships+ None. ## JSON representation
The following is a JSON representation of the resource.
"signInPageText": "String", "squareLogo": "Stream", "squareLogoRelativeUrl": "String",
- "usernameHintText": "String"
+ "usernameHintText": "String",
+ "customAccountResetCredentialsUrl": "String",
+ "customCannotAccessYourAccountText": "String",
+ "customCannotAccessYourAccountUrl": "String",
+ "customForgotMyPasswordText": "String",
+ "customPrivacyAndCookiesText": "String",
+ "customPrivacyAndCookiesUrl": "String",
+ "customResetItNowText": "String",
+ "customTermsOfUseText": "String",
+ "customTermsOfUseUrl": "String",
+ "favicon": "Stream",
+ "faviconRelativeUrl": "String",
+ "headerBackgroundColor": "String",
+ "loginPageTextVisibilitySettings": {
+ "@odata.type": "microsoft.graph.loginPageTextVisibilitySettings"
+ }
}
-```
+```
v1.0 Organizationalbrandingproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organizationalbrandingproperties.md
None.
## Properties | Property | Type | Description | |:-|:|:|
-| backgroundColor | String | Color that will appear in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
+| backgroundColor | String | Color that appears in place of the background image in low-bandwidth connections. We recommend that you use the primary color of your banner logo or your organization color. Specify this in hexadecimal format, for example, white is `#FFFFFF`. |
| backgroundImage | Stream | Image that appears as the background of the sign-in page. The allowed types are PNG or JPEG not smaller than 300 KB and not larger than 1920 × 1080 pixels. A smaller image will reduce bandwidth requirements and make the page load faster. | | backgroundImageRelativeUrl | String | A relative URL for the **backgroundImage** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. |
-| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG no larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
-| bannerLogoRelativeUrl | String | A relative url for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. |
+| bannerLogo | Stream | A banner version of your company logo that appears on the sign-in page. The allowed types are PNG or JPEG not larger than 36 × 245 pixels. We recommend using a transparent image with no padding around the logo. |
+| bannerLogoRelativeUrl | String | A relative URL for the **bannerLogo** property that is combined with a CDN base URL from the **cdnList** to provide the read-only version served by a CDN. Read-only. |
| cdnList | String collection | A list of base URLs for all available CDN providers that are serving the assets of the current resource. Several CDN providers are used at the same time for high availability of read requests. Read-only. |
+| customAccountResetCredentialsUrl | String | A custom URL for resetting account credentials. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customCannotAccessYourAccountText | String | A string to replace the default "Can't access your account?" self-service password reset (SSPR) hyperlink text on the sign-in page. This text must be in Unicode format and not exceed 256 characters. |
+| customCannotAccessYourAccountUrl | String | A custom URL to replace the default URL of the self-service password reset (SSPR) "Can't access your account?" hyperlink on the sign-in page. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. <br/><br/>**DO NOT USE.** Use **customAccountResetCredentialsUrl** instead. |
+| customForgotMyPasswordText | String | A string to replace the default "Forgot my password" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesText | String | A string to replace the default "Privacy and Cookies" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customPrivacyAndCookiesUrl | String | A custom URL to replace the default URL of the "Privacy and Cookies" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128 characters. |
+| customResetItNowText | String | A string to replace the default "reset it now" hyperlink text on the sign-in form. This text must be in Unicode format and not exceed 256 characters. <br/><br/>**DO NOT USE:** Customization of the "reset it now" hyperlink text is currently not supported. |
+| customTermsOfUseText | String | A string to replace the the default "Terms of Use" hyperlink text in the footer. This text must be in Unicode format and not exceed 256 characters. |
+| customTermsOfUseUrl | String | A custom URL to replace the default URL of the "Terms of Use" hyperlink in the footer. This URL must be in ASCII format or non-ASCII characters must be URL encoded, and not exceed 128characters. |
+| favicon | Stream | A custom icon (favicon) to replace a default Microsoft product favicon on an Azure AD tenant. |
+| faviconRelativeUrl | String | A relative url for the favicon above that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. |
+| headerBackgroundColor | String | The RGB color to apply to customize the color of the header. |
| id | String | An identifier that represents the locale specified using culture names. Culture names follow the RFC 1766 standard in the format "languagecode2-country/regioncode2", where "languagecode2" is a lowercase two-letter code derived from ISO 639-1 and "country/regioncode2" is an uppercase two-letter code derived from ISO 3166. For example, U.S. English is `en-US`. The **id** for the default /branding is always the String types `0` or `default`. Read-only. <br/><br/>**NOTE:** Multiple branding for a single locale are currently not supported. |
-| signInPageText | String | Text that appears at the bottom of the sign-in box. You can use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be Unicode and not exceed 1024 characters. |
-| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG no larger than 240 x 240 pixels and no more than 10 KB in size. We recommend using a transparent image with no padding around the logo. |
-| squareLogoRelativeUrl | String | A relative url for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. |
-| usernameHintText | String | String that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. |
+| loginPageTextVisibilitySettings | [loginPageTextVisibilitySettings](loginPageTextVisibilitySettings.md) | Represents the various texts that can be hidden on the login page for a tenant. |
+| signInPageText | String | Text that appears at the bottom of the sign-in box. Use this to communicate additional information, such as the phone number to your help desk or a legal statement. This text must be in Unicode format and not exceed 1024 characters. |
+| squareLogo | Stream | A square version of your company logo that appears in Windows 10 out-of-box experiences (OOBE) and when Windows Autopilot is enabled for deployment. Allowed types are PNG or JPEG not larger than 240 x 240 pixels and not more than 10 KB in size. We recommend using a transparent image with no padding around the logo.|
+| squareLogoRelativeUrl | String | A relative URL for the **squareLogo** property that is combined with a CDN base URL from the **cdnList** to provide the version served by a CDN. Read-only. |
+| usernameHintText | String | A string that shows as the hint in the username textbox on the sign-in screen. This text must be a Unicode, without links or code, and can't exceed 64 characters. |
## Relationships None.
The following is a JSON representation of the resource.
"signInPageText": "String", "squareLogo": "Stream", "squareLogoRelativeUrl": "String",
- "usernameHintText": "String"
+ "usernameHintText": "String",
+ "customAccountResetCredentialsUrl": "String",
+ "customCannotAccessYourAccountText": "String",
+ "customCannotAccessYourAccountUrl": "String",
+ "customForgotMyPasswordText": "String",
+ "customPrivacyAndCookiesText": "String",
+ "customPrivacyAndCookiesUrl": "String",
+ "customResetItNowText": "String",
+ "customTermsOfUseText": "String",
+ "customTermsOfUseUrl": "String",
+ "favicon": "Stream",
+ "faviconRelativeUrl": "String",
+ "headerBackgroundColor": "String",
+ "loginPageTextVisibilitySettings": {
+ "@odata.type": "microsoft.graph.loginPageTextVisibilitySettings"
+ }
} ```-
v1.0 Policyroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/policyroot.md
None
## Properties None - ## Relationships
-| Relationship | Type | Description |
-|:|:-|:|
-| accessReviewPolicy | [accessReviewPolicy](accessreviewpolicy.md) | The policy that contains directory-level access review settings. |
-| activityBasedTimeoutPolicies | [activityBasedTimeoutPolicy](activitybasedtimeoutpolicy.md) collection | The policy that controls the idle time out for web sessions for applications. |
-| adminConsentRequestPolicy | [adminConsentRequestPolicy](adminconsentrequestpolicy.md) | The policy by which consent requests are created and managed for the entire tenant. |
-| appManagementPolicies | [appManagementPolicy](appmanagementpolicy.md) collection | The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy. |
-| authenticationFlowsPolicy | [authenticationFlowsPolicy](authenticationflowspolicy.md) | The policy configuration of the self-service sign-up experience of external users. |
-| authenticationMethodsPolicy | [authenticationMethodsPolicy](authenticationmethodspolicy.md) | The authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). |
-| authorizationPolicy | [authorizationPolicy](authorizationpolicy.md) collection | The policy that controls Azure AD authorization settings. |
-| b2cAuthenticationMethodsPolicy | [b2cAuthenticationMethodsPolicy](b2cauthenticationmethodspolicy.md) | The Azure AD B2C policies that define how end users register via local accounts. |
-| claimsMappingPolicies | [claimsMappingPolicy](claimsmappingpolicy.md) collection | The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. |
-| conditionalAccessPolicies | [conditionalAccessPolicy](conditionalaccesspolicy.md) | The custom rules that define an access scenario. |
-| defaultAppManagementPolicy | [tenantAppManagementPolicy](tenantappmanagementpolicy.md) | The tenant-wide policy that enforces app management restrictions for all applications and service principals. |
-| deviceRegistrationPolicy | [deviceRegistrationPolicy](deviceregistrationpolicy.md) | Represents the policy scope that controls quota restrictions, additional authentication, and authorization policies to register device identities to your organization. |
-| featureRolloutPolicies | [featureRolloutPolicy](featurerolloutpolicy.md) collection | The feature rollout policy associated with a directory object. |
-| homeRealmDiscoveryPolicies | [homeRealmDiscoveryPolicy](homerealmdiscoverypolicy.md) collection | The policy to control Azure AD authentication behavior for federated users. |
-| identitySecurityDefaultsEnforcementPolicy | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | The policy that represents the security defaults that protect against common attacks. |
-| mobileAppManagementPolicies | [mobilityManagementPolicy](mobilitymanagementpolicy.md) collection | The policy that defines auto-enrollment configuration for a mobility management (MDM or MAM) application. |
-| permissionGrantPolicies | [permissionGrantPolicy](permissiongrantpolicy.md) collection | The policy that specifies the conditions under which consent can be granted. |
-| roleManagementPolicies | [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection | Represents the role management policies. |
-| roleManagementPolicyAssignments | [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection | Represents the role management policy assignments. |
-| tokenIssuancePolicies | [tokenIssuancePolicy](tokenissuancepolicy.md) collection | The policy that specifies the characteristics of SAML tokens issued by Azure AD. |
-| tokenLifetimePolicies | [tokenLifetimePolicy](tokenlifetimepolicy.md) collection | The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Azure AD. |
+
+| Relationship | Type | Description |
+|:|:-|:|
+| accessReviewPolicy | [accessReviewPolicy](accessreviewpolicy.md) | The policy that contains directory-level access review settings. |
+| activityBasedTimeoutPolicies | [activityBasedTimeoutPolicy](activitybasedtimeoutpolicy.md) collection | The policy that controls the idle time out for web sessions for applications. |
+| adminConsentRequestPolicy | [adminConsentRequestPolicy](adminconsentrequestpolicy.md) | The policy by which consent requests are created and managed for the entire tenant. |
+| appManagementPolicies | [appManagementPolicy](appmanagementpolicy.md) collection | The policies that enforce app management restrictions for specific applications and service principals, overriding the defaultAppManagementPolicy. |
+| authenticationFlowsPolicy | [authenticationFlowsPolicy](authenticationflowspolicy.md) | The policy configuration of the self-service sign-up experience of external users. |
+| authenticationMethodsPolicy | [authenticationMethodsPolicy](authenticationmethodspolicy.md) | The authentication methods and the users that are allowed to use them to sign in and perform multi-factor authentication (MFA) in Azure Active Directory (Azure AD). |
+| authorizationPolicy | [authorizationPolicy](authorizationpolicy.md) collection | The policy that controls Azure AD authorization settings. |
+| b2cAuthenticationMethodsPolicy | [b2cAuthenticationMethodsPolicy](b2cauthenticationmethodspolicy.md) | The Azure AD B2C policies that define how end users register via local accounts. |
+| claimsMappingPolicies | [claimsMappingPolicy](claimsmappingpolicy.md) collection | The claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. |
+| conditionalAccessPolicies | [conditionalAccessPolicy](conditionalaccesspolicy.md) | The custom rules that define an access scenario. |
+| crossTenantAccessPolicy | [crossTenantAccessPolicy](crosstenantaccesspolicy.md) | The custom rules that define an access scenario when interacting with external Azure AD tenants. |
+| defaultAppManagementPolicy | [tenantAppManagementPolicy](tenantappmanagementpolicy.md) | The tenant-wide policy that enforces app management restrictions for all applications and service principals. |
+| featureRolloutPolicies | [featureRolloutPolicy](featurerolloutpolicy.md) collection | The feature rollout policy associated with a directory object. |
+| homeRealmDiscoveryPolicies | [homeRealmDiscoveryPolicy](homerealmdiscoverypolicy.md) collection | The policy to control Azure AD authentication behavior for federated users. |
+| identitySecurityDefaultsEnforcementPolicy | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | The policy that represents the security defaults that protect against common attacks. |
+| mobileAppManagementPolicies | [mobilityManagementPolicy](mobilitymanagementpolicy.md) collection | The policy that defines auto-enrollment configuration for a mobility management (MDM or MAM) application. |
+| permissionGrantPolicies | [permissionGrantPolicy](permissiongrantpolicy.md) collection | The policy that specifies the conditions under which consent can be granted. |
+| roleManagementPolicies | [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection | Represents the role management policies. |
+| roleManagementPolicyAssignments | [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection | Represents the role management policy assignments. |
+| tokenIssuancePolicies | [tokenIssuancePolicy](tokenissuancepolicy.md) collection | The policy that specifies the characteristics of SAML tokens issued by Azure AD. |
+| tokenLifetimePolicies | [tokenLifetimePolicy](tokenlifetimepolicy.md) collection | The policy that controls the lifetime of a JWT access token, an ID token, or a SAML 1.1/2.0 token issued by Azure AD. |
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"@odata.type": "#microsoft.graph.policyRoot" } ```-
v1.0 Resulttemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/resulttemplate.md
The following is a JSON representation of the resource.
```json {
- "resultTemplateId": {
- "displayName": "String",
- "body": "Json schema"
- }
+ "resultTemplateId": {
+ "displayName": "String",
+ "body": "Json schema"
+ }
} ```
v1.0 Riskserviceprincipalactivity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskserviceprincipalactivity.md
+
+ Title: "riskServicePrincipalActivity resource type"
+description: "Represents the risk activity of an Azure AD service principal as determined by Azure AD Identity Protection."
+
+ms.localizationpriority: medium
++
+# riskServicePrincipalActivity resource type
+
+Namespace: microsoft.graph
+
+Represents the risk activity of an Azure AD service principal as determined by Azure AD Identity Protection.
+
+## Properties
+
+| Property | Type |Description|
+|:|:--|:-|
+|riskEventType|String|The type of risk event detected. The possible values are: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, `adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, `unknownFutureValue`.|
+| detail | riskDetail | Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+
+## JSON representation
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [ ],
+ "@odata.type": "microsoft.graph.riskServicePrincipalActivity"
+}-->
+```json
+{
+ "riskEventTypes": ["String"],
+ "detail": "String"
+}
+```
+<!--
+{
+ "type": "#page.annotation",
+ "description": "",
+ "keywords": "",
+ "section": "",
+ "tocPath": "",
+ "suppressions": []
+}
+-->
+
v1.0 Riskyserviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskyserviceprincipal.md
+
+ Title: "riskyServicePrincipal resource type"
+description: "Represents Azure AD workload identities that are at risk, including risk for applications, service principals and Managed Identities. "
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipal resource type
+
+Namespace: microsoft.graph
++
+Represents Azure AD service principals that are at-risk. Azure AD continually evaluates service principal risk based on various signals and machine learning. This API provides programmatic access to all at-risk service principals in your Azure AD tenant.
+
+Inherits from [entity](../resources/entity.md).
+
+>**Note:** Using the riskyServicePrincipal API requires an Azure AD Premium P2 license.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List riskyServicePrincipals](../api/identityprotectionroot-list-riskyserviceprincipals.md)|[riskyServicePrincipal](../resources/riskyserviceprincipal.md) collection|List risky service principals and their risk properties.|
+|[Get riskyServicePrincipal](../api/riskyserviceprincipal-get.md)|[riskyServicePrincipal](../resources/riskyserviceprincipal.md)|Get a specific risky service principal and its risk properties.|
+|[dismiss](../api/riskyserviceprincipal-dismiss.md)|None|Dismiss the risk of a risky service principal.|
+|[confirmCompromised](../api/riskyserviceprincipal-confirmcompromised.md)|None|Confirm a risky service principal as compromised.|
+|[List history](../api/riskyserviceprincipal-list-history.md) | [riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Get the risk history of an Azure AD service principal.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|accountEnabled|Boolean|`true` if the service principal account is enabled; otherwise, `false`.|
+|appId|String|The globally unique identifier for the associated application (its **appId** property), if any.|
+|displayName|String|The display name for the service principal.|
+|id|String|The unique identifier assigned to the service principal at risk. Inherited from [entity](../resources/entity.md).|
+|isProcessing|Boolean|Indicates whether Azure AD is currently processing the service principal's risky state.|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskLastUpdatedDateTime|DateTimeOffset|The date and time that the risk state was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is `2021-01-01T00:00:00Z`. Supports `$filter` (`eq`).|
+|riskLevel|riskLevel|Level of the detected risky workload identity. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Supports `$filter` (`eq`).|
+|riskState|riskState|State of the service principal's risk. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
+|servicePrincipalType|String|Identifies whether the service principal represents an `Application`, a `ManagedIdentity`, or a legacy application (`socialIdp`). This is set by Azure AD internally and is inherited from [servicePrincipal](../resources/servicePrincipal.md). |
+
+## Relationships
+
+|Method|Return type|Description|
+|:|:|:|
+|history|[riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Represents the risk history of Azure AD service principals.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.riskyServicePrincipal",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.riskyServicePrincipal",
+ "id": "String (identifier)",
+ "accountEnabled": "Boolean",
+ "isProcessing": "Boolean",
+ "riskLastUpdatedDateTime": "String (timestamp)",
+ "riskLevel": "String",
+ "riskState": "String",
+ "riskDetail": "String",
+ "displayName": "String",
+ "appId": "String",
+ "servicePrincipalType": "String"
+}
+```
+
v1.0 Riskyserviceprincipalhistoryitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/riskyserviceprincipalhistoryitem.md
+
+ Title: "riskyServicePrincipalHistoryItem resource type"
+description: "Represents the risk history of Azure AD service principals"
+
+ms.localizationpriority: medium
++
+# riskyServicePrincipalHistoryItem resource type
+
+Namespace: microsoft.graph
+
+Represents the risk history of an Azure AD service principal as determined by Azure AD Identity Protection. Inherits from [riskyServicePrincipal](riskyserviceprincipal.md).
+
+## Methods
+
+| Method | Return Type|Description|
+|:|:--|:-|
+|[List history](../api/riskyserviceprincipal-list-history.md) | [riskyServicePrincipalHistoryItem](riskyserviceprincipalhistoryitem.md) collection|Get the risk history of an Azure AD service principal.|
++
+## Properties
+
+| Property | Type | Description |
+|:|:--|:|
+| servicePrincipalId | string | The identifier of the service principal. |
+| initiatedBy | bool | The identifier of the actor of the operation. |
+| activity | [riskServicePrincipalActivity](riskserviceprincipalactivity.md)| The activity related to service principal risk level change. |
+
+## JSON representation
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [ ],
+ "@odata.type": "microsoft.graph.riskyServicePrincipalHistoryItem",
+ "baseType": "microsoft.graph.riskyServicePrincipal"
+}-->
+
+```json
+{
+ "servicePrincipalId": "String",
+ "initiatedBy": "String",
+ "activity": {"@odata.type": "microsoft.graph.riskServicePrincipalActivity"}
+}
+```
++
+<!--
+{
+ "type": "#page.annotation",
+ "description": "riskyServicePrincipalHistoryItem resource type",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+
+ ]
+}
+-->
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|preferredSingleSignOnMode|string|Specifies the single sign-on mode configured for this application. Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. The supported values are `password`, `saml`, `notSupported`, and `oidc`.| |preferredTokenSigningKeyEndDateTime|DateTimeOffset|Specifies the expiration date of the keyCredential used for token signing, marked by **preferredTokenSigningKeyThumbprint**.| |preferredTokenSigningKeyThumbprint|String|Reserved for internal use only. Do not write or otherwise rely on this property. May be removed in future versions. |
-|publishedPermissionScopes|[permissionScope](permissionscope.md) collection|The delegated permissions exposed by the application. For more information see the **oauth2PermissionScopes** property on the [application](application.md) entity's **api** property. Not nullable.|
+|publishedPermissionScopes|[permissionScope](permissionscope.md) collection|The delegated permissions exposed by the application. For more information see the **oauth2PermissionScopes** property on the [application](application.md) entity's **api** property. Not nullable. <br/>**Note:** This property is named **oauth2PermissionScopes** in v1.0.|
|replyUrls|String collection|The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Not nullable. | |samlMetadataUrl|String|The url where the service exposes SAML metadata for federation.| |samlSingleSignOnSettings|[samlSingleSignOnSettings](samlsinglesignonsettings.md)|The collection for settings related to saml single sign-on.|
v1.0 Serviceprincipalriskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipalriskdetection.md
+
+ Title: "servicePrincipalRiskDetection resource type"
+description: "Represents information about a detected at-risk service principal in an Azure AD tenant."
+
+ms.localizationpriority: medium
++
+# servicePrincipalRiskDetection resource type
+
+Namespace: microsoft.graph
++
+Represents information about detected at-risk service principals in an Azure AD tenant. Azure AD continually evaluates risks based on various signals and machine learning. This API provides programmatic access to all service principal risk detections in your Azure AD environment.
+
+Inherits from [entity](../resources/entity.md).
+
+For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection).
+
+>**Note:** You must have an Azure AD Premium P1 or P2 license to use the servicePrincipalRiskDetection API.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List servicePrincipalRiskDetections](../api/identityprotectionroot-list-serviceprincipalriskdetections.md)|[servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) collection|List service principal risk detections and their properties.|
+|[Get servicePrincipalRiskDetection](../api/serviceprincipalriskdetection-get.md)|[servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md)|Get a specific service principal risk detection and its properties.|
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|activity|activityType|Indicates the activity type the detected risk is linked to. The possible values are: `signin`, `unknownFutureValue`, `servicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `servicePrincipal`. |
+|activityDateTime|DateTimeOffset|Date and time when the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
+|additionalInfo|String|Additional information associated with the risk detection. This string value is represented as a JSON object with the quotations escaped. |
+|appId|String|The unique identifier for the associated application.|
+|correlationId|String|Correlation ID of the sign-in activity associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in activity.|
+|detectedDateTime|DateTimeOffset|Date and time when the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|detectionTimingType|riskDetectionTimingType|Timing of the detected risk , whether real-time or offline). The possible values are: `notDefined`, `realtime`, `nearRealtime`, `offline`, `unknownFutureValue`.|
+|id|String|Unique identifier of the risk detection. Inherited from [entity](../resources/entity.md).|
+|ipAddress|String|Provides the IP address of the client from where the risk occurred.|
+|keyIds|String collection|The unique identifier (GUID) for the key credential associated with the risk detection.|
+|lastUpdatedDateTime|DateTimeOffset|Date and time when the risk detection was last updated.|
+|location|[signInLocation](signinlocation.md)|Location from where the sign-in was initiated. |
+|requestId|String|Request identifier of the sign-in activity associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in activity. Supports `$filter` (`eq`).|
+|riskDetail|riskDetail|Details of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. <br/>The possible values are: `none`, `hidden`, `unknownFutureValue`, `adminConfirmedServicePrincipalCompromised`, `adminDismissedAllRiskForServicePrincipal`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `adminConfirmedServicePrincipalCompromised` , `adminDismissedAllRiskForServicePrincipal`.|
+|riskEventType|String|The type of risk event detected. The possible values are: `investigationsThreatIntelligence`, `generic`, `adminConfirmedServicePrincipalCompromised`, `suspiciousSignins`, `leakedCredentials`, `unknownFutureValue`. Supports `$filter` (`eq`).|
+|riskLevel|riskLevel|Level of the detected risk. <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`. The possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.|
+|riskState|riskState|The state of a detected risky service principal or sign-in activity. The possible values are: `none`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
+|servicePrincipalDisplayName|String| The display name for the service principal.|
+|servicePrincipalId|String|The unique identifier for the service principal. Supports `$filter` (`eq`).|
+|source|String|Source of the risk detection. For example, `identityProtection`.|
+|tokenIssuerType|tokenIssuerType|Indicates the type of token issuer for the detected sign-in risk. The possible values are: `AzureAD`, `UnknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.servicePrincipalRiskDetection",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.servicePrincipalRiskDetection",
+ "id": "String (identifier)",
+ "requestId": "String",
+ "correlationId": "String",
+ "riskEventType": "String",
+ "riskState": "String",
+ "riskLevel": "String",
+ "riskDetail": "String",
+ "source": "String",
+ "detectionTimingType": "String",
+ "activity": "String",
+ "tokenIssuerType": "String",
+ "ipAddress": "String",
+ "location": {
+ "@odata.type": "microsoft.graph.signInLocation"
+ },
+ "activityDateTime": "String (timestamp)",
+ "detectedDateTime": "String (timestamp)",
+ "lastUpdatedDateTime": "String (timestamp)",
+ "servicePrincipalId": "String",
+ "servicePrincipalDisplayName": "String",
+ "appId": "String",
+ "keyIds": [
+ "String"
+ ],
+ "additionalInfo": "String"
+}
+```
+
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/team.md
For a POST request example, see [Request (create team in migration state)](/micr
| Relationship | Type | Description | |:|:--|:-|
-|channels|[channel](channel.md) collection|The collection of channels & messages associated with the team.|
+|channels|[channel](channel.md) collection|The collection of channels and messages associated with the team.|
|installedApps|[teamsAppInstallation](teamsappinstallation.md) collection|The apps installed in this team.| |members|[conversationMember](../resources/conversationmember.md) collection|Members and owners of the team.| |owners|[user](user.md)| The list of this team's owners. Currently, when creating a team using application permissions, exactly one owner must be specified. When using user delegated permissions, no owner can be specified (the current user is the owner). Owner must be specified as an object ID (GUID), not a UPN. |
v1.0 Tenantrelationshipaccesspolicybase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/tenantrelationshipaccesspolicybase.md
+
+ Title: "tenantRelationshipAccessPolicyBase resource type"
+description: "The base type that defines a tenant relationship."
+
+ms.localizationpriority: medium
++
+# tenantRelationshipAccessPolicyBase resource type
+
+Namespace: microsoft.graph
++
+The base type that defines a tenant relationship. This is an abstract type that's inherited by cross-tenant policy objects including [crossTenantAccessPolicy](crosstenantaccesspolicy.md).
+
+Inherits from [policyBase](policybase.md).
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| definition (deprecated) | String collection | The raw JSON definition of the cross-tenant access policy. **Deprecated. Do not use.** |
+| description | String | Description for this policy. Required. Inherited from [policyBase](../resources/policybase.md). |
+| displayName | String collection | Display name for this policy. Required. Inherited from [policyBase](../resources/policybase.md). |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "baseType": "microsoft.graph.policyBase",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.tenantRelationshipAccessPolicyBase",
+ "definition": [
+ "String"
+ ],
+ "description": "String",
+ "displayName": "String"
+}
+```
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
This resource supports:
|:|:--|:| | aboutMe | String | A freeform text entry field for the user to describe themselves. <br><br>Returned only on `$select`. | | accountEnabled | Boolean | `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
+| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
| assignedLicenses | [assignedLicense](assignedlicense.md) collection | The licenses that are assigned to the user, including inherited (group-based) licenses. <br><br>Not nullable. Supports `$filter` (`eq` and `not`). | | assignedPlans | [assignedPlan](assignedplan.md) collection | The plans that are assigned to the user. Read-only. Not nullable.<br><br>Supports `$filter` (`eq` and `not`). | | birthday | DateTimeOffset | The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z` <br><br>Returned only on `$select`. | | businessPhones | String collection | The telephone numbers for the user. Only one number can be set for this property. <br><br>Read-only for users synced from on-premises directory. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| | city | String | The city in which the user is located. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). |
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
| country | String | The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). | | createdDateTime | DateTimeOffset | The date and time the user was created. The value cannot be modified and is automatically populated when the entity is created. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. Property is nullable. A null value indicates that an accurate creation time couldn't be determined for the user. Read-only. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`). | | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`). </ul> <br>Read-only.<br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
This resource supports:
| department | String | The name for the department in which the user works. Maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values). | | displayName | String | The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| | externalUserState | String | For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `in`). |
This resource supports:
| isResourceAccount | Boolean | Do not use ΓÇô reserved for future use. | | jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| | lastPasswordChangeDateTime | DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, , whichever date the latest action was performed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. <br><br>Returned only on `$select`. |
-| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
+| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
| licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. Read-only. <br><br>Returned only on `$select`. | | mail | String | The SMTP address for the user, for example, `admin@contoso.com`. Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters. <br><br> Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values). | | mailboxSettings | [mailboxSettings](mailboxsettings.md) | Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale, and time zone. For more information, see [User preferences for languages and regional formats](#user-preferences-for-languages-and-regional-formats). <br><br>Returned only on `$select`. |
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 X509certificateauthenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmethodconfiguration.md
+
+ Title: "x509CertificateAuthenticationMethodConfiguration resource type"
+description: "Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationMethodConfiguration resource type
+
+Namespace: microsoft.graph
++
+Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it.
+
+Inherits from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[Get x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-get.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Update x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-update.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Update the properties of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Restore the x509CertificateAuthenticationMethodConfiguration object to its default configuration.|
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The identifier for the authentication method policy. The value is always `X509Certificate`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
++
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of users or groups who are enabled to use the authentication method.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "baseType": "microsoft.graph.authenticationMethodConfiguration",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "String (identifier)",
+ "state": "String",
+ "certificateUserBindings": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+ }
+}
+```
+
v1.0 X509certificateauthenticationmodeconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmodeconfiguration.md
+
+ Title: "x509CertificateAuthenticationModeConfiguration resource type"
+description: "Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationModeConfiguration resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|rules|[x509CertificateRule](../resources/x509certificaterule.md) collection| Rules are configured in addition to the authentication mode to bind a specific **x509CertificateRuleType** to an **x509CertificateAuthenticationMode**. For example, bind the `policyOID` with identifier `1.32.132.343` to `x509CertificateMultiFactor` authentication mode.|
+|x509CertificateAuthenticationDefaultMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationModeConfiguration",
+ "x509CertificateAuthenticationDefaultMode": "String",
+ "rules": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+ }
+ ]
+}
+```
+
v1.0 X509certificaterule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificaterule.md
+
+ Title: "x509CertificateRule resource type"
+description: "Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode."
+
+ms.localizationpriority: medium
++
+# x509CertificateRule resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|identifier|String| The identifier of the X.509 certificate. Required.|
+|x509CertificateAuthenticationMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`. Required.|
+|x509CertificateRuleType|x509CertificateRuleType| The type of the X.509 certificate mode configuration rule. The possible values are: `issuerSubject`, `policyOID`, `unknownFutureValue`. Required.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateRule",
+ "x509CertificateRuleType": "String",
+ "identifier": "String",
+ "x509CertificateAuthenticationMode": "String"
+}
+```
+
v1.0 X509certificateuserbinding https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateuserbinding.md
+
+ Title: "x509CertificateUserBinding resource type"
+description: "Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account."
+
+ms.localizationpriority: medium
++
+# x509CertificateUserBinding resource type
+
+Namespace: microsoft.graph
++
+Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|priority|Int32|The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the **certificateUserBindings** property of an **x509CertificateAuthenticationMethodConfiguration** object. Required|
+|userProperty|String|Defines the Azure AD user property of the user object to use for the binding. The possible values are: **userPrincipalName**, `onPremisesUserPrincipalName`, `email`. Required.|
+|x509CertificateField|String|The field on the X.509 certificate to use for the binding. The possible values are: `PrincipalName`, `RFC822Name`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateUserBinding",
+ "x509CertificateField": "String",
+ "userProperty": "String",
+ "priority": "Integer"
+}
+```
+
v1.0 Accesspackagecatalog Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accesspackagecatalog-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accesspackagecatalog" } --> ```http
-PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageCatalogs/{accessPackageCatalogId}
+PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/catalogs/{accessPackageCatalogId}
Content-Type: application/json { "displayName":"Catalog One" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Appcatalogs List Teamsapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/appcatalogs-list-teamsapps.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | AppCatalog.Read.All, AppCatalog.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Application Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/application-get.md
Content-type: application/json
"addIns": [], "publisherDomain": "contoso.onmicrosoft.com", "signInAudience": "AzureADandPersonalMicrosoftAccount",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"tags": [], "tokenEncryptionKeyId": null, "api": {
v1.0 Channel Delete Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-delete-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Delete.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Channel.Delete.Group*, Channel.Delete.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get Filesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get-filesfolder.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Files.Read.All, Files.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Channel Get Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Channel List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list-messages.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.Read.Group*, TeamsTab.ReadWrite.Group*, TeamsTab.Read.All, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-list.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-patch-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsTab.ReadWrite.Group*, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Patch https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-patch.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.ReadWrite.Group*, ChannelSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-post-tabs.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | | Application | TeamsTab.Create.Group*, TeamsTab.Create, TeamsTab.ReadWriteForTeam.All, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Channel Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-post.md
One of the following permissions is required to call this API. To learn more, in
|Application | Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All**, Directory.ReadWrite.All** | > **Notes**:
-> Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
+> Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> > This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of. >
v1.0 Chat Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-get.md
Content-type: application/json
} ```
+### Example 4: Get the meeting details of a chat associated with a Microsoft Teams meeting
+#### Request
+The following is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_meeting_chat"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/chats/19:meeting_ZDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4@thread.v2
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+#### Response
+The following example shows the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "id": "19:meeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4@thread.v2",
+ "topic": "Test Meeting",
+ "createdDateTime": "2021-08-17T12:21:37.322Z",
+ "lastUpdatedDateTime": "2021-08-18T00:31:31.817Z",
+ "chatType": "meeting",
+ "webUrl": "https://teams.microsoft.com/l/chat/19%3Ameeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4%40thread.v2/0?tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34",
+ "tenantId": "2432b57b-0abd-43db-aa7b-16eadd115d35",
+ "onlineMeetingInfo": {
+ "calendarEventId": "AAMkADAzMjNhY2NiLWVmNDItNDVjYS05MnFjLTExY2U0ZWMyZTNmZQBGAAAAAAARDMODhhR0TZRGWo9nN0NcBwAmvYmLhDvYR6hCFdQLgxR-AAAAAAENAAAmvYmLhDvYR6hCFdQLgxR-AABkrglJAAA=",
+ "joinWebUrl": "https://teams.microsoft.com/l/meetup-join/19%3Ameeting_YDZlYTYxOWUtYzdlMi00ZmMxLWIxMTAtN2YzODZlZjAxYzI4%40thread.v2/0?context=%7b%22Tid%22%3a%222432b57b-0abd-43db-aa7b-16eadd115d34%22%2c%22Oid%22%3a%22bfb5bb25-3a8d-487d-9828-7875ced51a30%22%7d",
+ "organizer": {
+ "id": "bfb5bb25-3a8d-487d-9828-7875ced51a30",
+ "displayName": null,
+ "userIdentityType": "aadUser"
+ }
+ }
+}
+```
+ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Chatmessage Delta https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-delta.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not Supported | |Application | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group, ChannelMessage.Read.All, Group.Read.All**, Group.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
### Permissions for chat
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-list-hostedcontents.md
Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedco
|Delegated (personal Microsoft account)|Not supported.| |Application| Chat.Read.All, Chat.ReadWrite.All|
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage List Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-list-replies.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| ChannelMessage.Read.Group*, ChannelMessage.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chatmessage Post Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-post-replies.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Teamwork.Migrate.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessagehostedcontent-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application| Chat.Read.All, Chat.ReadWrite.All|
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> [!NOTE] > Before calling this API with application permissions, you must request access. For details, see [Protected APIs in Microsoft Teams](/graph/teams-protected-apis).
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmemberobjects.md
doc_type: "apiPageType"
Namespace: microsoft.graph
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmemberobjects.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Driveitem Copy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/driveitem-copy.md
Title: driveItem: copy
+ Title: "driveItem: copy"
ms.localizationpriority: medium ms.prod: "sharepoint" description: "Asynchronously creates a copy of an driveItem (including any children), under a new parent item or with a new name."
v1.0 Educationassignment Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/educationassignment-update.md
Content-type: application/json
## See also * [States, transitions, and limitations for assignments and submissions](/graph/assignments-submissions-states-transition)
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC -->
v1.0 Educationassignmentdefaults Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/educationassignmentdefaults-update.md
Content-Type: application/json
} ```
+## See also
+
+* [Specify the default channel for education assignment notifications](/graph/education-build-notificationchannelurl)
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Addtokensigningcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-addtokensigningcertificate.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/javascript/serviceprincipal-addtokensigningcertificate-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-get.md
Content-type: application/json
"endpoints": [], "homepage": null, "id": "00af5dfb-85da-4b41-a677-0c6b86dd34f8",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"info": { "termsOfServiceUrl": null, "supportUrl": null,
v1.0 Serviceprincipal List Homerealmdiscoverypolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-list-homerealmdiscoverypolicies.md
HTTP/1.1 200 OK
Content-type: application/json {
- "value": [
- {
- "definition": [
- "definition-value"
- ],
- "displayName": "displayName-value",
- "isOrganizationDefault": true,
- "id": "id-value"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.homeRealmDiscoveryPolicy)",
+ "value": [
+ {
+ "id": "6c6f154f-cb39-4ff9-bf5b-62d5ad585cde",
+ "deletedDateTime": null,
+ "definition": [
+ "{\"HomeRealmDiscoveryPolicy\": {\"AccelerateToFederatedDomain\":true, \"PreferredDomain\":\"federated.example.edu\", \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ ],
+ "displayName": "Contoso default HRD Policy",
+ "isOrganizationDefault": false
+ }
+ ]
} ```
v1.0 Site Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/site-get.md
Previously updated : 09/10/2017 Title: Get a SharePoint Site ms.localizationpriority: high ms.prod: "sharepoint"
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
|[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
Response results are based on the context of the calling app. The following sections describe the common scenarios.
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
|[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
[!INCLUDE [teams-subscription-notes](../../includes/teams-subscription-notes.md)]
v1.0 Team Archive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-archive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Clone https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-clone.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.Create, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
## HTTP request
v1.0 Team Get Primarychannel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get-primarychannel.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | ChannelSettings.Read.Group*, ChannelSettings.ReadWrite.Group*, Channel.ReadBasic.All, ChannelSettings.Read.All, ChannelSettings.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
## HTTP request
v1.0 Team List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-list-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.Read.Group*, TeamMember.Read.All, TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Team Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request
v1.0 Team Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-post.md
One of the following permissions is required to call this API. To learn more, in
> **Note**: The Teamwork.Migrate.All permission is *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All, Directory.ReadWrite.All |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Team Unarchive https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-unarchive.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Team Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/team-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | TeamSettings.ReadWrite.Group*, TeamSettings.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent). Permissions marked with ** are deprecated and should not be used.
> **Note**: This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.
v1.0 Teamsapp Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-delete.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Teamsapp Publish https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-publish.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Teamsapp Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/teamsapp-update.md
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported| | Application | Not supported. |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
## HTTP request
v1.0 Termstore Group List Sets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/termstore-group-list-sets.md
Title: "List sets"
description: "Get a list of the set objects and their properties." ms.localizationpriority: medium doc_type: apiPageType
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_set_1" }--> ``` http
-GET https://graph.microsoft.com/v1.0/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/groups/03577abb-975e-4fb4-9ee0-4102a9108f94/sets
+GET https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/groups/03577abb-975e-4fb4-9ee0-4102a9108f94/sets
```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Termstore Relation Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/termstore-relation-post.md
Title: "Create relation"
description: "Create a new relation object." ms.localizationpriority: medium doc_type: apiPageType
If successful, this method returns a `201 Created` response code and a [microsof
--> ``` http
-POST https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/v1.0/27fd2d26-60d3-485c-9420-0c71f74a0cfd/terms/8861b57a-c777-49e7-826f-47d6afecf80d/relations
+POST https://graph.microsoft.com/v1.0/sites/microsoft.sharepoint.com,b9b0bc03-cbc4-40d2-aba9-2c9dd9821ddf,6a742cee-9216-4db5-8046-13a595684e74/termStore/27fd2d26-60d3-485c-9420-0c71f74a0cfd/terms/8861b57a-c777-49e7-826f-47d6afecf80d/relations
Content-Type: application/json {
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, User.Read.All, User.ReadWrite.All, Directory.Read.All**, Directory.ReadWrite.All** |
-> **Note**: Permissions marked with ** are deprecated and should not be used.
+> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
> **Note:** Currently, with user delegated permissions, this operation only works for the `me` user. With application permissions, it works for all users by specifying the specific user ID (`me` alias is not supported with application permissions). For details, see [Known issues](/graph/known-issues#microsoft-teams-users-list-of-joined-teams-preview).
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. |
-| employeeId | String | The employee identifier assigned to the user by the organization. |
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. |
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| lastUpdatedDateTime| dateTimeOffset| Date and time at which the chat was renamed or list of members were last changed. Read-only.| | topic| String| (Optional) Subject or topic for the chat. Only available for group chats.| | webUrl | String| The URL for the chat in Microsoft Teams. The URL should be treated as an opaque blob, and not parsed. Read-only. |
+| tenantId| String | The identifier of the tenant in which the chat was created. Read-only.|
+| onlineMeetingInfo | [teamworkOnlineMeetingInfo](../resources/teamworkonlinemeetinginfo.md) | Represents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty. Read-only.|
### chatType values
Here is a JSON representation of the resource.
"createdDateTime": "dateTimeOffset", "lastUpdatedDateTime": "dateTimeOffset", "chatType": "string",
- "webUrl": "string"
+ "webUrl": "string",
+ "tenantId": "string",
+ "onlineMeetingInfo": {
+ "@odata.type": "microsoft.graph.teamworkOnlineMeetingInfo"
+ }
} ```
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Homerealmdiscoverypolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/homerealmdiscoverypolicy.md
Inherits from [stsPolicy](stsPolicy.md).
| Property | Type | Description | |:-|:|:| |id|String| Unique identifier for this policy. Read-only.|
-|definition|String collection| A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required.|
+|definition|String collection| A string collection containing a JSON string that defines the rules and settings for this policy. See [Properties of a home realm discovery policy definition](#properties-of-a-home-realm-discovery-policy-definition) for more details about the JSON schema for this property. Required.|
|description|String| Description for this policy.| |displayName|String| Display name for this policy. Required.|
-|isOrganizationDefault|Boolean|If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.|
+|isOrganizationDefault|Boolean|If set to `true`, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is `false`.|
### Properties of a home realm discovery policy definition
The properties below form the JSON object that represents a token lifetime polic
}--> ``` json "definition": [
- "{\"HomeRealmDiscoveryPolicy\":
- {\"AccelerateToFederatedDomain\":true,
- \"PreferredDomain\":\"federated.example.edu\",
- \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ "{
+ \"HomeRealmDiscoveryPolicy\": {
+ \"AccelerateToFederatedDomain\":true,
+ \"AllowCloudPasswordValidation\": false,
+ \"PreferredDomain\":\"federated.example.edu\",
+ \"AlternateIdLogin\":{
+ \"Enabled\":true
+ }
+ }
+ }"
] ``` | Property | Type |Description| |:|:--|:-| |AccelerateToFederatedDomain|Boolean| Set to `true` for auto-acceleration (bypass home realm discovery). If `true` and there is only one verified and federated domain in the tenant, then users will be taken straight to the federated identity provider (such as ADFS) for sign in. If `true` and there is more than one verified domain in the tenant, **PreferredDomain** must be specified. Optional.|
-|PreferredDomain|String| Specifies a domain to accelerate sign-in to. It can be omitted if the tenant has only one federated domain. If it is omitted, and there is more than one verified federated domain, this policy has no effect. Required if **AccelerateToFederatedDomain** is `true`.|
|AllowCloudPasswordValidation|Boolean| Set to `true` to allow an application to authenticate a federated user by presenting username/password credentials directly to the Azure Active Directory token endpoint. Only works if Password Hash Sync is enabled. Optional.|
-|AlternateIdLogin| Json |Set to {"Enabled": true} to allow Azure AD sign-in using email as [an alternate login ID](/azure/active-directory/authentication/howto-authentication-use-email-signin). Only works when **IsOrganizationDefault** is set to `true`. Optional.|
+|AlternateIdLogin| Json |Set to `{\"Enabled\": true}` to allow Azure AD sign-in using email as [an alternate login ID](/azure/active-directory/authentication/howto-authentication-use-email-signin). Only works when **IsOrganizationDefault** is set to `true`. Optional.|
+|PreferredDomain|String| Specifies a domain to accelerate sign-in to. It can be omitted if the tenant has only one federated domain. If it is omitted, and there is more than one verified federated domain, this policy has no effect. Required if **AccelerateToFederatedDomain** is `true`.|
## Relationships
v1.0 Keycredential https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/keycredential.md
Contains a key credential associated with an application or a service principal.
|:|:--|:-| |customKeyIdentifier|Binary| Custom key identifier | | displayName | String | Friendly name for the key. Optional. |
-|endDateTime|DateTimeOffset|The date and time at which the credential expires.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|key|Binary| The certificate's raw data in byte array converted to Base64 string; for example, `[System.Convert]::ToBase64String($Cert.GetRawCertData())`. |
+|endDateTime|DateTimeOffset|The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|key|Binary| The certificate's raw data in byte array converted to Base64 string. Returned only on `$select` for a single object, that is, `GET applications/{applicationId}?$select=keyCredentials` or `GET servicePrincipals/{servicePrincipalId}?$select=keyCredentials`; otherwise, it is always `null`. |
|keyId|Guid|The unique identifier (GUID) for the key.| |startDateTime|DateTimeOffset|The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|type|String|The type of key credential; for example, `Symmetric`.|
+|type|String|The type of key credential; for example, `Symmetric`, `AsymmetricX509Cert`.|
|usage|String|A string that describes the purpose for which the key can be used; for example, `Verify`.| ## JSON representation
-Here is a JSON representation of the resource
+The following is a JSON representation of the resource
<!-- { "blockType": "resource",
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/licenseassignmentstate.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/team.md
For a POST request example, see [Request (create team in migration state)](/micr
| Relationship | Type | Description | |:|:--|:-|
-|channels|[channel](channel.md) collection|The collection of channels & messages associated with the team.|
+|channels|[channel](channel.md) collection|The collection of channels and messages associated with the team.|
|installedApps|[teamsAppInstallation](teamsappinstallation.md) collection|The apps installed in this team.| |members|[conversationMember](../resources/conversationmember.md) collection|Members and owners of the team.| |operations|[teamsAsyncOperation](teamsasyncoperation.md) collection| The async operations that ran or are running on this team. |
v1.0 Teamworkonlinemeetinginfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/teamworkonlinemeetinginfo.md
+
+ Title: "teamworkOnlineMeetingInfo resource type"
+description: "Represents details about an online meeting in Microsoft Teams."
+
+ms.localizationpriority: medium
++
+# teamworkOnlineMeetingInfo resource type
+
+Namespace: microsoft.graph
+
+Represents details about an online meeting in Microsoft Teams.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|calendarEventId|String|The identifier of the calendar event associated with the meeting.|
+|joinWebUrl|String|The URL that users click to join or uniquely identify the meeting.|
+|organizer|[teamworkUserIdentity](teamworkuseridentity.md)|The organizer of the meeting.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.teamworkOnlineMeetingInfo"
+}
+-->
+``` json
+{
+ "calendarEventId": "string",
+ "joinWebUrl": "string",
+ "organizer": {"@odata.type": "microsoft.graph.teamworkUserIdentity"}
+}
+```
+
+## See also
+- [Chat](chat.md)
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/user.md
This resource supports:
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves. Returned only on `$select`.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|assignedLicenses|[assignedLicense](assignedlicense.md) collection|The licenses that are assigned to the user, including inherited (group-based) licenses. Not nullable. Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |assignedPlans|[assignedPlan](assignedplan.md) collection|The plans that are assigned to the user. Read-only. Not nullable. <br><br>Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.| |businessPhones|String collection|The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. <br><br>Returned by default. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| |city|String|The city in which the user is located. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|country|String|The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |createdDateTime | DateTimeOffset |The created date of the user object. Read-only. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`).</ul> <br>Read-only.<br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `in`). |
This resource supports:
|department|String|The name for the department in which the user works. Maximum length is 64 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values).| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| |externalUserState|String|For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `in`).|
This resource supports:
|isResourceAccount|Boolean| Do not use ΓÇô reserved for future use.| |jobTitle|String|The user's job title. Maximum length is 128 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |lastPasswordChangeDateTime| DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.|
-|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
+|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
|licenseAssignmentStates|[licenseAssignmentState](licenseassignmentstate.md) collection|State of license assignments for this user. Read-only. <br><br>Returned only on `$select`.| |mail|String|The SMTP address for the user, for example, `jeff@contoso.onmicrosoft.com`.<br>Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters.<br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values).| |mailboxSettings|[mailboxSettings](mailboxsettings.md)|Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale and time zone. <br><br>Returned only on `$select`.|
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
- name: Assignment settings href: resources/educationassignmentsettings.md items:
- - name: Get assignment settings
+ - name: Get
href: api/educationassignmentsettings-get.md
- - name: Update assignment settings
+ - name: Update
href: api/educationassignmentsettings-update.md - name: Assignment defaults href: resources/educationassignmentdefaults.md items:
- - name: Get assignment defaults
+ - name: Get
href: api/educationassignmentdefaults-get.md
- - name: Update assignment defaults
+ - name: Update
href: api/educationassignmentdefaults-update.md - name: Category href: resources/educationcategory.md items:
- - name: Create category
+ - name: Create
href: api/educationclass-post-category.md
- - name: Get category
+ - name: Get
href: api/educationcategory-get.md
- - name: Delete category
+ - name: Delete
href: api/educationcategory-delete.md - name: Rubric href: resources/educationrubric.md items:
- - name: Create rubric
+ - name: Create
href: api/educationuser-post-rubrics.md
- - name: Get rubric
+ - name: Get
href: api/educationrubric-get.md
- - name: Update rubric
+ - name: Update
href: api/educationrubric-update.md
- - name: Delete rubric
+ - name: Delete
href: api/educationrubric-delete.md - name: Submission href: resources/educationsubmission.md