+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+description: "Use this API to remove a member (user, group, or device) from an administrative unit."

+Use this API to remove a member (user, group, or device) from an administrative unit.

+### Request

+The following is an example of the request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.

+```msgraph-interactive

+### Response

+The following is an example of the response.

+### Request

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+description: "Use this API to get a specific member (user, group, or device) in an administrative unit."

+Use this API to get a specific member (user, group, or device) in an administrative unit.

+If successful, this method returns a `200 OK` response code and a [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object in the response body.

+### Request

+The following is an example of the request.

+```msgraph-interactive

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+GET /directory/administrativeUnits/{id}

+### Request

+GET https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "isMemberManagementRestricted": null,

+ "visibility": "HiddenMembership",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null

+description: "Use this API to get the members list (users, groups, and devices) in an administrative unit."

+Use this API to get the members list (users, groups, and devices) in an administrative unit.

+## Optional query parameters

+This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.

+`$search` is supported on the **displayName** and **description** properties only. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).

+| Header |Value|

+| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |

+If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) objects in the response body. Adding `$ref` at the end of the request returns a collection of only `@odata.id` URLs of the members.

+### Example 1: List member objects

+#### Request

+#### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+### Example 2: List member references

+#### Request

+#### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+description: "Use this API to add a member (user, group, or device) to an administrative unit."

+Use this API to add a member (user, group, or device) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.

+**Note:** Currently, it's only possible to add one member at a time to an administrative unit.`

+In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added.

+In the request body, provide the `id` of the [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object you want to add.

+PATCH /directory/administrativeUnits/{id}

+|description|String|Description for the administrative unit.|

+|displayName|String|Display name for the administrative unit.|

+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.

+### Request

+PATCH https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+ "displayName": "Greater Seattle District Technical Schools"

+### Response

+| keyId | Guid | The unique identifier for the password.|

+| keyId | Guid | The unique identifier for the password. Required. |

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}

+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+ocp-client-name: "My Friendly Client"

+ocp-client-version: "1.2"

+### Request

+The following is an example of a request.

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|

+### Example 5: Create a group chat with tenant guest user

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_chat_group"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/chats

+Content-Type: application/json

+{

+ "chatType": "group",

+ "topic": "Group chat title",

+ "members": [

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["guest"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chat"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats/$entity",

+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",

+ "topic": "Group chat title",

+ "createdDateTime": "2020-12-04T23:11:16.175Z",

+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",

+ "chatType": "group",

+ "webUrl": "https://teams.microsoft.com/l/chat/19%3A1c5b01696d2e4a179c292bc9cf04e63b@thread.v2/0?tenantId=b33cbe9f-8ebe-4f2a-912b-7e2a427f477f"

+}

+```

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+ Title: "Get cloudPcSnapshot"

+description: "Read the properties and relationships of a cloudPcSnapshot object."

+ms.localizationpriority: medium

+# Get cloudPcSnapshot

+Namespace: microsoft.graph

+Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/virtualEndpoint/snapshots/{cloudPcSnapshotId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_cloudpcsnapshot"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots/A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.cloudPcSnapshot"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",

+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",

+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",

+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",

+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",

+ "status": "ready"

+ }

+}

+```

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.

+The following is an example of a request.

+The following is an example of the response.

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+ Title: "List memberOf"

+description: "Get groups or administrative units that this device is a direct member of. This operation is not transitive."

+# List memberOf

+Get [groups](../resources/group.md) and [administrative units](../resources/administrativeunit.md) that the device is a direct member of. This operation is not transitive.

+ Title: "List administrativeUnits"

+description: "Retrieve a list of administrativeUnit objects."

+ms.localizationpriority: medium

+# List administrativeUnits

+Namespace: microsoft.graph

+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /administrativeUnits

+GET /directory/administrativeUnits

+```

+## Optional query parameters

+This method supports the `$count`, `$select`, `$search`, `$filter`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_administrativeunits"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/administrativeUnits

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits",

+ "value": [

+ {

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "isMemberManagementRestricted": null,

+ "visibility": "HiddenMembership",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null

+ }

+ ]

+}

+```

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "List administrativeUnits",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+ Title: "Create administrativeUnit"

+description: "Use this API to create a new administrativeUnit."

+ms.localizationpriority: medium

+# Create administrativeUnit

+Namespace: microsoft.graph

+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /administrativeUnits

+POST /directory/administrativeUnits

+```

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required. |

+| Content-type | application/json. Required. |

+## Request body

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.

+## Response

+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_administrativeunit_from_administrativeunits"

+}-->

+```http

+POST https://graph.microsoft.com/beta/administrativeUnits

+Content-type: application/json

+{

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",

+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+## See also

+- [Add custom data to resources using extensions](/graph/extensibility-overview)

+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)

+<!--

+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)

+-->

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "Create administrativeUnit",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group. If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role which allows them to modify groups. If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.

+To add an Azure AD application as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadApplication` and the value of the **originId** is the identifier of the [servicePrincipal](../resources/serviceprincipal.md). If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role which allows them to modify application role assignments.

+To add a SharePoint Online site as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `SharePointOnline` and the value of the **originId** is the URI of the [site](../resources/site.md). If using delegated permissions, the user should be in the the SharePoint Administrator role. If using application permissions, the application requesting to add the site should also be assigned the `Sites.FullControl.All` permission. To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:

+To remove a resource from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences&$expand=exceptionOccurrences

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|

+ "id":"GUID",

+ "id":"GUID",

+ "id":"GUID",

+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of a [list][] object.

+## Response

+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.

+## Examples

+### Request

+The following is an example of how to create a new generic list.

+> **Note:** Custom columns are optional.

+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.

+If the **list** facet or **template** is not specified, the list defaults to the `genericList` template, which includes a _Title_ column.

+### Response

+The following is an example of the response.

+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.

+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.

+### Request

+The following is an example of a request.

+ "displayName": "Project expenses",

+ "color": "preset9"

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",

+ "id": "bac262b7-485d-4739-b436-e31467d64fac",

+ "displayName": "Project expenses",

+ "color": "preset9"

+>**Note:** Inviting multiple participants in one request is only supported for group calls.

+If successful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.

+### Example 1: Invite one participant to an existing call

+ "status": "completed",

+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",

+ "resultInfo": null

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+> [!NOTE]

+> A service principal can retrieve its own application and service principal details without being granted any application permissions.

+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.

+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.

+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.

+| keyId | Guid | The unique identifier for the password.|

+| keyId | Guid | The unique identifier for the password. Required. |

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.

+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.

+ "name": "get_group_termstore"

+ "name": "get_group_termstore_sites"

+## Examples

+### Example 1: Assign licenses to the signed-in user

+#### Request

+ "addLicenses": [

+ {

+ "disabledPlans": [

+ "8a256a2b-b617-496d-b51b-e76466e88db0"

+ ],

+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"

+ },

+ {

+ "disabledPlans": [],

+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"

+ }

+ ],

+ "removeLicenses": []

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.user"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "accountEnabled": true,

+ "assignedLicenses": [

+ {

+ "disabledPlans": [

+ "8a256a2b-b617-496d-b51b-e76466e88db0"

+ ],

+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"

+ },

+ {

+ "disabledPlans": [],

+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"

+ }

+ ],

+ "city": "Nairobi",

+ "companyName": "Contoso"

+}

+```

+### Example 2: Remove licenses from the signed-in user

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "user_assignlicense_removelicenses"

+}-->

+ "addLicenses": [],

+ "removeLicenses": [

+ "f30db892-07e9-47e9-837c-80727f46fd3d",

+ "84a661c4-e949-4bd2-a560-ed7766fcaf2b"

+ ]

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+ "assignedLicenses": [],

+ "city": "Nairobi",

+ "companyName": "Contoso"

+If successful, this method returns a `200 OK` response code.

+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.

+### Request

+ "blockType": "ignored",

+### Response

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Edm.Boolean",

+ "value": true

+}

+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.

+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.

+ Title: "List snapshots"

+description: "Get a list of cloudPcSnapshot objects and their properties."

+ms.localizationpriority: medium

+# List snapshots

+Namespace: microsoft.graph

+Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/virtualEndpoint/snapshots

+```

+## Optional query parameters

+This method supports the `$filter` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_cloudpcsnapshot"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.cloudPcSnapshot",

+ "isCollection": true

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",

+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",

+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",

+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",

+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",

+ "status": "ready"

+ }

+ ]

+}

+```

+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",

+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",

+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",

+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",

+description: "Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration."

+Delete the tenant-customized [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object and restore the default configuration.

+The following response object shows an x509CertificateAuthenticationMethodConfiguration with its default configuration.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",

+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",

+ "id": "X509Certificate",

+ "state": "disabled",

+ "certificateUserBindings": [

+ {

+ "x509CertificateField": "PrincipalName",

+ "userProperty": "onPremisesUserPrincipalName",

+ "priority": 1

+ },

+ {

+ "x509CertificateField": "RFC822Name",

+ "userProperty": "userPrincipalName",

+ "priority": 2

+ }

+ ],

+ "authenticationModeConfiguration": {

+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",

+ "rules": []

+ },

+ "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('X509Certificate')/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets",

+ "includeTargets": [

+ {

+ "targetType": "group",

+ "id": "all_users",

+ "isRegistrationRequired": false

+ }

+ ]

+The following is an example of an update request with the following settings:

+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",

+ "id": "X509Certificate",

+ "state": "enabled",

+ "certificateUserBindings": [

+ {

+ "x509CertificateField": "PrincipalName",

+ "userProperty": "onPremisesUserPrincipalName",

+ "priority": 1

+ }

+ ],

+ "authenticationModeConfiguration": {

+ "x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",

+ "rules": [

+ {

+ "x509CertificateRuleType": "issuerSubject",

+ "identifier": "CN=ContosoCA,DC=Contoso,DC=org ",

+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"

+ },

+ {

+ "x509CertificateRuleType": "policyOID",

+ "identifier": "1.2.3.4",

+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"

+ }

+ ]

+ },

+ "includeTargets": [

+ {

+ "targetType": "group",

+ "id": "all_users",

+ "isRegistrationRequired": false

+ }

+ ]

+ "blockType": "response"

+|accessPackageResourceRoles|[accessPackageResourceRole](accesspackageresourcerole.md) collection|The roles in each resource in a catalog. Read-only.|

+|accessPackageResourceScopes|[accessPackageResourceScope](accesspackageresourcescope.md) collection|Read-only.|

+|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.Supports `$expand`.|

+| servicePlanId | Guid | The plan identifier of the service plan to activate. |

+| skuId | Guid | The SKU identifier of the service plan. |

+ "service": "String",

+ "skuId": "Guid",

+ "servicePlanId": "Guid"

+ "id": "GUID",

+ "type": "String"

+An administrative unit provides a conceptual container for user, group, and device directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users, groups, and devices contained within or scoped to an administrative unit to a regional or departmental administrator.

+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|

+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|

+|[Add a member](../api/administrativeunit-post-members.md) |[directoryObject](directoryobject.md)| Add a member (user, group, or device).|

+|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user, group, and device) members.|

+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|

+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|

+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|

+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|

+The following is a JSON representation of the resource.

+ "description": "String",

+ "displayName": "String",

+ "id": "String (identifier)",

+ "visibility": "String"

+|appId|String|Refers to the unique identifier representing Application Id in the Azure Active Directory.|

+|servicePrincipalId|String|Refers to the unique identifier indicating Service Principal Id in Azure Active Directory for the corresponding App.|

+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |

+ "allowedMemberTypes": ["String"],

+ "description": "String",

+ "displayName": "String",

+ "id": "Guid",

+ "origin": "String",

+ "value": "String"

+ "id": "String",

+ "principalDisplayName": "String",

+ "principalId": "Guid",

+ "principalType": "String",

+ "resourceDisplayName": "String",

+ "resourceId": "Guid",

+ "appRoleId": "Guid"

+| primaryApprovers | [userSet](userset.md) collection| The users who will be asked to approve requests. A collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), include at least one **userSet** in this collection. |

+| escalationApprovers | [userSet](userset.md) collection| If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection.|

+ "disabledPlans": ["Guid"],

+ "skuId": "Guid"

+ "capabilityStatus": "String",

+ "service": "String",

+ "servicePlanId": "Guid"

+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification. |

+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. |

+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |

+- Choose or change the source of data emitted in specific claims

+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)

+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|

+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|

+ Title: "cloudPcSnapshot resource type"

+description: "Represents a Cloud PC snapshot."

+ms.localizationpriority: medium

+# cloudPcSnapshot resource type

+Namespace: microsoft.graph

+Represents a snapshot of the device settings of a Cloud PC that can be used to restore the device system.

+Inherits from [entity](../resources/entity.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of the [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|

+|[Get cloudPcSnapshot](../api/cloudpcsnapshot-get.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md)|Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|cloudPcId|String|The unique identifier for the Cloud PC.|

+|createdDateTime|DateTimeOffset|The date and time at which the snapshot was taken. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|

+|id|String|The unique identifier for the snapshot of the Cloud PC device at a specific point in time. Inherited from [entity](../resources/entity.md).|

+|lastRestoredDateTime|DateTimeOffset|The date and time at which the snapshot was last used to restore the Cloud PC device. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|

+|status|[cloudPcSnapshotStatus](#cloudpcsnapshotstatus-values)|The status of the Cloud PC snapshot. The possible values are: `ready`, `unknownFutureValue`.|

+### cloudPcSnapshotStatus values

+|Member|Description|

+|:|:|

+|ready|The snapshot is ready to restore the Cloud PC device.|

+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.cloudPcSnapshot",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",

+ "cloudPcId": "String",

+ "createdDateTime": "String (timestamp)",

+ "id": "String (identifier)",

+ "lastRestoredDateTime": "String (timestamp)",

+ "status": "String"

+}

+```

+|identitySources|[identitySource](identitySource.md) collection| The identity sources in this connected organization, one of [azureActiveDirectoryTenant](azureactivedirectorytenant.md), [domainIdentitySource](domainidentitysource.md) or [externalDomainFederation](externaldomainfederation.md). Read-only. Nullable. Supports `$select` and `$filter`(`eq`). To filter by the derived types, you must declare the resource using its full OData cast, for example, `$filter=identitySources/any(is:is/microsoft.graph.azureActiveDirectoryTenant/tenantId eq 'bcfdfff4-cbc3-43f2-9000-ba7b7515054f')`.|

+|[List memberOf](../api/device-list-memberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a direct member of. |

+|[List transitive memberOf](../api/device-list-transitivememberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a member of. This operation is transitive. |

+|memberOf|[directoryObject](directoryobject.md) collection|Groups and administrative units that this device is a member of. Read-only. Nullable. Supports `$expand`. |

+|transitiveMemberOf |[directoryObject](directoryobject.md) collection| Groups and administrative units that this device is a member of. This operation is transitive. Supports `$expand`. |

+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |

+| Member |

+|:|

+|modification|

+|suggestion|

+ "id": "String (identifier)",

+ Title: List resource

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- { "blockType": "resource",

+ "@odata.type": "microsoft.graph.list",

+ "keyProperty": "id",

+ "optionalProperties": [ "items", "drive"] } -->

+```json

+{

+ "activities": [{"@odata.type": "microsoft.graph.itemActivity"}],

+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],

+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],

+ "displayName": "title of list",

+ "drive": { "@odata.type": "microsoft.graph.drive" },

+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],

+ "list": {

+ "@odata.type": "microsoft.graph.listInfo",

+ "hidden": false,

+ "template": "documentLibrary | genericList | survey | links | announcements | contacts ..."

+ },

+ "system": false,

+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],

+ /* inherited from baseItem */

+ "id": "string",

+ "name": "name of list",

+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },

+ "createdDateTime": "timestamp",

+ "description": "description of list",

+ "eTag": "string",

+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },

+ "lastModifiedDateTime": "timestamp",

+ "webUrl": "url to visit the list in a browser"

+}

+```

+ "id": "Guid",

+ "adminConsentDisplayName": "String",

+ "adminConsentDescription": "String",

+ "userConsentDisplayName": "String",

+ "userConsentDescription": "String",

+ "value": "String",

+ "type": "String",

+| Property | Type | Description |

+|id|Guid|The unique identifier of an [app role](approle.md) or [delegated permission](permissionScope.md) exposed by the resource application. For delegated permissions, this should match the **id** property of one of the [delegated permissions](permissionscope.md) in the **oauth2PermissionScopes** collection of the resource application's [service principal](serviceprincipal.md). For app roles (application permissions), this should match the **id** property of an [app role](approle.md) in the **appRoles** collection of the resource application's [service principal](serviceprincipal.md).|

+|type|String|Specifies whether the **id** property references a [delegated permission](permissionscope.md) or an [app role](approle.md) (application permission). The possible values are: `Scope` (for delegated permissions) or `Role` (for app roles).|

+ "id": "Guid",

+|riskEventType|string|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. <br/> For more information about each value, see [riskEventType values](#riskeventtype-values).|

+### riskEventType values

+| Member | Description |

+|--|--|

+| unlikelyTravel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |

+| anonymizedIPAddress | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |

+| maliciousIPAddress | Indicates sign-ins from IP addresses known to be malicious. Deprecated and no longer generated for new detections. |

+| unfamiliarFeatures | Indicates sign-ins with characteristics that deviate from past sign-in properties. |

+| malwareInfectedIPAddress | Indicates sign-ins from IP addresses infected with malware |

+| suspiciousIPAddress | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |

+| leakedCredentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |

+| investigationsThreatIntelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |

+| generic | Indicates that the user was not enabled for Identity Protection. |

+| adminConfirmedUserCompromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyusers-confirmcompromised.md). |

+| mcasImpossibleTravel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |

+| mcasSuspiciousInboxManipulationRules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|

+| investigationsThreatIntelligenceSigninLinked | Identifies activity that is unusual with known attack patterns based on threat intelligence |

+| maliciousIPAddressValidCredentialsBlockedIP | Indicates that sign-in was made with valid credentials from a malicious IP address. |

+| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |

+The Microsoft Search API provides a [query](../api/search-query.md) method to search across your data in Microsoft Search, where you pass a [searchRequest](searchrequest.md) in the request body, defining the specifics of your search.

+This section lists the common use cases of the **query** method, based on the properties and parameters you set in the **query** [searchRequest](searchrequest.md) body.

+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).

+To get the result template in the [searchResponse](searchresponse.md), you have to set **true** the **enableResultTemplate** property, defined in the [resultTemplateOptions](./resulttemplateoption.md), in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [search hit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is included in the response.

+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true) for the typos in the query. Optional.|

+ "enableModification": "Boolean",

+ "enableSuggestion": "Boolean"

+|Relationship|Type|Description|

+ "appliesTo": "String",

+ "provisioningStatus": "String",

+ "servicePlanId": "Guid",

+ "servicePlanName": "String"

+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications.Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|

+ "alternativeNames": "String",

+ "appDisplayName": "String",

+ "appId": "String",

+ "appOwnerOrganizationId": "Guid",

+ "applicationTemplateId": "String",

+ "disabledByMicrosoftStatus": "String",

+ "displayName": "String",

+ "errorUrl": "String",

+ "homepage": "String",

+ "id": "String (identifier)",

+ "loginUrl": "String",

+ "logoutUrl": "String",

+ "notificationEmailAddresses": ["String"],

+ "preferredSingleSignOnMode": "String",

+ "preferredTokenSigningKeyThumbprint": "String",

+ "replyUrls": ["String"],

+ "samlMetadataUrl": "String",

+ "servicePrincipalNames": ["String"],

+ "servicePrincipalType": "String",

+ "tags": ["String"],

+ "appliesTo": "String",

+ "capabilityStatus": "String",

+ "id": "String (identifier)",

+ "skuId": "Guid",

+ "skuPartNumber": "String"

+Represents a container for APIs to manage Cloud PCs.

+Use the Cloud PC API to provision and manage virtual desktops for employees in an organization, or along with the [Intune API](../resources/intune-graph-overview.md) to manage physical and virtual endpoints.

+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|

+|id|String|The unique identifier for the virtual endpoint. Read-only.|

+|auditEvents|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|Cloud PC audit event.|

+|organizationSettings|[cloudPcOrganizationSettings](../resources/cloudpcorganizationsettings.md) |The Cloud PC organization settings for a tenant. |

+|snapshots|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Cloud PC snapshots.|

+|supportedRegions|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|Cloud PC supported regions.|

+|userSettings|[cloudPcUserSetting](../resources/cloudpcusersetting.md) collection|Cloud PC user settings. |

+| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | Yes |

+| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | Yes |

+| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | Yes |

+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration.|

+ "completedDateTime": "2019-10-26T22:55:11.623Z",

+### Request

+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits/$entity",

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null,

+ "visibility": "HiddenMembership"

+# Update administrativeUnit

+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.

+### Request

+PATCH https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+ "displayName": "Greater Seattle District Technical Schools"

+### Response

+| keyId | Guid | The unique identifier for the password.|

+| keyId | Guid | The unique identifier for the password. Required. |

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+ocp-client-name: "My Friendly Client"

+ocp-client-version: "1.2"

+The following is an example of a request.

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|

+If successful, this method returns a `201 Created` response code and the newly created **chat** resource in the response body.

+### Example 4: Create a group chat with tenant guest user

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_chat_group"

+}

+-->

+``` http

+POST https://graph.microsoft.com/v1.0/chats

+Content-Type: application/json

+{

+ "chatType": "group",

+ "topic": "Group chat title",

+ "members": [

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["guest"],

+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chat"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#chats/$entity",

+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",

+ "topic": "Group chat title",

+ "createdDateTime": "2020-12-04T23:11:16.175Z",

+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",

+ "chatType": "group"

+}

+```

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.

+The following is an example of a request.

+The following is an example of the response.

+ Title: "List administrativeUnits"

+description: "Retrieve a list of administrativeUnit objects."

+ms.localizationpriority: medium

+# List administrativeUnits

+Namespace: microsoft.graph

+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /directory/administrativeUnits

+```

+## Optional query parameters

+This method supports the `$count`, `$select`, `$search`, `$filter` (`eq`), and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_administrativeunits"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits",

+ "value": [

+ {

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null,

+ "visibility": "HiddenMembership"

+ }

+ ]

+}

+```

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "List administrativeUnits",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+ Title: "Create administrativeUnit"

+description: "Use this API to create a new administrativeUnit."

+ms.localizationpriority: medium

+# Create administrativeUnit

+Namespace: microsoft.graph

+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /directory/administrativeUnits

+```

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required. |

+| Content-type | application/json. Required. |

+## Request body

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.

+## Response

+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_administrativeunit_from_administrativeunits"

+}-->

+```http

+POST https://graph.microsoft.com/v1.0/directory/administrativeUnits

+Content-type: application/json

+{

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#administrativeUnits/$entity",

+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+## See also

+- [Add custom data to resources using extensions](/graph/extensibility-overview)

+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)

+<!--

+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)

+-->

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "Create administrativeUnit",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+ "completedDateTime": "2019-10-26T22:55:11.623Z",

+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|

+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.

+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.

+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",

+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",

+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of a [list][] object.

+## Response

+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.

+## Examples

+### Request

+The following is an example of how to create a new generic list.

+> **Note:** Custom columns are optional.

+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.

+If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.

+The following is an example of the response.

+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.

+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.

+### Request

+The following is an example of a request.

+ "displayName": "Project expenses",

+ "color": "preset9"

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",

+ "id": "bac262b7-485d-4739-b436-e31467d64fac",

+ "displayName": "Project expenses",

+ "color": "preset9"

+>**Note:** Inviting multiple participants in one request is only supported for group calls.

+If successful, this method returns a `200 OK` response code and a location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request.

+### Example 1: Invite one participant to an existing call

+ "status": "completed",

+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",

+ "resultInfo": null

+description: "Retrieve the properties and relationships of servicePrincipal object."

+> [!NOTE]

+> A service principal can retrieve its own application and service principal details without being granted any application permissions.

+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.

+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.

+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.

+| keyId | Guid | The unique identifier for the password.|

+| keyId | Guid | The unique identifier for the password. Required. |

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.

+See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.

+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.

+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.

+ "name": "get_group_termstore"

+ "skuId": "45715bb8-13f9-4bf6-927f-ef96c102d394"

+> **Note:** Getting a user returns a default set of properties only (*businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName*). Use `$select` to get the other properties and relationships for the [user](../resources/user.md) object.

+>

+> This request might have replication delays for users that were recently created, updated, or deleted.

+>**Note:** This request might have replication delays for users that were recently created, updated, or deleted.

+If successful, this method returns a `200 OK` response code.

+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.

+### Request

+ "blockType": "ignored",

+### Response

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean",

+ "value": true

+}

+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.

+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.

+|completedDateTime|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|

+ "completedDateTime": "String (timestamp)",

+ "id": "Guid",

+ "type": "String"

+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|

+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|

+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|

+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|

+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|

+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|

+ Title: "alterationResponse resource type"

+description: "Provides information related to spelling corrections in the alteration response."

+ms.localizationpriority: medium

+# alterationResponse resource type

+Namespace: microsoft.graph

+Provides information related to spelling corrections in the alteration response.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|originalQueryString|String| Defines the original user query string.|

+|queryAlteration|[searchAlteration](searchalteration.md)| Defines the details of the alteration information for the spelling correction.|

+|queryAlterationType|searchAlterationType| Defines the type of the spelling correction. Possible values are: `suggestion`, `modification`.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.alterationResponse",

+ "baseType": null

+}-->

+```json

+{

+ "originalQueryString": "String",

+ "queryAlteration": "String",

+ "queryAlterationType": "String"

+}

+```

+ Title: "alteredQueryToken resource type"

+description: "Represents changed segments related to an original user query."

+ms.localizationpriority: medium

+# alteredQueryToken resource type

+Namespace: microsoft.graph

+Represents changed segments related to an original user query.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|length|Int32| Defines the length of a changed segment.|

+|offset|Int32| Defines the offset of a changed segment.|

+|suggestion|String| Represents the corrected segment string.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.alteredQueryToken",

+ "baseType": null

+}-->

+```json

+{

+ "length": "Int32",

+ "offset": "Int32",

+ "suggestion": "String"

+}

+```

+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |

+ "allowedMemberTypes": ["String"],

+ "description": "String",

+ "displayName": "String",

+ "id": "Guid",

+ "origin": "String",

+ "value": "String"

+ "id": "String",

+ "principalDisplayName": "String",

+ "principalId": "Guid",

+ "principalType": "String",

+ "resourceDisplayName": "String",

+ "resourceId": "Guid",

+ "appRoleId": "Guid"

+ "disabledPlans": ["Guid"],

+ "skuId": "Guid"

+ "capabilityStatus": "String",

+ "service": "String",

+ "servicePlanId": "Guid"

+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification. |

+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. |

+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |

+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)

+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|

+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|

+| permissionId | String | The unique identifier (**id**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |

+ "id": "String (identifier)",

+ "permissionId": "String",

+ "permissionName": "String"

+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |

+ "result": "String",

+ "description": "String ",

+ "displayName": "String",

+ "externalPartnerTenantId": "String (identifier)",

+ "id": "String (identifier)",

+ "objectType": "String"

+### searchAlterationType values

+| Member |

+|:|

+|modification|

+|suggestion|

+ "id": "String (identifier)",

+ Title: List resource

+## JSON representation

+The following is a JSON representation of the resource.

+<!--{

+ "blockType": "resource",

+ "optionalProperties": [

+ "items",

+ "drive"

+ ],

+ "keyProperty": "id",

+ "baseType": "microsoft.graph.baseItem",

+ "@odata.type": "microsoft.graph.list"

+}-->

+```json

+{

+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],

+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],

+ "displayName": "title of list",

+ "drive": { "@odata.type": "microsoft.graph.drive" },

+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],

+ "list": {

+ "@odata.type": "microsoft.graph.listInfo",

+ "hidden": false,

+ "template": "documentLibrary | genericList | survey | links | announcements | contacts | accessRequest ..."

+ },

+ "system": false,

+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],

+ /* inherited from baseItem */

+ "id": "string",

+ "name": "name of list",

+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },

+ "createdDateTime": "timestamp",

+ "description": "description of list",

+ "eTag": "string",

+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },

+ "lastModifiedDateTime": "timestamp",

+ "parentReference": { "@odata.type": "microsoft.graph.itemReference" },

+ "sharepointIds": { "@odata.type": "microsoft.graph.sharepointIds" },

+ "webUrl": "url to visit the list in a browser"

+}

+```

+ "id": "Guid",

+ "adminConsentDisplayName": "String",

+ "adminConsentDescription": "String",

+ "userConsentDisplayName": "String",

+ "userConsentDescription": "String",

+ "value": "String",

+ "type": "String",

+| Property | Type | Description |

+ "id": "Guid",

+ Title: "resultTemplate resource type"

+description: "Represents a dictionary of resultTemplateIds and associated values, which include the name and JSON schema of the result templates."

+ms.localizationpriority: medium

+# resultTemplate resource type

+Namespace: microsoft.graph

+Represents a dictionary of **resultTemplateIds** and associated values, which includes the name and JSON schema of the result templates.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|body|Json|JSON schema of the result template.|

+|displayName|String|Name of the result template.|

+|key|String|ID of a result template. The **key** property must map to a **resultTemplateId** in the [searchHit](searchhit.md) collection.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.resultTemplate",

+ "baseType": null

+}-->

+```json

+{

+ "resultTemplateId": {

+ "displayName": "String",

+ "body":{

+ "@odata.type":"microsoft.graph.Json"

+ }

+ }

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "resultTemplate resource",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "resultTemplateOption resource type"

+description: "Provides the search result template options to render search results from connectors."

+ms.localizationpriority: medium

+# resultTemplateOption resource type

+Namespace: microsoft.graph

+Provides the search result template options to render search results from connectors.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|enableResultTemplate|Boolean|Indicates whether search display layouts are enabled. If enabled, the user will get the result template to render the search results content in the **resultTemplates** property of the [response](/graph/api/resources/searchresponse). The result template is based on [Adaptive Cards](https://adaptivecards.io/). Optional. |

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.resultTemplateOption",

+ "baseType": null

+}-->

+```json

+ {

+ "enableResultTemplate": "Boolean"

+ }

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "resultTemplateOption resource",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+|riskEventType|String|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. If the risk detection is a premium detection, will show `generic`. <br/>For more information about each value, see [riskEventType values](#riskeventtype-values).|

+### riskEventType values

+| Member | Description |

+|--|--|

+| unlikelyTravel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |

+| anonymizedIPAddress | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |

+| maliciousIPAddress | Indicates sign-ins from IP addresses known to be malicious. Deprecated and no longer generated for new detections. |

+| unfamiliarFeatures | Indicates sign-ins with characteristics that deviate from past sign-in properties. |

+| malwareInfectedIPAddress | Indicates sign-ins from IP addresses infected with malware |

+| suspiciousIPAddress | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |

+| leakedCredentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |

+| investigationsThreatIntelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |

+| generic | Indicates that the user was not enabled for Identity Protection. |

+| adminConfirmedUserCompromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyuser-confirmcompromised.md). |

+| mcasImpossibleTravel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |

+| mcasSuspiciousInboxManipulationRules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|

+| investigationsThreatIntelligenceSigninLinked | Identifies activity that is unusual with known attack patterns based on threat intelligence |

+| maliciousIPAddressValidCredentialsBlockedIP | Indicates that sign-in was made with valid credentials from a malicious IP address. |

+| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |

+|[Request spelling correction](#request-spelling-correction)| **queryAlterationOptions** |

+|[Search display layout](#search-display-layout) (preview)| **resultTemplateOptions**|

+For examples that show how to use aggregation to enhance and narrow down search results, see [Refine search results](/graph/search-concept-aggregation).

+## Request spelling correction

+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).

+In the request body of the [query](/graph/api/search-query) method, specify the **queryAlterationOptions** that should be applied to the query for the spelling corrections. The description of **queryAlterationOptions** is defined in the [searchRequest](./searchrequest.md).

+For examples that show how to use spelling corrections, see [Request spelling correction](/graph/search-concept-speller).

+## Search display layout

+The search API allows you to render search results from [connectors](/microsoftsearch/connectors-overview) by using the display layout or the result template configured by the IT admin for each connector. The result templates are [Adaptive Cards](https://adaptivecards.io/), which are a semantically meaningful combination of layout and data.

+To get the result template in the [searchResponse](searchresponse.md) you have to set the **enableResultTemplate** property to **true**, which is defined in the [resultTemplateOptions](./resulttemplateoption.md) in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [searchHit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is part of the response.

+For examples that show how to render search results, see [Use search display layout](/graph/search-concept-display-layout).

+ - [Request spelling correction](/graph/search-concept-speller)

+ - [Use search display layout](/graph/search-concept-display-layout)

+ Title: "searchAlteration resource type"

+description: "Provides the details about the search alteration for spelling correction."

+ms.localizationpriority: medium

+# searchAlteration resource type

+Namespace: microsoft.graph

+Provides the details about the search alteration for spelling correction.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|alteredHighlightedQueryString|String| Defines the altered highlighted query string with spelling correction. The annotation around the corrected segment is: `\ue000, \ue001`.|

+|alteredQueryString|String| Defines the altered query string with spelling correction.|

+|alteredQueryTokens|[alteredQueryToken](alteredquerytoken.md) collection| Represents changed segments related to an original user query.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.searchAlteration",

+ "baseType": null

+}-->

+```json

+{

+ "alteredHighlightedQueryString": "String",

+ "alteredQueryString": "String",

+ "alteredQueryTokens": [{"@odata.type": "microsoft.graph.alteredQueryToken"}]

+}

+```

+ Title: "searchAlterationOptions resource type"

+description: "Provides the search alteration options for spelling correction."

+ms.localizationpriority: medium

+# searchAlterationOptions resource type

+Namespace: microsoft.graph

+Provides the search alteration options for spelling correction.

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|enableModification|Boolean|Indicates whether spelling modifications are enabled. If enabled, the user will get the search results for the corrected query *in case of no results* for the original query with typos. The [response](/graph/api/resources/searchresponse) will also include the spelling modification information in the **queryAlterationResponse** property. Optional.|

+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse) for the typos in the query. Optional.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.searchAlterationOptions",

+ "baseType": null

+}-->

+```json

+{

+ "enableModification": "Boolean",

+ "enableSuggestion": "Boolean"

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "searchAlterationOptions resource",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+|contentSource|String|The name of the content source which the **externalItem** is part of .|

+|resultTemplateId|String|ID of the result template used to render the search result. This ID must map to a display layout in the **resultTemplates** dictionary that is also included in the [searchResponse](searchresponse.md).|

+|summary|String|A summary of the result, if a summary is available.|

+ "hitId": "String",

+ "rank": "Int32",

+ "resultTemplateId": "String",

+ "resource": { "@odata.type": "microsoft.graph.entity" },

+ "summary": "String"

+| Property | Type | Description|

+|:-|:|:|

+|aggregations|[aggregationOption](aggregationOption.md) collection|Specifies aggregations (also known as refiners) to be returned alongside search results. Optional.|

+|fields|String collection |Contains the fields to be returned for each resource object specified in **entityTypes**, allowing customization of the fields returned by default; otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive, or custom fields in **externalItem** from the content that Microsoft Graph connectors bring in. The **fields** property can use the [semantic labels](/microsoftsearch/configure-connector#step-6-assign-property-labels) applied to properties. For example, if a property is labeled as title, you can retrieve it using the following syntax: `label_title`. Optional.|

+|queryAlterationOptions|[searchAlterationOptions](searchalterationoptions.md)|Query alteration options formatted in a JSON blob that contains two optional flags related to spelling correction. Optional. |

+|resultTemplateOptions|[resultTemplateOption](resulttemplateoption.md) collection|Provides the search result template options to render search results from connectors.|

+ "aggregationFilters": ["String"],

+ "aggregations": {"@odata.type": "microsoft.graph.aggregationOption"},

+ "enableTopResults": "Boolean",

+ "from": "Int32",

+ "query": {"@odata.type": "microsoft.graph.searchQuery"},

+ "queryAlterationOptions": {"@odata.type": "microsoft.graph.searchAlterationOptions"},

+ "resultTemplateOptions": [{"@odata.type": "microsoft.graph.resultTemplateOption"}],

+ "size": "Int32"

+- Use [display layout](/graph/search-concept-display-layout.md)

+- Enable [spell corrections](/graph/search-concept-speller) in search results

+|resultTemplates|[resultTemplate](resulttemplate.md) collection|A dictionary of **resultTemplateIds** and associated values, which include the name and JSON schema of the result templates.|

+|queryAlterationResponse|[alterationResponse](alterationresponse.md)|Provides information related to spelling corrections in the alteration response.|

+ "queryAlterationResponse": {"@odata.type": "microsoft.graph.alterationResponse"},

+ "resultTemplates": [{"@odata.type":"microsoft.graph.resultTemplateDictionary"}],

+|Relationship|Type|Description|

+ "appliesTo": "String",

+ "provisioningStatus": "String",

+ "servicePlanId": "Guid",

+ "servicePlanName": "String"

+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications. Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|

+ "alternativeNames": ["String"] ,

+ "appDisplayName": "String",

+ "appId": "String",

+ "appOwnerOrganizationId": "Guid",

+ "disabledByMicrosoftStatus": "String",

+ "displayName": "String",

+ "homepage": "String",

+ "id": "String (identifier)",

+ "logoutUrl": "String",

+ "notes": "String",

+ "replyUrls": ["String"],

+ "servicePrincipalNames": ["String"],

+ "servicePrincipalType": "String",

+ "tags": ["String"],

+ "appliesTo": "String",

+ "capabilityStatus": "String",

+ "id": "String (identifier)",

+ "skuId": "Guid",

+ "skuPartNumber": "String"

+Both **mail** and **proxyAddresses** can be retrieved through the [GET user](/graph/api/user-get) API on MS Graph. **mail** can be updated via the [PATCH method of the Update user](/graph/api/user-update) API, but **proxyAddresses** can't be updated via Microsoft Graph. When a user's **mail** property is updated, it triggers recalculation of **proxyAddresses** and the newly updated mail is set to be the primary proxy address, except in the following scenarios:

+ - name: Policies

+ - name: Overview

+ href: resources/policy-overview.md