Updates from: 02/28/2022 02:12:00
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackageassignmentpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-get.md
If successful, this method returns a `200 OK` response code and the requested [a
## Examples
-### Request
+### Example 1: Retrieve a policy
+
+#### Request
The following is an example of the request.
The following is an example of the request.
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/{id}
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/b2eba9a1-b357-42ee-83a8-336522ed6cbf
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-accesspackageassignmentpolicy-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
-### Response
+#### Response
The following is an example of the response.
Content-type: application/json
} ```
+### Example 2: Retrieve the custom extension handlers for a policy
+
+#### Request
+
+The following is an example of a request to retrieve the collection of custom extension handlers that are defined for a policy and their associated custom workflow extension.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_accesspackageassignmentpolicy_expand_customextensionhandlers"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197?$expand=customExtensionHandlers($expand=customExtension)
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "canExtend": true,
+ "durationInDays": 0,
+ "expirationDateTime": null,
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "accessReviewSettings": null,
+ "requestorSettings": {
+ "scopeType": "AllExistingDirectorySubjects",
+ "acceptRequests": true,
+ "allowedRequestors": []
+ },
+ "requestApprovalSettings": {
+ "isApprovalRequired": false,
+ "isApprovalRequiredForExtension": false,
+ "isRequestorJustificationRequired": false,
+ "approvalMode": "NoApproval",
+ "approvalStages": []
+ },
+ "customExtensionHandlers": [
+ {
+ "id": "5a38d27a-b702-48d9-ac72-dcf158ba1b0d",
+ "stage": "assignmentRequestCreated",
+ "customExtension": {
+ "id": "219f57b6-7983-45a1-be01-2c228b7a43f8",
+ "displayName": "test_action_1",
+ "description": "Test logic app",
+ "createdDateTime": "2022-01-11T05:19:16.97Z",
+ "lastModifiedDateTime": "2022-01-11T05:19:16.97Z",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "resourcegroup",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+ }
+ }
+ ]
+}
+```
+ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Accesspackageassignmentpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-update.md
The following table shows the properties that are required when you update an [a
If successful, this method returns a `200 OK` response code and an updated [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object in the response body. - ## Examples
-### Request
+### Example 1: Update the details of a policy
+
+#### Request
In this policy update, one of the options for the multiple choice question was removed. Future requestors will no longer have the removed option available to them.
Content-Type: application/json
-### Response
+#### Response
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
} ``` ++
+### Example 2: Remove the customExtensionHandlers from a policy
+
+To remove the collection of **customExtensionHandlers** and their associated custom workflow extension objects from a policy, assign an empty collection to the **customExtensionHandlers** object.
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_accesspackageassignmentpolicy_delete_customExtensionHandlers"
+}
+-->
+
+```http
+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197
+Content-Type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "expiration": {
+ "type": "afterDuration",
+ "duration": "P365D"
+ },
+ "requestApprovalSettings": null,
+ "requestorSettings": {
+ "acceptRequests": true,
+ "scopeType": "AllExistingDirectorySubjects",
+ "allowedRequestors": []
+ },
+ "accessReviewSettings": null,
+ "customExtensionHandlers": []
+}
+```
+++
+#### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"
+}
+-->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "expiration": {
+ "type": "afterDuration",
+ "duration": "P365D"
+ },
+ "requestApprovalSettings": null,
+ "requestorSettings": {
+ "acceptRequests": true,
+ "scopeType": "AllExistingDirectorySubjects",
+ "allowedRequestors": []
+ },
+ "accessReviewSettings": null
+}
+```
+ <!-- { "type": "#page.annotation",
v1.0 Accesspackageassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentrequest-get.md
HTTP/1.1 200 OK
Content-type: application/json {
- "id": "433dafca-5047-4614-95f7-a03510b1ded3",
- "requestType": "AdminAdd",
- "requestState": "Delivered",
- "requestStatus": "Fulfilled",
- "isValidationOnly": false,
- "createdDateTime": "2019-10-25T22:55:11.623Z"
+ "id": "c0cfd117-f90e-4f48-8226-e282a2ae752c",
+ "requestType": "UserAdd",
+ "requestState": "delivered",
+ "requestStatus": "Delivered",
+ "createdDateTime": "2022-01-07T00:51:12.817Z",
+ "completedDate": "2022-01-07T00:53:15.127Z",
+ "schedule": {
+ "startDateTime": null,
+ "recurrence": null,
+ "expiration": {
+ "endDateTime": null,
+ "duration": null,
+ "type": "notSpecified"
+ }
+ },
+ "customExtensionHandlerInstances": [
+ {
+ "status": "requestReceived",
+ "externalCorrelationId": "08585600902100964604743022906CU13",
+ "customExtensionId": "e59ef33d-7bc4-4b15-8d3c-01153de8a498",
+ "stage": "assignmentRequestCreated"
+ }
+ ]
} ```
v1.0 Accesspackagecatalog List Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md
+
+ Title: "List customAccessPackageWorkflowExtensions"
+description: "Get a list of the customAccessPackageWorkflowExtension objects and their properties."
+
+ms.localizationpriority: medium
++
+# List customAccessPackageWorkflowExtensions
+Namespace: microsoft.graph
++
+Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties. The resulting list includes all the **customAccessPackageWorkflowExtension** objects for the catalog that the caller has access to read.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
+```
+
+## Optional query parameters
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For example, to search for access packages with a particular name, include a filter such as `$filter=contains(tolower(displayName),'team')` in the query. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_customaccesspackageworkflowextension"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.customAccessPackageWorkflowExtension)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions",
+ "value": [
+ {
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.15Z",
+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "test",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+ }
+ ]
+}
+```
v1.0 Accesspackagecatalog Post Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md
+
+ Title: "Create customAccessPackageWorkflowExtensions"
+description: "Create a new customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Create customAccessPackageWorkflowExtensions
+Namespace: microsoft.graph
++
+Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object and add it to an existing [accessPackageCatalog](../resources/accesspackagecatalog.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.
+
+You can specify the following properties when creating a **customAccessPackageWorkflowExtension**.
+
+|Property|Type|Description|
+|:|:|:|
+|description|String|Description for the customAccessPackageWorkflowExtension object.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|
+++
+## Response
+
+If successful, this method returns a `201 Created` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_customaccesspackageworkflowextension_from_"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
+Content-Type: application/json
+
+{
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+}
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.1483656Z",
+ "lastModifiedDateTime": "2022-01-24T21:48:57.1483656Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+}
+```
+
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewhistorydefinition-list-instances.md
Content-Type: application/json
"value": [ { "id": "61a617dd-238f-4037-8fa5-d800e515f5bc",
- "status": "Done",
+ "status": "done",
"reviewHistoryPeriodStartDate": "2021-02-01T00:00:00Z", "reviewHistoryPeriodEndDate": "2021-03-01T00:00:00Z", "fulfilledDateTime": "2021-03-01T01:38:15.7998393Z",
v1.0 Accessreviewinstance List Stages https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstance-list-stages.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_accessreviewstage"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/16d424f6-0100-4bf1-9ebc-fe009c5e5006/instances/bb14c722-51b8-4962-9bd2-1d96ba773d80/stages ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewinstancedecisionitem Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-filterbycurrentuser.md
Content-Type: application/json
#### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewinstancedecisionitem_filterbycurrentuser_2"
Content-Type: application/json
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/stages/9458f255-dff2-4d86-9a05-69438f49d7f8/decisions/filterByCurrentUser(on='reviewer') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewinstancedecisionitem Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-get.md
Content-Type: application/json
### Example 2: Retrieve a decision from a stage of a multi-stage access review #### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewstage_accessreviewinstancedecisionitem"
Content-Type: application/json
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0/instances/6444d4fd-ab55-4608-8cf9-c6702d172bcc/stages/9458f255-dff2-4d86-9a05-69438f49d7f8/decisions/e6cafba0-cbf0-4748-8868-0810c7f4cc06 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewset Post Definitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewset-post-definitions.md
The following example creates an access review with the following settings:
#### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_accessReviewScheduleDefinition_group_multiStage"
Content-type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewstage Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-filterbycurrentuser.md
If successful, this function returns a `200 OK` response code and a [accessRevie
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewstage_filterbycurrentuser"
If successful, this function returns a `200 OK` response code and a [accessRevie
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/08531375-eff6-4e21-b1a8-de0eb37ec913/instances/86889534-b102-4226-bfce-0c2aeee845df/stages/filterByCurrentUser(on='reviewer') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-get.md
If successful, this method returns a `200 OK` response code and an [accessReview
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewstage"
If successful, this method returns a `200 OK` response code and an [accessReview
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/6af553ce-104d-4842-ab5f-67d7b556e9dd/instances/9ea56d3c-8746-4cdf-9ccc-c7fe1a267c24/stages/839ecbd4-ba5d-4d32-8249-e734aac47adf ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage List Decisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-list-decisions.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_stage_accessreviewinstancedecisionitem"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/16d424f6-0100-4bf1-9ebc-fe009c5e5006/instances/bb14c722-51b8-4962-9bd2-1d96ba773d80/stages/8f0a8999-205b-4c29-a68c-2bee353fd4c5/decisions ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Stop https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-stop.md
If successful, this action returns a `204 No Content` response code.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewstage_stop"
If successful, this action returns a `204 No Content` response code.
``` http POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/2b83cc42-09db-46f6-8c6e-16fec466a82d/instances/61a617dd-238f-4037-8fa5-d800e515f5bc/stages/5d431f4b-56f2-4a50-938b-fb1e4e2c91b9/stop ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-update.md
Attempting to remove existing **fallbackReviewers** returns a `409 Conflict` res
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accessreviewstage"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Administrativeunit Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete-members.md
Title: "Remove a member"
-description: "Use this API to remove a member (user or group) from an administrative unit."
+description: "Use this API to remove a member (user, group, or device) from an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to remove a member (user or group) from an administrative unit.
+Use this API to remove a member (user, group, or device) from an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
-Here is an example of the request. In the example below, id1 represents the identifier for the target administrative unit, and id2 represents the unique identifier for the member user or group to be removed from the targetted administrative unit.
+### Request
+The following is an example of the request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.
-```http
+```msgraph-interactive
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id1}/members/{id2}/$ref ```
-##### Response
-Here is an example of the response.
+### Response
+The following is an example of the response.
```http HTTP/1.1 204 No Content
v1.0 Administrativeunit Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /administrativeUnits/{id}- ``` ## Request headers | Name | Description|
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id}
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Administrativeunit Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-get-members.md
Title: "Get a member"
-description: "Use this API to get a specific member (user or group) in an administrative unit."
+description: "Use this API to get a specific member (user, group, or device) in an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to get a specific member (user or group) in an administrative unit.
+Use this API to get a specific member (user, group, or device) in an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [user](../resources/user.md) or [group](../resources/group.md) object in the response body.
+If successful, this method returns a `200 OK` response code and a [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of the request.
-```http
+```msgraph-interactive
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/{id} ```
-##### Response
-Here is an example of the respone. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
v1.0 Administrativeunit Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /administrativeUnits/{id}
+GET /directory/administrativeUnits/{id}
``` ## Optional query parameters This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [administrativeUnit](../resources/administrativeunit.md) object in the response body. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"name": "get_administrativeunit" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/administrativeUnits/{id}
+GET https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-administrativeunit-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/administrativeUnits/{id}
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "isMemberManagementRestricted": null,
+ "visibility": "HiddenMembership",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null
} ```
v1.0 Administrativeunit List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-list-members.md
Title: "List members"
-description: "Use this API to get the members list (user and group) in an administrative unit."
+description: "Use this API to get the members list (users, groups, and devices) in an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to get the members list (user and group) in an administrative unit.
+Use this API to get the members list (users, groups, and devices) in an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
GET /administrativeUnits/{id}/members GET /administrativeUnits/{id}/members/$ref ```
+## Optional query parameters
+This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.
+
+`$search` is supported on the **displayName** and **description** properties only. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
+ ## Request headers
-| Name |Description|
+| Header |Value|
|:-|:-| | Authorization | Bearer {token}. Required. |
+| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |
## Request body Do not supply a request body for this method. ## Response
-If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md) and/or [group](../resources/group.md) objects in the response body. Instead, if you put `$ref` at the end of the request, the response will contain a collection of `@odata.id` links/URLs to the members.
+If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) objects in the response body. Adding `$ref` at the end of the request returns a collection of only `@odata.id` URLs of the members.
## Examples
-##### List member objects
+### Example 1: List member objects
+
+#### Request
The following request will list the members of the administrative unit, returning a collection of users and/or groups. ```http GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members ```
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
Content-type: application/json
} ```
-##### List member references
+### Example 2: List member references
+
+#### Request
+ The following request will list the member references of the administrative unit, returning a collection of `@odata.id` references to the members.+ ``` GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/$ref ```
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+
+#### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
v1.0 Administrativeunit Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-post-members.md
Title: "Add a member"
-description: "Use this API to add a member (user or group) to an administrative unit."
+description: "Use this API to add a member (user, group, or device) to an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to add a member (user or group) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.
+Use this API to add a member (user, group, or device) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.
-**NOTE:** Currently it's only possible to add one member at a time to an administrative unit.`
+**Note:** Currently, it's only possible to add one member at a time to an administrative unit.`
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
POST /administrativeUnits/{id}/members
| Authorization | Bearer {token}. Required. | | Content-type | application/json. Required. |
-## Request body
### Adding an existing user or group
-In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), or [directoryObject](../resources/directoryobject.md) to be added.
+In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added.
### Creating a new group The following table shows the properties of the [group](../resources/group.md) resource to specify when you create a group in the administrative unit.
Content-type: application/json
-In the request body, provide the `id` of the [user](../resources/user.md) or [group](../resources/group.md) object you want to add.
+In the request body, provide the `id` of the [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object you want to add.
#### Response+ The following is an example of the response. <!-- {
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http PATCH /administrativeUnits/{id}
+PATCH /directory/administrativeUnits/{id}
``` ## Request headers
In the request body, supply the values for relevant fields that should be update
| Property | Type |Description| |:|:--|:-|
-|description|string|Description for the administrative unit.|
-|displayName|string|Display name for the administrative unit.|
-|visibility|string|Visibility for the administrative unit. If not set then the default is "public". Can be set to "HiddenMembership", which hides the membership from non-members.|
+|description|String|Description for the administrative unit.|
+|displayName|String|Display name for the administrative unit.|
-Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to
-add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
## Response
If successful, this method returns a `204 No Content` response code.
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
If successful, this method returns a `204 No Content` response code.
"name": "update_administrativeunit" }--> ```http
-PATCH https://graph.microsoft.com/beta/administrativeUnits/{id}
+PATCH https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value"
+ "displayName": "Greater Seattle District Technical Schools"
} ``` # [C#](#tab/csharp)
Content-type: application/json
-##### Response
+### Response
<!-- { "blockType": "response"
v1.0 Application Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).| ## Response
v1.0 Application Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-removepassword.md
POST /applications/{id}/removePassword
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Bitlocker List Recoverykeys https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bitlocker-list-recoverykeys.md
The response might also contain an `odata.nextLink`, which you can use to page t
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys?$filter=deviceId eq '1ab40ab2-32a8-4b00-b6b5-ba724e407de9'
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
v1.0 Bitlockerrecoverykey Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bitlockerrecoverykey-get.md
To get the specified BitLocker key without returning the **key** property:
} --> ``` http
-GET /informationProtection/bitlocker/recoveryKeys/'{bitlockeryRecoveryKeyId}'
+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}
``` To get the specified BitLocker key including its **key** property:
To get the specified BitLocker key including its **key** property:
} --> ``` http
-GET /informationProtection/bitlocker/recoveryKeys/'{bitlockeryRecoveryKeyId}'?$select=key
+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key
``` ## Optional query parameters
This method supports the `$select` OData query parameter to return the **key** p
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.| + ## Request body Do not supply a request body for this method.
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4?$select=key
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
+ocp-client-name: "My Friendly Client"
+ocp-client-version: "1.2"
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-bitlockerrecoverykey-4-csharp-snippets.md)]
v1.0 Bookingappointment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bookingappointment-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /bookingBusinesses/{id}/appointments/{id}- ``` ## Request headers | Name | Description|
Do not supply a request body for this method.
If successful, this method returns `204, No Content` response code. It does not return anything in the response body. ## Example
-##### Request
-The following is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/bookingBusinesses/Contosolunchdelivery@c
-##### Response
-The following is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/channel-list-tabs.md
Namespace: microsoft.graph
Retrieve the list of [tabs](../resources/teamstab.md) in the specified [channel](../resources/channel.md) within a [team](../resources/team.md).
+> **Note**: The Files tab is native to a channel or chat and is not returned by this API.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Chat Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/chat-post.md
The following table lists the properties that are required to create a chat obje
|:|:|:| |topic|(Optional) String|The title of the chat. The chat title can be provided only if the chat is of `group` type.| |chatType|[chatType](../resources/chat.md#chattype-values)| Specifies the type of chat. Possible values are: `group` and `oneOnOne`. |
-|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every single user, including the user initiating the create request, who will participate in the chat must be specified in this list.|
+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|
|installedApps| [teamsApp](../resources/teamsapp.md) collection|List of apps that should be installed in the chat.| > **Note:** Currently, only one app installation is supported. If multiple app installations are listed in the request, the response will be a `Bad Request` error.
Content-Type: application/json
} ```
+### Example 5: Create a group chat with tenant guest user
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_chat_group"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/chats
+Content-Type: application/json
+
+{
+ "chatType": "group",
+ "topic": "Group chat title",
+ "members": [
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["guest"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats/$entity",
+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",
+ "topic": "Group chat title",
+ "createdDateTime": "2020-12-04T23:11:16.175Z",
+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",
+ "chatType": "group",
+ "webUrl": "https://teams.microsoft.com/l/chat/19%3A1c5b01696d2e4a179c292bc9cf04e63b@thread.v2/0?tenantId=b33cbe9f-8ebe-4f2a-912b-7e2a427f477f"
+}
+```
+ ## See also - [Get teamsAsyncOperation](teamsasyncoperation-get.md)
v1.0 Cloudpcorganizationsettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcorganizationsettings-get.md
If successful, this method returns a `200 OK` response code and a [cloudPcOrgani
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_cloudpcorganizationsettings"
If successful, this method returns a `200 OK` response code and a [cloudPcOrgani
``` http GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/organizationSettings ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Cloudpcsnapshot Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcsnapshot-get.md
+
+ Title: "Get cloudPcSnapshot"
+description: "Read the properties and relationships of a cloudPcSnapshot object."
+
+ms.localizationpriority: medium
++
+# Get cloudPcSnapshot
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /deviceManagement/virtualEndpoint/snapshots/{cloudPcSnapshotId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of a request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_cloudpcsnapshot"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots/A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.cloudPcSnapshot"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",
+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",
+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",
+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",
+ "status": "ready"
+ }
+}
+```
+
v1.0 Columndefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/columndefinition-get.md
ms.prod: "sites-and-lists"
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]+ Retrieve the metadata for a [site][], [list][] or [contentType][] [column][columnDefinition]. ## Permissions
-
- One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-
- |Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Sites.Read.All, Sites.ReadWrite.All, Sites.Manage.All, Sites.FullControl.All |
GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{colu
## Request body
-
+Do not supply a request body for this method.
-Do not supply a request body with this method.
+## Response
+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.
- ## Example
-
- ### Request
-
-
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get_column_from_contenttype" } -->
GET /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
-
- ### Response
-
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "microsoft.graph.columnDefinition", "truncated": true } -->
v1.0 Crosstenantaccesspolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicy"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicy List Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-list-partners.md
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicy Post Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-post-partners.md
If successful, this method returns a `201 Created` response code and a [crossTen
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_crosstenantaccesspolicyconfigurationpartner_from_"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-update.md
The [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object si
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicy"
Content-Type: application/json
"displayName": "CrossTenantAccessPolicy", } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicyconfigurationdefault"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Resettosystemdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md
If successful, this action returns a `204 No Content` response code. To confirm
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "crosstenantaccesspolicyconfigurationdefault_resettosystemdefault"
If successful, this action returns a `204 No Content` response code. To confirm
``` http POST https://graph.microsoft.com/betefault ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicyconfigurationdefault"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-delete.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `204 No Content` response code.
``` http DELETE https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicyconfigurationpartner"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Customaccesspackageworkflowextension Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-delete.md
+
+ Title: "Delete customAccessPackageWorkflowExtension"
+description: "Delete a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Delete customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Delete a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object. The custom workflow extension must first be removed from any associated [policies](../resources/accesspackageassignmentpolicy.md) before it can be deleted. Follow these steps to remove the custom workflow extension from any associated policies:
+1. First retrieve the accessPackageCatalogId by calling the [Get accessPackageAssignmentPolicies](accesspackageassignmentpolicy-get.md) operation and appending `?$expand=accessPackage($expand=accessPackageCatalog)` to the query. For example, `https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies?$expand=accessPackage($expand=accessPackageCatalog)`.
+2. Use the access package catalog ID and retrieve the ID of the **customAccessPackageWorkflowExtension** object that you want to delete by running the [LIST customAccessPackageWorkflowExtensions](accesspackagecatalog-list-customaccesspackageworkflowextensions.md) operation.
+3. Call the [Update accessPackageAssignmentPolicy](accesspackageassignmentpolicy-update.md) operation to remove the custom workflow extension object from the policy. For an example, see [Example 2: Remove the customExtensionHandlers from a policy](accesspackageassignmentpolicy-update.md#example-2-remove-the-customextensionhandlers-from-a-policy).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "delete_customaccesspackageworkflowextension"
+}
+-->
+``` http
+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Response
+```
v1.0 Customaccesspackageworkflowextension Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-get.md
+
+ Title: "Get customAccessPackageWorkflowExtension"
+description: "Read the properties and relationships of a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Get customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object for an [accessPackageCatalog](../resources/accesspackagecatalog.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to retrieve specific properties. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_customaccesspackageworkflowextension"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.15Z",
+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "test",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+}
+```
+
v1.0 Customaccesspackageworkflowextension Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-update.md
+
+ Title: "Update customAccessPackageWorkflowExtension"
+description: "Update the properties of a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Update customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Update the properties of an existing [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PUT /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+|description|String|Description for the customAccessPackageWorkflowExtension object.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|
++
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_customaccesspackageworkflowextension"
+}
+-->
+``` http
+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.customAccessPackageWorkflowExtension",
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only"
+}
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+}
+```
+
v1.0 Device List Memberof https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/device-list-memberof.md
Title: "List device groups"
-description: "Get groups that this device is a direct member of. This operation is not transitive."
+ Title: "List memberOf"
+description: "Get groups or administrative units that this device is a direct member of. This operation is not transitive."
ms.localizationpriority: medium ms.prod: "directory-management" doc_type: apiPageType
-# List device groups
+# List memberOf
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get groups that this device is a direct member of. This operation is not transitive.
+Get [groups](../resources/group.md) and [administrative units](../resources/administrativeunit.md) that the device is a direct member of. This operation is not transitive.
## Permissions
This method supports the `$search`, `$count`, and `$filter` [OData query paramet
Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
-When items are added or updated for this resource, they are specially indexed for use with the `$count` and `$search` query parameters. There can be a slight delay between when an item is added or updated and when it is available in the index.
- ## Request headers | Header | Value | |:|:--|
v1.0 Directory List Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directory-list-administrativeunits.md
+
+ Title: "List administrativeUnits"
+description: "Retrieve a list of administrativeUnit objects."
+
+ms.localizationpriority: medium
++
+# List administrativeUnits
+
+Namespace: microsoft.graph
++
+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+GET /administrativeUnits
+GET /directory/administrativeUnits
+```
+## Optional query parameters
+This method supports the `$count`, `$select`, `$search`, `$filter`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.
++
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.
+## Example
+### Request
+Here is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_administrativeunits"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/administrativeUnits
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits",
+ "value": [
+ {
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "isMemberManagementRestricted": null,
+ "visibility": "HiddenMembership",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "List administrativeUnits",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directory-post-administrativeunits.md
+
+ Title: "Create administrativeUnit"
+description: "Use this API to create a new administrativeUnit."
+
+ms.localizationpriority: medium
++
+# Create administrativeUnit
+
+Namespace: microsoft.graph
++
+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /administrativeUnits
+POST /directory/administrativeUnits
+```
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.
+
+## Example
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_administrativeunit_from_administrativeunits"
+}-->
+```http
+POST https://graph.microsoft.com/beta/administrativeUnits
+Content-type: application/json
+
+{
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+
+## See also
+
+- [Add custom data to resources using extensions](/graph/extensibility-overview)
+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
+<!--
+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)
+-->
++
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create administrativeUnit",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
++
v1.0 Entitlementmanagement Post Accesspackageresourcerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md
POST /identityGovernance/entitlementManagement/accessPackageResourceRequests
In the request body, supply a JSON representation of an [accessPackageResourceRequest](../resources/accesspackageresourcerequest.md) object. Include the `accessPackageResource` relationship with an [accessPackageResource](../resources/accesspackageresource.md) object as part of the request.
-To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group.
+To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group. If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role which allows them to modify groups. If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
-To remove an Azure AD app from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).
+To add an Azure AD application as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadApplication` and the value of the **originId** is the identifier of the [servicePrincipal](../resources/serviceprincipal.md). If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role which allows them to modify application role assignments.
-To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:
+To add a SharePoint Online site as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `SharePointOnline` and the value of the **originId** is the URI of the [site](../resources/site.md). If using delegated permissions, the user should be in the the SharePoint Administrator role. If using application permissions, the application requesting to add the site should also be assigned the `Sites.FullControl.All` permission. To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:
+ Use `@odata.bind` annotation to assign the `id` of the `accessPackageResourceEnvironment` to an `accessPackageResourceEnvironment` object. + Specify the `originId` parameter of the `accessPackageResourceEnvironment` in an `accessPackageResourceEnvironment` object.
+To remove a resource from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).
## Response
Content-type: application/json
The following is an example of the request for adding an application to a catalog, including specifying a required attribute of that application. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_accesspackageresourcerequest_from_accesspackageresourcerequests6"
Content-type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ #### Response
v1.0 Event Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/event-get.md
The following example shows expanding a series master event of a recurring serie
"name": "get_event_seriesMaster_expansion" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences$expand=exceptionOccurrences
+GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences&$expand=exceptionOccurrences
``` # [Go](#tab/go) [!INCLUDE [sample-code](../includes/snippets/go/get-event-seriesmaster-expansion-go-snippets.md)]
GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=sub
[!INCLUDE [sample-code](../includes/snippets/powershell/get-event-seriesmaster-expansion-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+ #### Response
v1.0 Group Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-assignlicense.md
In the request body, provide a JSON object with the following parameters.
| Parameter | Type |Description| |:|:--|:-| |addLicenses|[assignedLicense](../resources/assignedlicense.md) collection|A collection of [assignedLicense](../resources/assignedlicense.md) objects that specify the licenses to add. You can disable servicePlans associated with a license by setting the **disabledPlans** property on an [assignedLicense](../resources/assignedlicense.md) object.|
-|removeLicenses|GUID collection|A collection of skuIds that identify the licenses to remove.|
+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|
## Response
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To remove members from a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To add members to a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Identityapiconnector Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-create.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someotherapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-get.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Uploadclientcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-uploadclientcertificate.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id": "guid",
+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "My API connector", "targetUrl": "https://api.contoso.com/endpoint", "authenticationConfiguration": {
v1.0 Identityprotectionroot List Riskyserviceprincipals https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityprotectionroot-list-riskyserviceprincipals.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_riskyserviceprincipal"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Identityprotectionroot List Serviceprincipalriskdetections https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityprotectionroot-list-serviceprincipalriskdetections.md
If successful, this method returns a `200 OK` response code and a collection of
#### Request The following is an example of the request.+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_serviceprincipalriskdetection"
The following is an example of the request.
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response
Content-Type: application/json
#### Request The following example shows how to use `$filter` to get the collection of service principal risk detections where the risk level is `medium` or the risk event type is `investigationsThreatIntelligence`. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_filter_serviceprincipalriskdetection"
The following example shows how to use `$filter` to get the collection of servic
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections?$filter=riskEventType eq 'investigationsThreatIntelligence' or riskLevel eq 'medium' ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response The following is an example of the response.
v1.0 List Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/list-create.md
description: "Create a new list in a site." Previously updated : 09/11/2017 Title: Create a SharePoint List ms.localizationpriority: medium ms.prod: "sharepoint"
One of the following permissions is required to call this API. To learn more, in
POST https://graph.microsoft.com/beta/sites/{site-id}/lists ```
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+ ## Request body
-In the request body, supply a JSON representation of the [list][] resource to create.
+In the request body, supply a JSON representation of a [list][] object.
+
+## Response
-## Example
+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.
-Here is an example of how to create a new generic list.
+## Examples
+
+### Request
+
+The following is an example of how to create a new generic list.
+
+> **Note:** Custom columns are optional.
+
+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
+If the **list** facet or **template** is not specified, the list defaults to the `genericList` template, which includes a _Title_ column.
# [HTTP](#tab/http)
Content-Type: application/json
-**Note:** Custom columns are optional.
-
-In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
-If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
+### Response
-## Response
+The following is an example of the response.
-If successful, this method returns a [list][] in the response body for the created list.
+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.list", "truncated": true } -->
Content-type: application/json
} ```
-**Note:** The response object is truncated for clarity.
-Default properties will be returned from the actual call.
- [list]: ../resources/list.md [site]: ../resources/site.md
v1.0 Organizationalbranding Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organizationalbranding-get.md
The following example returns the **bannerLogo** object which hadn't been set fo
The following is an example of the request. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_organizationalbranding_frlocale_bannerLogo"
The following is an example of the request.
```msgraph-interactive GET https://graph.microsoft.com/beta/organization/d69179bf-f4a4-41a9-a9de-249c0f2efb1d/branding/localizations/default/bannerLogo ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ #### Response
v1.0 Organizationalbranding Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organizationalbranding-update.md
The following is an example of the request.
+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_organizationalbrandinglocaliation_2"
Content-Type: image/jpeg
<Image> ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+++
v1.0 Outlookuser Post Mastercategories https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/outlookuser-post-mastercategories.md
POST /users/{id|userPrincipalName}/outlook/masterCategories
| Name | Description| |:|:-| | Authorization | Bearer {token}. Required. |-
+|Content-Type|application/json. Required.|
## Request body
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.
## Response
-If successful, this method returns `201 Created` response code and [outlookCategory](../resources/outlookcategory.md) object in the response body.
+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
Content-Length: 70 {
- "displayName":"Project expenses",
- "color":"preset9"
+ "displayName": "Project expenses",
+ "color": "preset9"
} ``` # [C#](#tab/csharp)
Content-Length: 70
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-type: application/json {
- "@odata.context":"https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
- "id":"bac262b7-485d-4739-b436-e31467d64fac",
- "displayName":"Project expenses",
- "color":"preset9"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
+ "id": "bac262b7-485d-4739-b436-e31467d64fac",
+ "displayName": "Project expenses",
+ "color": "preset9"
} ```
v1.0 Participant Invite https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/participant-invite.md
Title: "participant: invite" description: "Invite participants to the active call."-+ ms.localizationpriority: medium ms.prod: "cloud-communications" doc_type: apiPageType
Invite participants to the active call.
For more information about how to handle operations, see [commsoperation](../resources/commsoperation.md).
->**Note:** This API is only supported for group calls.
+>**Note:** Inviting multiple participants in one request is only supported for group calls.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
In the request body, provide a JSON object with the following parameters.
|clientContext|String|Unique Client Context string. Max limit is 256 chars.| ## Response
-If succsessful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.
+If successful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.
>**Note:** When this API returns a successful response, all participants will receive a roster update.
The following examples show how to call this API.
> **Note:** The response objects might be shortened for readability. All the properties will be returned from an actual call.
-### Example 1: Invite one participant to an existing group call
+### Example 1: Invite one participant to an existing call
#### Request
v1.0 Participant Stopholdmusic https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/participant-stopholdmusic.md
Location: https://graph.microsoft.com/beta/communications/calls/e141b67c-90fd-45
{ "@odata.type": "#microsoft.graph.stopHoldMusicOperation", "id": "0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "status": "running",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c"
-}
-```
-
-### Notification sent to the application after the stopHoldMusicOperation finishes
-
-```http
-POST https://bot.contoso.com/api/calls
-Content-Type: application/json
-```
-
-<!-- {
- "blockType": "example",
- "@odata.type": "microsoft.graph.commsNotifications"
-}-->
-```json
-{
- "@odata.type": "#microsoft.graph.commsNotifications",
- "value": [
- {
- "@odata.type": "#microsoft.graph.commsNotification",
- "changeType": "deleted",
- "resourceUrl": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "resourceData": {
- "@odata.type": "#microsoft.graph.stopHoldMusicOperation",
- "@odata.id": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "@odata.etag": "W/\"54451\"",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
- "status": "completed"
- }
- }
- ]
+ "status": "completed",
+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
+ "resultInfo": null
} ```
v1.0 Rbacapplication List Transitiveroleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-list-transitiveroleassignments.md
+
+ Title: "List transitiveRoleAssignment"
+description: "List direct and transitive role assignments for a specific principal."
+ms.localizationpriority: medium
+++
+# List transitiveRoleAssignment
+
+Namespace: microsoft.graph
++
+Get the list of direct and transitive [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects for a specific principal. For example, if a user is assigned an Azure AD role through group membership, the role assignment is transitive, and this request will list the group's ID as the **principalId**. Results can also be filtered by the **roleDefinitionId** and **directoryScopeId**. Supported only for directory (Azure AD) provider.
+
+For more information, see [Use Azure AD groups to manage role assignments](/azure/active-directory/roles/groups-concept).
+
+> [!NOTE]
+> This request might have replication delays for role assignments that were recently created, updated, or deleted.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+
+## HTTP request
+
+To list transitive role assignments for a directory provider:
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+```http
+GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
+```
+
+## Optional query parameters
+
+This method supports the `$count`, `$filter` (`eq`), and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). You can filter by the **principalId**, **roleDefinitionId** and **directoryScopeId** to retrieve both direct and transitive role assignments for a principal.
+
+## Request headers
+
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token} Required. |
+| ConsistencyLevel | eventual. This header, `$count`, and `$filter` are required. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects in the response body.
+
+## Examples
+For the examples in this section, consider the following role assignment scenario. A user named Alice has both direct and transitive role assignments as follows:
+
+| User | Group | Role | Scope | Role assignment ID |
+| :: | :: | :: | :: | :: |
+| Alice<br/>`2c7936bc-3517-40f3-8eda-4806637b6516` | | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA1<br/>`857708a7-b5e0-44f9-bfd7-53531d72a739` |
+| | G1<br/>`ae2fc327-4c71-48ed-b6ca-f48632186510`<br/>(Alice is a member) | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA2<br/>`8a021d5f-7351-4713-aab4-b088504d476e` |
+| | G2<br/>`6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8`<br/>(Alice is a member) | Helpdesk Administrator<br/>`729827e3-9c14-49f7-bb1b-9608f156bbb8` | Administrative unit (AU1)<br/>`26e79164-0c5c-4281-8c5b-be7bc7809fb2` | RA3<br/>`6cc86637-13c8-473f-afdc-e0e65c9734d2` |
+++ Alice is assigned the User Administrator role directly at tenant scope with role assignment RA1. ++ Alice is member of a group G1 and G1 is assigned the User Administrator role at tenant scope with role assignment RA2.++ Alice is also a member of group G2 and G2 is assigned the Helpdesk Administrator role at an administrative unit AU1 scope with role assignment RA3.+
+### Example 1 : Get direct and transitive role assignments of a principal
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
+
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_all"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516'
+ConsistencyLevel: eventual
+```
+++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",
+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",
+ "principalId": "ae2fc327-4c71-48ed-b6ca-f48632186510",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",
+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
+ }
+ ]
+}
+```
+
+### Example 2: Get direct and transitive assignments of a principal, but only specific role definitions
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
+
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_transitive"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and roleDefinitionId eq 'fe930be7-5e62-47db-91af-98c3a49a38b1'
+ConsistencyLevel: eventual
+```
++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",
+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ }
+ ]
+}
+```
+
+### Example 3: Get direct and transitive role assignments of a principal, but only administrative unit scoped
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
+
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_tenantscoped"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and directoryScopeId eq '/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2'
+ConsistencyLevel: eventual
+```
+++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",
+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
+ }
+ ]
+}
+```
v1.0 Rbacapplicationmultiple List Resourcenamespaces https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplicationmultiple-list-resourcenamespaces.md
+
+ Title: "List resourceNamespaces"
+description: "Get a list of the unifiedRbacResourceNamespace objects and their properties."
+
+ms.localizationpriority: medium
++
+# List resourceNamespaces
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces
+```
+
+## Optional query parameters
+This method supports the `$filter` and `$select` OData query parameters to help customize the response. This method supports `$filter` for **id** and **name**. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects in the response body.
+
+## Examples
+
+The following example gets all resource namespaces.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourcenamespace"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces
+```
++
+### Response
+>**Note:** The response object shown here has been shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceNamespace)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces",
+ "value": [
+ {
+ "id": "microsoft.aad.b2c",
+ "name": "microsoft.aad.b2c"
+ },
+ {
+ "id": "microsoft.aad.cloudAppSecurity",
+ "name": "microsoft.aad.cloudAppSecurity"
+ },
+ {
+ "id": "microsoft.directory",
+ "name": "microsoft.directory"
+ }
+ ]
+}
+```
v1.0 Riskyserviceprincipal Confirmcompromised https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-confirmcompromised.md
If successful, this action returns a `204 No Content` response code. It does not
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "riskyserviceprincipal_confirmcompromised"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal Dismiss https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-dismiss.md
If successful, this action returns a `204 No Content` response code. It does not
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "riskyserviceprincipal_dismiss"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-get.md
If successful, this method returns a `200 OK` response code and a [riskyServiceP
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_riskyserviceprincipal"
If successful, this method returns a `200 OK` response code and a [riskyServiceP
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/9089a539-a539-9089-39a5-899039a58990 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal List History https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-list-history.md
If successful, this method returns a `200 OK` response code and a collection of
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_riskyserviceprincipalhistoryitem"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters+ This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
+> [!NOTE]
+> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedShift/startDateTime ge 2019-05-09T00:00:00Z and sharedShift/startDateTime le 2019-05-09T23:59:59Z`.
+ ## Request headers | Header | Value |
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+> [!NOTE]
+> A service principal can retrieve its own application and service principal details without being granted any application permissions.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
GET /servicePrincipals/{id}
``` ## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
This method supports the `$count`, `$expand`, `$filter`, `$orderBy`, `$search`, `$select`, and `$top` [OData query parameters](/graph/query-parameters) to help customize the response. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
v1.0 Serviceprincipal List Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-list-approleassignedto.md
For example, if the resource service principal is the service principal for the
If the resource service principal is an application that has app roles granted to users and groups, this will return all the users and groups assigned app roles for this application.
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal List Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-list-approleassignments.md
Retrieve the list of [appRoleAssignment](../resources/approleassignment.md) that
App roles that are assigned to service principals are also known as [application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types). Application permissions can be granted directly by creating app role assignments, or through a [consent experience](/azure/active-directory/develop/application-consent-experience). +
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the servicePrincipal's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the servicePrincipal that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).| ## Response
v1.0 Serviceprincipal Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-removepassword.md
POST /servicePrincipals/{id}/removePassword
| Property | Type |Description| |:|:--|:-|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Serviceprincipalriskdetection Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipalriskdetection-get.md
If successful, this method returns a `200 OK` response code and a [servicePrinci
### Example 1: Get a specific risk detection object #### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_serviceprincipalriskdetection"
If successful, this method returns a `200 OK` response code and a [servicePrinci
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-delete.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-get.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-post-subscriptions.md
Subscribes a listener application to receive change notifications when the reque
See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).
+ ## Permissions Creating a subscription requires read permission to the resource. For example, to get change notifications on messages, your app needs the Mail.Read permission.
OneDrive for Business and SharePoint support sending your application notificati
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
--- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-update.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Termstore Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/termstore-group-get.md
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/beta/sites/microsoft.sharepoint.com,c6482504-4a85-4b21-858a-7e88dafc8232,d90ca07d-25c0-4ce7-864b-d68b607e697f/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C?$select=*,parentSiteId ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore_sites"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/beta/sites/microsoft.sharepoint.com,c6482504-4a85-4b21-858a-7e88dafc8232,d90ca07d-25c0-4ce7-864b-d68b607e697f/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Unifiedrbacresourceaction Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourceaction-get.md
+
+ Title: "Get unifiedRbacResourceAction"
+description: "Read the properties and relationships of an unifiedRbacResourceAction object."
+
+ms.localizationpriority: medium
++
+# Get unifiedRbacResourceAction
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}/resourceActions/{unifiedRbacResourceActionId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object in the response body.
+
+## Examples
+
+The following example gets the action with the identifier `microsoft.directory-accessReviews-allProperties-read-get` for the resource namespace with the identifier of `microsoft.directory`.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrbacresourceaction"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions/microsoft.directory-accessReviews-allProperties-read-get
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRbacResourceAction"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.directory')/resourceActions/$entity",
+ "actionVerb": "GET",
+ "description": "Read all properties of access reviews",
+ "id": "microsoft.directory-accessReviews-allProperties-read-get",
+ "name": "microsoft.directory/accessReviews/allProperties/read",
+ "resourceScopeId": null
+}
+```
v1.0 Unifiedrbacresourcenamespace Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourcenamespace-get.md
+
+ Title: "Get unifiedRbacResourceNamespace"
+description: "Read the properties and relationships of an unifiedRbacResourceNamespace object."
+
+ms.localizationpriority: medium
++
+# Get unifiedRbacResourceNamespace
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object in the response body.
+
+## Examples
+
+The following example gets the resource namespace with the identifier of `microsoft.aad.b2c`.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrbacresourcenamespace"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.aad.b2c
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRbacResourceNamespace"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces/$entity",
+ "id": "microsoft.aad.b2c",
+ "name": "microsoft.aad.b2c"
+}
+```
v1.0 Unifiedrbacresourcenamespace List Resourceactions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourcenamespace-list-resourceactions.md
+
+ Title: "List resourceActions"
+description: "Get a list of the unifiedRbacResourceAction objects and their properties."
+
+ms.localizationpriority: medium
++
+# List resourceActions
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}/resourceActions
+```
+
+## Optional query parameters
+This method supports the `$filter`, `$select`, `$top`, and `$skipToken` OData query parameters to help customize the response. This method supports `$filter` (`eq`) for **actionVerb**, **description**, **id**, and **name** properties. This method returns a default page size of 100 **resourceActions** and supports `$top` and `$skipToken` for paging. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects in the response body.
+
+## Examples
+
+### Example 1: Get microsoft.directory actions
+
+The following example gets the actions for the resource namespace with the identifier of `microsoft.directory`.
+
+This method returns a maximum of 100 actions. If there are more actions, you can use `@odata.nextLink` to get the next set of actions.
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourceaction_directory"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions
+```
++
+#### Response
+>**Note:** The response object shown here has been shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceAction)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.directory')/resourceActions",
+ "@odata.nextLink": "https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions?$skiptoken=bWljcm9z...",
+ "value": [
+ {
+ "actionVerb": null,
+ "description": "Create and delete access reviews, and read and update all properties of access reviews in Azure AD",
+ "id": "microsoft.directory-accessReviews-allProperties-allTasks",
+ "name": "microsoft.directory/accessReviews/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "GET",
+ "description": "Read all properties of access reviews",
+ "id": "microsoft.directory-accessReviews-allProperties-read-get",
+ "name": "microsoft.directory/accessReviews/allProperties/read",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Manage access reviews of application role assignments in Azure AD",
+ "id": "microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks",
+ "name": "microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks",
+ "resourceScopeId": null
+ }
+ ]
+}
+```
+
+### Example 2: Get microsoft.insights actions
+
+The following example gets the actions for the resource namespace with the identifier of `microsoft.insights`.
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourceaction_insights"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.insights/resourceActions
+```
++
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceAction)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.insights')/resourceActions",
+ "value": [
+ {
+ "actionVerb": null,
+ "description": "Manage all aspects of Insights app",
+ "id": "microsoft.insights-allEntities-allProperties-allTasks",
+ "name": "microsoft.insights/allEntities/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Read all aspects of Viva Insights",
+ "id": "microsoft.insights-allEntities-allProperties-read",
+ "name": "microsoft.insights/allEntities/allProperties/read",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "PATCH",
+ "description": "Deploy and manage programs in Insights app",
+ "id": "microsoft.insights-programs-allProperties-update-patch",
+ "name": "microsoft.insights/programs/allProperties/update",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Run and manage queries in Viva Insights",
+ "id": "microsoft.insights-queries-allProperties-allTasks",
+ "name": "microsoft.insights/queries/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "GET",
+ "description": "View reports and dashboard in Insights app",
+ "id": "microsoft.insights-reports-allProperties-read-get",
+ "name": "microsoft.insights/reports/allProperties/read",
+ "resourceScopeId": null
+ }
+ ]
+}
+```
v1.0 User Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-assignlicense.md
In the request body, provide a JSON object with the following parameters.
If successful, this method returns `200 OK` response code and an updated [user](../resources/user.md) object in the response body.
-## Example
-Add licenses to the user.
-##### Request
+## Examples
+
+### Example 1: Assign licenses to the signed-in user
+
+#### Request
# [HTTP](#tab/http) <!-- {
POST https://graph.microsoft.com/beta/me/assignLicense
Content-type: application/json {
- "addLicenses": [
- {
- "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "skuId-value-1"
- },
- {
- "disabledPlans": [ "a571ebcc-fqe0-4ca2-8c8c-7a284fd6c235" ],
- "skuId": "skuId-value-2"
- }
- ],
- "removeLicenses": []
+ "addLicenses": [
+ {
+ "disabledPlans": [
+ "8a256a2b-b617-496d-b51b-e76466e88db0"
+ ],
+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ },
+ {
+ "disabledPlans": [],
+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"
+ }
+ ],
+ "removeLicenses": []
} ``` # [C#](#tab/csharp)
Content-type: application/json
-## Example
-Remove licenses from the user.
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "accountEnabled": true,
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "8a256a2b-b617-496d-b51b-e76466e88db0"
+ ],
+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ },
+ {
+ "disabledPlans": [],
+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"
+ }
+ ],
+ "city": "Nairobi",
+ "companyName": "Contoso"
+}
+```
+
+### Example 2: Remove licenses from the signed-in user
-##### Request
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "user_assignlicense_removelicenses"
+}-->
```http POST https://graph.microsoft.com/beta/me/assignLicense Content-type: application/json {
- "addLicenses": [],
- "removeLicenses": ["skuId-value-1", "skuId-value-2"]
+ "addLicenses": [],
+ "removeLicenses": [
+ "f30db892-07e9-47e9-837c-80727f46fd3d",
+ "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ ]
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
-##### Response
-In both examples, the response is the updated user object. Note: The response object shown here might be shortened for readability.
+# [PowerShell](#tab/powershell)
++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Content-type: application/json
{ "accountEnabled": true,
- "assignedLicenses": [
- {
- "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "skuId-value"
- }
- ],
- "assignedPlans": [
- {
- "assignedDateTime": "2016-10-19T10:37:00Z",
- "capabilityStatus": "capabilityStatus-value",
- "service": "service-value",
- "servicePlanId": "bea13e0c-3828-4daa-a392-28af7ff61a0f"
- }
- ],
- "businessPhones": [
- "businessPhones-value"
- ],
- "city": "city-value",
- "companyName": "companyName-value"
+ "assignedLicenses": [],
+ "city": "Nairobi",
+ "companyName": "Contoso"
} ```
v1.0 User List Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-list-licensedetails.md
Title: "List licenseDetails" description: "Retrieve a list of licenseDetails objects."-+ ms.localizationpriority: medium ms.prod: "users" doc_type: apiPageType
v1.0 User Revokesigninsessions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-revokesigninsessions.md
This operation has no request content.
## Response
-If successful, this method returns a `204 No Content` response code.
+If successful, this method returns a `200 OK` response code.
>[!NOTE]
->This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-HTTP-code). It returns a different HTTP response code.
+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.
## Example The following example shows how to call this API.
-##### Request
+### Request
# [HTTP](#tab/http) <!-- {
- "blockType": "request",
+ "blockType": "ignored",
"name": "user_revokesigninsessionss" }--> ```http
POST https://graph.microsoft.com/beta/me/revokeSignInSessions
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 No Content
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Edm.Boolean",
+ "value": true
+}
``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-update.md
Because the **user** resource supports [extensions](/graph/extensibility-overvie
add, update, or delete your own app-specific data in custom properties of an extension in an existing **user** instance. > [!NOTE]
-> The follow properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
## Response
v1.0 Virtualendpoint List Snapshots https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/virtualendpoint-list-snapshots.md
+
+ Title: "List snapshots"
+description: "Get a list of cloudPcSnapshot objects and their properties."
+
+ms.localizationpriority: medium
++
+# List snapshots
+Namespace: microsoft.graph
++
+Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /deviceManagement/virtualEndpoint/snapshots
+```
+
+## Optional query parameters
+This method supports the `$filter` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of a request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_cloudpcsnapshot"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.cloudPcSnapshot",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",
+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",
+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",
+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",
+ "status": "ready"
+ }
+ ]
+}
+```
+
v1.0 Windowshelloforbusinessauthenticationmethod Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/windowshelloforbusinessauthenticationmethod-get.md
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAu
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} ```
+>**Note:** To read the **device** navigation property for another user, specify it in an `$expand` query as follows: `/users/{id}/authentication/windowsHelloForBusinessMethods/{id}?$expand=device`.
+ ## Optional query parameters Not supported.
v1.0 Windowsupdates Deploymentaudience Updateaudience https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/windowsupdates-deploymentaudience-updateaudience.md
Content-Type: application/json
{ "addMembers": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "removeMembers": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "addExclusions": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "removeExclusions": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ]
v1.0 X509certificateauthenticationmethodconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-delete.md
Title: "Delete x509CertificateAuthenticationMethodConfiguration"
-description: "Delete a x509CertificateAuthenticationMethodConfiguration object and restores all the other properties to their default settings"
+description: "Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration."
ms.localizationpriority: medium ms.prod: "identity-and-sign-in"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Restore the [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object to its default configuration.
+Delete the tenant-customized [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object and restore the default configuration.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 X509certificateauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-get.md
GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authen
### Response+
+The following response object shows an x509CertificateAuthenticationMethodConfiguration with its default configuration.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
HTTP/1.1 200 OK
Content-Type: application/json {
- "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
- "id": "X509Certificate",
- "state": "disabled",
- "certificateUserBindings": [{
- "x509CertificateField": "PrincipalName",
- "userProperty": "onPremisesUserPrincipalName",
- "priority": 1
- },
- {
- "x509CertificateField": "RFC822Name",
- "userProperty": "userPrincipalName",
- "priority": 2
- }
- ],
- "authenticationModeConfiguration": {
- "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
- "rules": []
- },
- "includeTargets": [{
- "targetType": "group",
- "id": "all_users",
- "isRegistrationRequired": false
- }]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [
+ {
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('X509Certificate')/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets",
+ "includeTargets": [
+ {
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }
+ ]
} ```
v1.0 X509certificateauthenticationmethodconfiguration Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-update.md
If successful, this method returns a `204 No Content` response code and an updat
### Request
+The following is an example of an update request with the following settings:
+++ Enables the x509 certificate authentication method in the tenant.++ Configures only one user binding between the certificate **PrincipalName** and the Azure AD **onPremisesUserPrincipalName** properties.++ Defines multi-factor authentication as requirement.++ Configures the binding rules for the strong authentication method against the rule type.+ # [HTTP](#tab/http) <!-- { "blockType": "request",
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/auth
Content-Type: application/json {
- "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
- "id": "X509Certificate",
- "state": "disabled",
- "certificateUserBindings": [{
- "x509CertificateField": "PrincipalName",
- "userProperty": "onPremisesUserPrincipalName",
- "priority": 1
- },
- {
- "x509CertificateField": "RFC822Name",
- "userProperty": "userPrincipalName",
- "priority": 2
- }
- ],
- "authenticationModeConfiguration": {
- "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
- "rules": []
- },
- "includeTargets": [{
- "targetType": "group",
- "id": "all_users",
- "isRegistrationRequired": false
- }]
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "enabled",
+ "certificateUserBindings": [
+ {
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",
+ "rules": [
+ {
+ "x509CertificateRuleType": "issuerSubject",
+ "identifier": "CN=ContosoCA,DC=Contoso,DC=org ",
+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
+ },
+ {
+ "x509CertificateRuleType": "policyOID",
+ "identifier": "1.2.3.4",
+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
+ }
+ ]
+ },
+ "includeTargets": [
+ {
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }
+ ]
} ``` # [JavaScript](#tab/javascript)
Content-Type: application/json
### Response <!-- {
- "blockType": "response",
- "truncated": true
+ "blockType": "response"
} --> ``` http HTTP/1.1 204 No Content
-Content-Type: application/json
```
v1.0 Accesspackageassignmentpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageassignmentpolicy.md
To assign a user to an access package, [create an accessPackageAssignmentRequest
| Relationship | Type | Description | |:-|:|:| |accessPackage|[accessPackage](accesspackage.md)| The access package with this policy. Read-only. Nullable. Supports `$expand`.|
+|customExtensionHandlers|[customExtensionHandler](../resources/customextensionhandler.md) collection| The collection of stages when to execute one or more custom access package workflow extensions. Supports `$expand`.|
++ ## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "string",
- "accessPackageId": "string",
- "displayName": "string",
- "description": "string",
- "isDenyPolicy": false,
- "canExtend": false,
- "durationInDays": 365,
- "requestorSettings": {
- "scopeType": "string",
- "acceptRequests": true,
- "allowedRequestors": [{
- "@odata.type": "#microsoft.graph.userSet"
- }]
- },
- "requestApprovalSettings": {
- "isApprovalRequired": false,
- "isApprovalRequiredForExtension": false,
- "isRequestorJustificationRequired": false,
- "approvalMode": "string",
- "approvalStages": [{
- "approvalStageTimeOutInDays": 14,
- "isApproverJustificationRequired": true,
- "isEscalationEnabled": true,
- "escalationTimeInMinutes": 11520,
- "primaryApprovers": [{
- "@odata.type": "#microsoft.graph.userSet"
- }],
- "escalationApprovers": [{
- "@odata.type": "#microsoft.graph.userSet"
- }]
- }]
- },
- "accessReviewSettings": null,
- "questions": [{
- "@odata.type": "#microsoft.graph.question"
- }]
+ "@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
+ "id": "String (identifier)",
+ "accessPackageId": "String",
+ "displayName": "String",
+ "description": "String",
+ "canExtend": "Boolean",
+ "durationInDays": "Integer",
+ "expirationDateTime": "String (timestamp)",
+ "createdBy": "String",
+ "createdDateTime": "String (timestamp)",
+ "modifiedBy": "String",
+ "modifiedDateTime": "String (timestamp)",
+ "questions": [
+ {
+ "@odata.type": "microsoft.graph.accessPackageMultipleChoiceQuestion"
+ }
+ ],
+ "requestorSettings": {
+ "@odata.type": "microsoft.graph.requestorSettings"
+ },
+ "requestApprovalSettings": {
+ "@odata.type": "microsoft.graph.approvalSettings"
+ },
+ "accessReviewSettings": {
+ "@odata.type": "microsoft.graph.assignmentReviewSettings"
+ }
} ```
v1.0 Accesspackageassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageassignmentrequest.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
|:-|:|:| |completedDate|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |createdDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|customExtensionHandlerInstances|[customExtensionHandlerInstance](../resources/customextensionhandlerinstance.md) collection| A collection of [custom workflow extension](customaccesspackageworkflowextension.md) instances being run on an assignment request. Read-only. |
|id|String| Read-only.| |isValidationOnly|Boolean|True if the request is not to be processed for assignment.| |justification|String|The requestor's supplied justification.|
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
## JSON representation + The following is a JSON representation of the resource. <!-- {
The following is a JSON representation of the resource.
```json {
- "createdDateTime": "string",
- "completedDate": "string",
- "id": "string",
- "requestType": "string",
- "requestState": "string",
- "requestStatus": "string",
- "isValidationOnly": false,
- "justification": "string",
- "answers": [{
- "@odata.type": "#microsoft.graph.accessPackageAnswerString",
- "value": "string",
- "answeredQuestion": {
- "id": "string",
- "text": {
- "defaultText": "string",
- "localizedTexts": [{
- "text": "string",
- "languageCode": "string"
- }]
- },
- "isRequired": true,
- "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
- "isSingleLineQuestion": true
- }
- }]
+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequest",
+ "id": "String (identifier)",
+ "requestType": "String",
+ "requestState": "String",
+ "requestStatus": "String",
+ "isValidationOnly": "Boolean",
+ "createdDateTime": "String (timestamp)",
+ "completedDate": "String (timestamp)",
+ "expirationDateTime": "String (timestamp)",
+ "justification": "String",
+ "schedule": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "answers": [
+ {
+ "@odata.type": "microsoft.graph.accessPackageAnswerString"
+ }
+ ],
+ "customExtensionHandlerInstances": [
+ {
+ "@odata.type": "microsoft.graph.customExtensionHandlerInstance"
+ }
+ ]
} ```
v1.0 Accesspackagecatalog https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackagecatalog.md
Namespace: microsoft.graph
In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package catalog is a container for zero or more access packages. An access package catalog might also have linked resources that are used in those access packages to provide access. To view or change the membership of catalog-scoped roles, use the [role assignments](unifiedroleassignment.md) API with the entitlement management RBAC provider. - ## Methods | Method | Return Type | Description |
In [Azure AD entitlement management](entitlementmanagement-overview.md), an acce
| [Get accessPackageCatalog](../api/accesspackagecatalog-get.md) | [accessPackageCatalog](accesspackagecatalog.md) | Read properties and relationships of an accessPackageCatalog object. | | [Update accessPackageCatalog](../api/accesspackagecatalog-update.md)|None | Update the properties of an accessPackageCatalog object. | | [Delete accessPackageCatalog](../api/accesspackagecatalog-delete.md) | | Delete accessPackageCatalog. |
+| **Access package resources**| | |
| [List accessPackageCatalog resources](../api/accesspackagecatalog-list-accesspackageresources.md) | [accessPackageResource](accesspackageresource.md) collection | Retrieve a list of accessPackageResource objects in a catalog. |
+| **Access package resource roles**| | |
| [List accessPackageCatalog resource roles](../api/accesspackagecatalog-list-accesspackageresourceroles.md) | [accessPackageResourceRole](accesspackageresourcerole.md) collection | Retrieve a list of accessPackageResourceRole objects for resources in a catalog. |
+| **Custom access package package workflow extensions**| | |
+|[List customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties.|
+|[Create customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Get customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-get.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Update customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-update.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Update the properties of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Delete customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-delete.md)|None|Deletes a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
## Properties
In [Azure AD entitlement management](entitlementmanagement-overview.md), an acce
|:-|:|:| |accessPackages|[accessPackage](accesspackage.md) collection| The access packages in this catalog. Read-only. Nullable. Supports `$expand`.| |accessPackageResources|[accessPackageResource](accesspackageresource.md) collection| Read-only. Nullable.|
+|accessPackageResourceRoles|[accessPackageResourceRole](accesspackageresourcerole.md) collection|The roles in each resource in a catalog. Read-only.|
+|accessPackageResourceScopes|[accessPackageResourceScope](accesspackageresourcescope.md) collection|Read-only.|
+|customAccessPackageWorkflowExtension|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|The attributes of a logic app, which can be called at various stages of an access package request and assignment cycle. |
## JSON representation
v1.0 Accesspackageresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageresource.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Property | Type | Description | |:-|:|:|
-|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.|
|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains information about the attributes to be collected from the requestor and sent to the resource application. | |addedBy|String|The name of the user or application that first added this resource. Read-only.| |addedOn|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Relationship | Type | Description | |:-|:|:|
-|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](accesspackageresourceenvironment.md)| Nullable. Supports `$expand`.|
+|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.Supports `$expand`.|
|accessPackageResourceRoles|[accessPackageResourceRole](accesspackageresourcerole.md) collection| Read-only. Nullable. Supports `$expand`.| |accessPackageResourceScopes|[accessPackageResourceScope](accesspackageresourcescope.md) collection| Read-only. Nullable. Supports `$expand`.|
v1.0 Accessreviewsv2 Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accessreviewsv2-overview.md
Typical customer scenarios for access reviews include:
- Customers can review and certify employee access to Azure AD resources. - Customers can review and audit assignments to Azure AD privileged roles. This supports organizations in the management of privileged access.
-Note that the access reviews feature, including the API, is included in Azure AD Premium P2. The tenant where an access review is being created must have a valid purchased or trial Azure AD Premium P2 or EMS E5 subscription.
+Note that the access reviews feature, including the API, is included in Azure AD Premium P2. The tenant where an access review is being created must have a valid purchased or trial Azure AD Premium P2 or EMS E5 subscription. For more information about the license requirements, see [Access reviews license requirements](/azure/active-directory/governance/access-reviews-overview#license-requirements).
## Methods
v1.0 Activateservice https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/activateservice.md
Represents a service to be activated.
| Property | Type | Description | | -- | | - | | service| String | The name of the service to activate. |
-| servicePlanId | GUID | The plan identifier of the service plan to activate. |
-| skuId | GUID | The SKU identifier of the service plan. |
+| servicePlanId | Guid | The plan identifier of the service plan to activate. |
+| skuId | Guid | The SKU identifier of the service plan. |
## JSON representation
Here is a JSON representation of the resource.
```json {
- "service": "string",
- "skuId": "guid",
- "servicePlanId": "guid"
+ "service": "String",
+ "skuId": "Guid",
+ "servicePlanId": "Guid"
} ```
v1.0 Addin https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/addin.md
Here is a JSON representation of the resource.
```json {
- "id": "guid",
+ "id": "GUID",
"properties": [{"@odata.type": "microsoft.graph.keyValue"}],
- "type": "string"
+ "type": "String"
} ```
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/administrativeunit.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An administrative unit provides a conceptual container for User and Group directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users and groups contained within or scoped to an administrative unit to a regional or departmental administrator.
+An administrative unit provides a conceptual container for user, group, and device directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users, groups, and devices contained within or scoped to an administrative unit to a regional or departmental administrator.
This resource supports using [delta query](/graph/delta-query-overview) to track incremental additions, deletions, and updates, by providing a [delta](../api/administrativeunit-delta.md) function. This resource is an open type that allows other properties to be passed in.
This topic provides descriptions of the declared properties and navigation prope
| Method | Return Type | Description | |:|:--|:-|
-|[Create](../api/administrativeunit-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
-|[List](../api/administrativeunit-list.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
|[Get](../api/administrativeunit-get.md) | [administrativeUnit](administrativeunit.md) |Read properties and relationships of a specific administrativeUnit object.| |[Update](../api/administrativeunit-update.md) | [administrativeUnit](administrativeunit.md) |Update administrativeUnit object. | |[Delete](../api/administrativeunit-delete.md) | None |Delete administrativeUnit object. | |[Get delta](../api/administrativeunit-delta.md)|[administrativeUnit](administrativeunit.md)|Get newly created, updated, or deleted **administrativeUnits** without having to perform a full read of the entire resource collection.|
-|[Add a member](../api/administrativeunit-post-members.md) |[directoryObject](directoryobject.md)| Add a member (user or group).|
-|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user and group) members.|
+|[Add a member](../api/administrativeunit-post-members.md) |[directoryObject](directoryobject.md)| Add a member (user, group, or device).|
+|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user, group, and device) members.|
|[Get a member](../api/administrativeunit-get-members.md) |[directoryObject](directoryobject.md)| Get a specific member.| |[Remove a member](../api/administrativeunit-delete-members.md) |[directoryObject](directoryobject.md)| Remove a member.| |[Add scoped-role member](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Add a scoped-role member.|
This topic provides descriptions of the declared properties and navigation prope
| Property | Type |Description| |:|:--|:-|
-|description|string|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
-|displayName|string|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
-|id|string|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
-|visibility|string|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership` or `Public`. If not set, default behavior is `Public`. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
## Relationships | Relationship | Type |Description|
This topic provides descriptions of the declared properties and navigation prope
## JSON representation
-Here is a JSON representation of the resource.
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
Here is a JSON representation of the resource.
```json {
- "description": "string",
- "displayName": "string",
- "id": "string (identifier)",
- "visibility": "string"
+ "description": "String",
+ "displayName": "String",
+ "id": "String (identifier)",
+ "visibility": "String"
} ```
v1.0 Appidentity https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/appidentity.md
Indicates the identity of the application that performed the action or was chang
## Properties | Property | Type |Description| |:|:--|:-|
-|appId|String|Refers to the Unique GUID representing Application Id in the Azure Active Directory.|
+|appId|String|Refers to the unique identifier representing Application Id in the Azure Active Directory.|
|displayName|String|Refers to the Application Name displayed in the Azure Portal.|
-|servicePrincipalId|String|Refers to the Unique GUID indicating Service Principal Id in Azure Active Directory for the corresponding App.|
+|servicePrincipalId|String|Refers to the unique identifier indicating Service Principal Id in Azure Active Directory for the corresponding App.|
|servicePrincipalName|String|Refers to the Service Principal Name is the Application name in the tenant. | ## JSON representation
v1.0 Approle https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approle.md
With [appRoleAssignments](approleassignment.md), app roles can be assigned to us
|allowedMemberTypes|String collection|Specifies whether this app role can be assigned to users and groups (by setting to `["User"]`), to other application's (by setting to `["Application"]`, or both (by setting to `["User", "Application"]`). App roles supporting assignment to other applications' service principals are also known as [application permissions](/graph/auth/auth-concepts#microsoft-graph-permissions). The "Application" value is only supported for app roles defined on **application** entities. | |description|String|The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.| |displayName|String|Display name for the permission that appears in the app role assignment and consent experiences.|
-|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new Guid identifier must be provided. |
+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |
|isEnabled|Boolean|When creating or updating an app role, this must be set to **true** (which is the default). To delete a role, this must first be set to **false**. At that point, in a subsequent call, this role may be removed.| |origin|String| Specifies if the app role is defined on the [application](application.md) object or on the [servicePrincipal](serviceprincipal.md) entity. Must _not_ be included in any POST or PATCH requests. Read-only. | |value|String|Specifies the value to include in the `roles` claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are `:` `!` `#` `$` `%` `&` `'` `(` `)` `*` `+` `,` `-` `.` `/` `:` `;` <code>&lt;</code> `=` <code>&gt;</code> `?` `@` `[` `]` `^` `+` `_` <code>&#96;</code> `{` <code>&#124;</code> `}` `~`, as well as characters in the ranges `0-9`, `A-Z` and `a-z`. Any other character, including the space character, are not allowed. May not begin with `.`. |
The following is a JSON representation of the resource.
```json {
- "allowedMemberTypes": ["string"],
- "description": "string",
- "displayName": "string",
- "id": "guid",
+ "allowedMemberTypes": ["String"],
+ "description": "String",
+ "displayName": "String",
+ "id": "Guid",
"isEnabled": true,
- "origin": "string",
- "value": "string"
+ "origin": "String",
+ "value": "String"
} ```
v1.0 Approleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approleassignment.md
Here is a JSON representation of the resource
```json {
- "id": "string",
+ "id": "String",
"creationTimestamp": "String (timestamp)",
- "principalDisplayName": "string",
- "principalId": "guid",
- "principalType": "string",
- "resourceDisplayName": "string",
- "resourceId": "guid",
- "appRoleId": "guid"
+ "principalDisplayName": "String",
+ "principalId": "Guid",
+ "principalType": "String",
+ "resourceDisplayName": "String",
+ "resourceId": "Guid",
+ "appRoleId": "Guid"
} ```
v1.0 Approvalstage https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approvalstage.md
Used for the **approvalStages** property of approval settings in the **requestAp
| isApproverJustificationRequired |Boolean | Indicates whether the approver is required to provide a justification for approving a request. | | isEscalationEnabled |Boolean | If true, then one or more escalation approvers are configured in this approval stage. | | escalationTimeInMinutes |Int32 | If escalation is required, the time a request can be pending a response from a primary approver. |
-| primaryApprovers | [userSet](userset.md) collection| The users who will be asked to approve requests. A collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). |
-| escalationApprovers | [userSet](userset.md) collection| If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md).|
+| primaryApprovers | [userSet](userset.md) collection| The users who will be asked to approve requests. A collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), include at least one **userSet** in this collection. |
+| escalationApprovers | [userSet](userset.md) collection| If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection.|
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/assignedlicense.md
Here is a JSON representation of the resource
```json {
- "disabledPlans": ["guid"],
- "skuId": "guid"
+ "disabledPlans": ["Guid"],
+ "skuId": "Guid"
} ```
v1.0 Assignedplan https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/assignedplan.md
Here is a JSON representation of the resource
```json { "assignedDateTime": "String (timestamp)",
- "capabilityStatus": "string",
- "service": "string",
- "servicePlanId": "guid"
+ "capabilityStatus": "String",
+ "service": "String",
+ "servicePlanId": "Guid"
} ```
v1.0 Azureadtokenauthentication https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/azureadtokenauthentication.md
+
+ Title: "azureAdTokenAuthentication resource type"
+description: "Defines the Azure AD application used to authenticate with a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# azureAdTokenAuthentication resource type
+
+Namespace: microsoft.graph
++
+Defines the Azure AD application used to authenticate a logic app with a [custom access package workflow extension](customaccesspackageworkflowextension.md). Only the app ID of the application is required. Derived from [customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md).
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|resourceId|String|The **appID** of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.azureAdTokenAuthentication",
+ "baseType": "microsoft.graph.customExtensionAuthenticationConfiguration"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "String"
+ }
+```
v1.0 Changenotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/changenotification.md
None.
| resource | string | The URI of the resource that emitted the change notification relative to `https://graph.microsoft.com`. Required. | | resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Required. | | subscriptionExpirationDateTime | DateTimeOffset | The expiration time for the subscription. Required. |
-| subscriptionId | GUID | The unique identifier of the subscription that generated the notification. |
-| tenantId | GUID | The unique identifier of the tenant from which the change notification originated. |
+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification. |
+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. |
## Relationships
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| permissionGrants| [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection| A collection of permissions granted to apps for the chat.| | operations | [teamsAsyncOperation](teamsasyncoperation.md) collection | A collection of all the Teams async operations that ran or are running on the chat. Nullable. | lastMessagePreview | [chatMessageInfo](chatmessageinfo.md)| Preview of the last message sent in the chat. Null if no messages have been sent in the chat. Currently, only the [list chats](../api/chat-list.md) operation supports this property.|
+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |
## JSON representation
v1.0 Claimsmappingpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/claimsmappingpolicy.md
Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Co
- Select which claims are included in tokens - Create claim types that do not already exist-- Choose or change the source of data emitted in specific claims
+- Choose or change the source of data emitted in specific claims
+
+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)
For more scenario and configuration details see [How to: Customize claims emitted in tokens for a specific app in a tenant](/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-properties).
The properties below form the JSON object that represents a claims-mapping polic
|:|:--|:-| |Version|Integer|Set value of 1. Required.| |IncludeBasicClaimSet|Boolean|If set to `true`, all claims in the basic claim set are emitted in tokens affected by the policy. If set to `false`, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.|
-|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
-|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. Further details are available in the [ClaimsTransformation definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
## Relationships
v1.0 Cloudpcsnapshot https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcsnapshot.md
+
+ Title: "cloudPcSnapshot resource type"
+description: "Represents a Cloud PC snapshot."
+
+ms.localizationpriority: medium
++
+# cloudPcSnapshot resource type
+
+Namespace: microsoft.graph
++
+Represents a snapshot of the device settings of a Cloud PC that can be used to restore the device system.
++
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of the [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|
+|[Get cloudPcSnapshot](../api/cloudpcsnapshot-get.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md)|Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|cloudPcId|String|The unique identifier for the Cloud PC.|
+|createdDateTime|DateTimeOffset|The date and time at which the snapshot was taken. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|id|String|The unique identifier for the snapshot of the Cloud PC device at a specific point in time. Inherited from [entity](../resources/entity.md).|
+|lastRestoredDateTime|DateTimeOffset|The date and time at which the snapshot was last used to restore the Cloud PC device. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|status|[cloudPcSnapshotStatus](#cloudpcsnapshotstatus-values)|The status of the Cloud PC snapshot. The possible values are: `ready`, `unknownFutureValue`.|
+
+### cloudPcSnapshotStatus values
+
+|Member|Description|
+|:|:|
+|ready|The snapshot is ready to restore the Cloud PC device.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.cloudPcSnapshot",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "String",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastRestoredDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
+
v1.0 Connectedorganization https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/connectedorganization.md
In [Azure AD entitlement management](entitlementmanagement-overview.md), a conne
|modifiedBy|String|UPN of the user who last modified this resource. Read-only.| |modifiedDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |state|connectedOrganizationState|The state of a connected organization defines whether assignment policies with requestor scope type `AllConfiguredConnectedOrganizationSubjects` are applicable or not. Possible values are: `configured`, `proposed`.|
+|identitySources|[identitySource](identitySource.md) collection| The identity sources in this connected organization, one of [azureActiveDirectoryTenant](azureactivedirectorytenant.md), [domainIdentitySource](domainidentitysource.md) or [externalDomainFederation](externaldomainfederation.md). Read-only. Nullable. Supports `$select` and `$filter`(`eq`). To filter by the derived types, you must declare the resource using its full OData cast, for example, `$filter=identitySources/any(is:is/microsoft.graph.azureActiveDirectoryTenant/tenantId eq 'bcfdfff4-cbc3-43f2-9000-ba7b7515054f')`.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|identitySources|[identitySource](identitySource.md) collection| The identity sources in this connected organization, one of [azureActiveDirectoryTenant](azureactivedirectorytenant.md), [domainIdentitySource](domainidentitysource.md) or [externalDomainFederation](externaldomainfederation.md). Read-only. Nullable. Supports `$select` and `$filter`(`eq`). To filter by the derived types, you must declare the resource using its full OData cast, for example, `microsoft.graph.azureActiveDirectoryTenant.`|
|internalSponsors| [directoryObject](directoryobject.md) collection| Nullable.| |externalSponsors| [directoryObject](directoryobject.md) collection| Nullable.|
v1.0 Countrynamedlocation https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/countrynamedlocation.md
Inherits from [namedLocation](../resources/namedLocation.md)
| Property | Type | Description | |:-|:|:| |countriesAndRegions|String collection|List of countries and/or regions in two-letter format specified by ISO 3166-2.|
-|countryLookupMethod|countryLookupMethodType|Determines what method is used to decide which country the user is located in. Possible values are `clientIpAddress` (default) and `authenticatorAppGps`. Note: `authenticatorAppGps` is not yet supported in the Microsoft Cloud for US Government.|
+|countryLookupMethod|countryLookupMethodType|Determines what method is used to decide which country the user is located in. Possible values are `clientIpAddress` (default) and `authenticatorAppGps`.|
|createdDateTime|DateTimeOffset|The Timestamp type represents creation date and time of the location using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. Inherited from [namedLocation](../resources/namedLocation.md).| |displayName|String|Human-readable name of the location. Required. Inherited from [namedLocation](../resources/namedLocation.md).| |id|String|Identifier of a namedLocation object. Read-only. Inherited from [namedLocation](../resources/namedLocation.md).|
v1.0 Crosstenantaccesspolicy Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/crosstenantaccesspolicy-overview.md
Inbound trust settings also enable you to trust devices that are compliant, or h
The cross-tenant access settings API can be used to set up multiple configurations for allowing or blocking access to and from your organization. The following table highlights scenarios, shows an example of the API response, and what the interpretation should be of that response. **b2bSetting** is used as a placeholder for any B2B inbound (**b2bCollaborationInbound** or **b2bDirectConnectInbound**) or outbound (**b2bCollaborationOutbound** or **b2bDirectConnectOutbound**) configuration.
+<br/>
+ <table> <tr>
-<td> Scenario </td> <td> API output </td> <td> Interpretation </td>
+<th> Scenario </th> <th> API output </th> <th> Interpretation </th>
</tr> <tr> <td> Block all users and block all applications </td>
v1.0 Customaccesspackageworkflowextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customaccesspackageworkflowextension.md
+
+ Title: "customAccessPackageWorkflowExtension resource type"
+description: "Defines the attributes of a logic app, which can be called at various stages of an access package request and assignment cycle."
+
+ms.localizationpriority: medium
++
+# customAccessPackageWorkflowExtension resource type
+
+Namespace: microsoft.graph
++
+Defines the attributes of a logic app, which can be called at various stages of an access package request and assignment cycle. You can integrate logic apps with entitlement management to broaden your governance workflows beyond the core entitlement management use cases. The following use cases can be integrated with logic apps using this workflow:
+- When an [access package is requested](accesspackageassignmentrequest.md)
+- When an [access package request is granted](accesspackageassignment.md)
+- When an [access package assignment expires](accesspackageassignment.md)
+
+Inherits and derived from [customCalloutExtension](../resources/customcalloutextension.md).
++
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties.|
+|[Create customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Get customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-get.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Update customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-update.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Update the properties of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Delete customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-delete.md)|None|Deletes a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|clientConfiguration|[customExtensionClientConfiguration](../resources/customextensionclientconfiguration.md)| HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|createdDateTime|DateTimeOffset|Represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|description|String|Description for the customAccessPackageWorkflowExtension object. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Read only.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension object. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Read only. Supports `$filter` (`contains`).|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|id|String|Identifier for the customAccessPackageWorkflowExtension object. Inherited from [entity](../resources/entity.md).|
+|lastModifiedDateTime|DateTimeOffset|Represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension",
+ "baseType": "microsoft.graph.customCalloutExtension",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customAccessPackageWorkflowExtension",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "createdDateTime": "String (timestamp)",
+ "lastModifiedDateTime": "String (timestamp)",
+ "endpointConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration"
+ }
+}
+```
v1.0 Customcalloutextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customcalloutextension.md
+
+ Title: "customCalloutExtension resource type"
+description: "An abstract type that defines the configuration for logic apps that can be integrated with the customer's entitlement management use cases to implement broader governance workflows. This abstract type is inherited by the customAccessPackageWorkflowExtension resource type"
+
+ms.localizationpriority: medium
++
+# customCalloutExtension resource type
+
+Namespace: microsoft.graph
++
+An abstract type that defines the configuration for logic apps that can be integrated with the customer's entitlement management use cases to implement broader governance workflows. This abstract type is inherited by the [customAccessPackageWorkflowExtension](customaccesspackageworkflowextension.md) resource type.
+
+Inherits from [entity](entity.md).
+
+## Methods
+
+None.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow. |
+|clientConfiguration|[customExtensionClientConfiguration](../resources/customextensionclientconfiguration.md)| HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed.|
+|description|String|Description for the customCalloutExtension object.|
+|displayName|String|Display name for the customCalloutExtension object.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|id|String|Identifier for the customCalloutExtension object. Inherited from [entity](../resources/entity.md).|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customCalloutExtension",
+ "openType": false,
+ "abstract": true
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customCalloutExtension",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "endpointConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration"
+ },
+ "clientConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionClientConfiguration"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionAuthenticationConfiguration"
+ }
+}
+```
+
v1.0 Customextensionauthenticationconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionauthenticationconfiguration.md
+
+ Title: "customExtensionAuthenticationConfiguration resource type"
+description: "Abstract base type that exposes the configuration for the **authenticationConfiguration** property of the derived types that inherit from the customCalloutExtension abstract type"
+
+ms.localizationpriority: medium
++
+# customExtensionAuthenticationConfiguration resource type
+
+Namespace: microsoft.graph
++
+Abstract base type that exposes the configuration for the **authenticationConfiguration** property of the derived types that inherit from the [customCalloutExtension](customcalloutextension.md) abstract type. This abstract type is inherited by the [azureAdTokenAuthentication](../resources/azureadtokenauthentication.md) resource type.
+
+## Properties
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionAuthenticationConfiguration",
+ "abstract": true
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionAuthenticationConfiguration "
+}
+```
v1.0 Customextensionclientconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionclientconfiguration.md
+
+ Title: "customExtensionClientConfiguration resource type"
+description: "HTTP connection settings that define how long Azure AD can wait for a a response from a logic app before it shuts down the connection. Only timeoutInMilliseconds is supported."
+
+ms.localizationpriority: medium
++
+# customExtensionClientConfiguration resource type
+
+Namespace: microsoft.graph
++
+HTTP connection settings that define how long Azure AD can wait for a a response from a logic app before it shuts down the connection. Only **timeoutInMilliseconds** is supported.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|timeoutInMilliseconds|Int32|The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between `200` and `2000` milliseconds. Default duration is `1000`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionClientConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionClientConfiguration",
+ "timeoutInMilliseconds": "Integer"
+}
+```
+
v1.0 Customextensionendpointconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionendpointconfiguration.md
+
+ Title: "customExtensionEndpointConfiguration resource type"
+description: "Abstract base type that exposes the derived types used to configure the endpointConfiguration property of a custom access package workflow extension object."
+
+ms.localizationpriority: medium
++
+# customExtensionEndpointConfiguration resource type
+
+Namespace: microsoft.graph
++
+Abstract base type that exposes the derived types used to configure the **endpointConfiguration** property of a [custom access package workflow extension](customaccesspackageworkflowextension.md) object. This abstract type is inherited by the [logicAppTriggerEndpointConfiguration](logicapptriggerendpointconfiguration.md) object.
+
+## Properties
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration",
+ "abstract": true
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionEndpointConfiguration"
+}
+```
v1.0 Customextensionhandler https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionhandler.md
+
+ Title: "customExtensionHandler resource type"
+description: "Defines when to execute a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# customExtensionHandler resource type
+
+Namespace: microsoft.graph
++
+Defines when to execute a [custom access package workflow extension](customaccesspackageworkflowextension.md).
+
+Inherits from [entity](entity.md).
+
+## Methods
+None.
+
+> [!NOTE]
+>
+> 1. To read the customExtensionHandler objects on a policy, append `?$expand=customExtensionHandlers` to a [GET accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-get.md) request. For example, `GET https://graph.microsoft.com/bet#example-2-retrieve-the-custom-extension-handlers-for-a-policy).
+>
+> 2. To delete the **customExtensionHandlers** objects from a policy, call the [Update accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-update.md) and specify the customExtensionHandlers property as an empty collection. For more details, see [Example 2: Remove the customExtensionHandlers from a policy](../api/accesspackageassignmentpolicy-update.md#example-2-remove-the-customextensionhandlers-from-a-policy).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String| Identifier of the stage. Inherited from [entity](../resources/entity.md).|
+|stage|accessPackageCustomExtensionStage|Indicates the stage of the access package assignment request workflow when the access package custom extension runs. The possible values are: `assignmentRequestCreated`, `assignmentRequestApproved`, `assignmentRequestGranted`, `assignmentRequestRemoved`, `assignmentFourteenDaysBeforeExpiration`, `assignmentOneDayBeforeExpiration`, `unknownFutureValue`. |
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|customExtension|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Indicates which custom workflow extension will be executed at this stage. Nullable. Supports `$expand`.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customExtensionHandler",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionHandler",
+ "id": "String (identifier)",
+ "stage": "String"
+}
+```
+
v1.0 Customextensionhandlerinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionhandlerinstance.md
+
+ Title: "customExtensionHandlerInstance resource type"
+description: "Used to record the status a custom workflow extension instance being run on an access package assignment request."
+
+ms.localizationpriority: medium
++
+# customExtensionHandlerInstance resource type
+
+Namespace: microsoft.graph
++
+Used to record the status of [custom workflow extension](customaccesspackageworkflowextension.md) instance being run on an [access package assignment request](accesspackageassignmentrequest.md).
+
+## Methods
+None
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|customExtensionId|String|Identifier of the [customAccessPackageWorkflowExtension](customaccesspackageworkflowextension.md) triggered at this instance.|
+|externalCorrelationId|String|The unique run ID for the logic app.|
+|stage|accessPackageCustomExtensionStage|Indicates the stage of the request workflow when the access package custom extension runs. The possible values are: `assignmentRequestCreated`, `assignmentRequestApproved`, `assignmentRequestGranted`, `assignmentRequestRemoved`, `assignmentFourteenDaysBeforeExpiration`, `assignmentOneDayBeforeExpiration`, `unknownFutureValue`.|
+|status|accessPackageCustomExtensionHandlerStatus|Status of the request to run the access package custom extension workflow that is associated with the logic app. The possible values are: `requestSent`, `requestReceived`, `unknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionHandlerInstance"
+}
+-->
+``` json
+
+{
+ "@odata.type": "#microsoft.graph.customExtensionHandlerInstance",
+ "stage": "String",
+ "customExtensionId": "String",
+ "externalCorrelationId": "String",
+ "status": "String"
+}
+```
+
v1.0 Device https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/device.md
This resource lets you add your own data to custom properties using [extensions]
|[List devices](../api/device-list.md) | [device](device.md) collection| Retrieve a list of devices registered in the directory. | |[Update device](../api/device-update.md) | [device](device.md) |Update the properties of the device object. | |[Delete device](../api/device-delete.md) | None |Delete the device object. |
-|[List memberOf](../api/device-list-memberof.md) |[directoryObject](directoryobject.md) collection| List the groups that the device is a direct member of. |
-|[List transitive memberOf](../api/device-list-transitivememberof.md) |[directoryObject](directoryobject.md) collection| List the groups that the device is a member of. This operation is transitive. |
+|[List memberOf](../api/device-list-memberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a direct member of. |
+|[List transitive memberOf](../api/device-list-transitivememberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a member of. This operation is transitive. |
|[List registeredOwners](../api/device-list-registeredowners.md) |[directoryObject](directoryobject.md) collection| Get the users that are registered owners of the device from the registeredOwners navigation property.| |[List registeredUsers](../api/device-list-registeredusers.md) |[directoryObject](directoryobject.md) collection| Get the registered users of the device from the registeredUsers navigation property.| |[List usageRights](../api/device-list-usagerights.md) | [usageRight](usageright.md) collection | Get a collection of usage rights granted to the device.|
This resource lets you add your own data to custom properties using [extensions]
|:|:--|:-| |commands | [command](command.md) collection | Set of commands sent to this device.| |extensions|[extension](extension.md) collection|The collection of open extensions defined for the device. Read-only. Nullable. |
-|memberOf|[directoryObject](directoryobject.md) collection|Groups that this device is a member of. Read-only. Nullable. Supports `$expand`. |
+|memberOf|[directoryObject](directoryobject.md) collection|Groups and administrative units that this device is a member of. Read-only. Nullable. Supports `$expand`. |
|registeredOwners|[directoryObject](directoryobject.md) collection| The user that cloud joined the device or registered their personal device. The registered owner is set at the time of registration. Currently, there can be only one owner. Read-only. Nullable. Supports `$expand`. | |registeredUsers|[directoryObject](directoryobject.md) collection| Collection of registered users of the device. For cloud joined devices and registered personal devices, registered users are set to the same value as registered owners at the time of registration. Read-only. Nullable. Supports `$expand`. |
-|transitiveMemberOf |[directoryObject](directoryobject.md) collection| Groups that this device is a member of. This operation is transitive. Supports `$expand`. |
+|transitiveMemberOf |[directoryObject](directoryobject.md) collection| Groups and administrative units that this device is a member of. This operation is transitive. Supports `$expand`. |
|usageRights|[usageRight](usageright.md) collection|Represents the usage rights a device has been granted. | ## JSON representation
v1.0 Directoryaudit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/directoryaudit.md
Represents the directory audit items and its collection.
| activityDisplayName | String | Indicates the activity name or the operation name (E.g. "Create User", "Add member to group"). For a list of activities logged, refer to [Azure Ad activity list](/azure/active-directory/active-directory-reporting-activity-audit-logs#azure-ad-audit-activity-list). | | additionalDetails | [keyValue](keyvalue.md) collection | Indicates additional details on the activity. | | category | String | Indicates which resource category that's targeted by the activity. (For example: User Management, Group Management etc..) |
-| correlationId | GUID | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
| id | String | Indicates the unique ID for the activity. | | initiatedBy | [auditActivityInitiator](auditactivityinitiator.md) | Indicates information about the user or app initiated the activity. | | loggedByService | String | Indicates information on which service initiated the activity (For example: Self-service Password Management, Core Directory, B2C, Invited Users, Microsoft Identity Manager, Privileged Identity Management. |
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
+### accessPackageCustomExtensionHandlerStatus values
+
+|Member|
+|:|
+|requestSent|
+|requestReceived|
+|unknownFutureValue|
+
+### accessPackageCustomExtensionStage values
+
+|Member|
+|:|
+|assignmentRequestCreated|
+|assignmentRequestApproved|
+|assignmentRequestGranted|
+|assignmentRequestRemoved|
+|assignmentFourteenDaysBeforeExpiration|
+|assignmentOneDayBeforeExpiration|
+|unknownFutureValue|
+
+### accessReviewHistoryStatus values
+
+| Member|
+|:--|
+|done|
+|inprogress|
+|error|
+|requested|
+|unknownFutureValue|
+
+### accessReviewHistoryDecisionFilter values
+
+| Member|
+|:--|
+|approve|
+|deny|
+|notReviewed|
+|dontKnow|
+|notNotified|
+|unknownFutureValue|
++ ### accessReviewHistoryStatus values |Member|
Namespace: microsoft.graph
### searchAlterationType values
-| Member | Description |
-|:|:-|
-|suggestion|Get search results for original user query and the suggested spelling correction information for typos in the query.|
-|modification|Get search results for corrected alterate query and the spelling correction information for typos.|
+| Member |
+|:|
+|modification|
+|suggestion|
### bucketAggregationSortProperty values
v1.0 Grouplifecyclepolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/grouplifecyclepolicy.md
Here is a JSON representation of the resource.
{ "alternateNotificationEmails": "String", "groupLifetimeInDays": 180,
- "id": "Guid (identifier)",
+ "id": "String (identifier)",
"managedGroupTypes": "String" } ```
v1.0 List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/list.md
description: "The list resource represents a list in a site." Previously updated : 09/11/2017 Title: List
+ Title: List resource
ms.localizationpriority: medium ms.prod: "sharepoint" doc_type: resourcePageType + # List resource Namespace: microsoft.graph
All examples below are relative to a site, for example, `https://graph.microsoft
[List columns]: ../api/list-list-columns.md [Create column]: ../api/list-post-columns.md
-## JSON representation
-
-Here is a JSON representation of a **list** resource.
-
-<!-- { "blockType": "resource",
- "@odata.type": "microsoft.graph.list",
- "keyProperty": "id",
- "optionalProperties": [ "items", "drive"] } -->
-
-```json
-{
- "activities": [{"@odata.type": "microsoft.graph.itemActivity"}],
- "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
- "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
- "displayName": "title of list",
- "drive": { "@odata.type": "microsoft.graph.drive" },
- "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
- "list": {
- "@odata.type": "microsoft.graph.listInfo",
- "hidden": false,
- "template": "documentLibrary | genericList | survey | links | announcements | contacts ..."
- },
- "system": false,
- "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
-
- /* inherited from baseItem */
- "id": "string",
- "name": "name of list",
- "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
- "createdDateTime": "timestamp",
- "description": "description of list",
- "eTag": "string",
- "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
- "lastModifiedDateTime": "timestamp",
- "webUrl": "url to visit the list in a browser"
-}
-```
- ## Properties The **list** resource has the following properties.
The **list** resource has the following relationships to other resources.
[systemFacet]: systemfacet.md [subscription]: subscription.md
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- { "blockType": "resource",
+ "@odata.type": "microsoft.graph.list",
+ "keyProperty": "id",
+ "optionalProperties": [ "items", "drive"] } -->
+
+```json
+{
+ "activities": [{"@odata.type": "microsoft.graph.itemActivity"}],
+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
+ "displayName": "title of list",
+ "drive": { "@odata.type": "microsoft.graph.drive" },
+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
+ "list": {
+ "@odata.type": "microsoft.graph.listInfo",
+ "hidden": false,
+ "template": "documentLibrary | genericList | survey | links | announcements | contacts ..."
+ },
+ "system": false,
+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
+
+ /* inherited from baseItem */
+ "id": "string",
+ "name": "name of list",
+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "createdDateTime": "timestamp",
+ "description": "description of list",
+ "eTag": "string",
+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "lastModifiedDateTime": "timestamp",
+ "webUrl": "url to visit the list in a browser"
+}
+```
+ <!-- { "type": "#page.annotation",
v1.0 Logicapptriggerendpointconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/logicapptriggerendpointconfiguration.md
+
+ Title: "logicAppTriggerEndpointConfiguration resource type"
+description: "The configuration details for the logic app's endpoint that is associated with a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# logicAppTriggerEndpointConfiguration resource type
+
+Namespace: microsoft.graph
++
+The configuration details for the logic app's endpoint that is associated with a custom access package workflow extension. Derived from the [customExtensionEndpointConfiguration](customextensionendpointconfiguration.md) abstract type.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|logicAppWorkflowName|String|The name of the logic app.|
+|resourceGroupName|String|The Azure resource group name for the logic app.|
+|subscriptionId|String|Identifier of the Azure subscription for the logic app.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "baseType": "microsoft.graph.customExtensionEndpointConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "String",
+ "resourceGroupName": "String",
+ "logicAppWorkflowName": "String"
+}
+```
v1.0 Onpremisesextensionattributes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/onpremisesextensionattributes.md
Namespace: microsoft.graph
The return type of the **onPremisesExtensionAttributes** property of the [user](user.md) object and **extensionAttributes** property of the [device](device.md) object. Returns fifteen custom extension attribute properties.
-On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
+On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false` or `null`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
The **extensionAttributes** property of the [device](device.md) entity is managed only in Azure AD during device [creation](../api/device-post-devices.md) or [update](../api/device-update.md).
v1.0 Permissionscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/permissionscope.md
Here is a JSON representation of the resource
```json {
- "id": "guid",
- "adminConsentDisplayName": "string",
- "adminConsentDescription": "string",
- "userConsentDisplayName": "string",
- "userConsentDescription": "string",
- "value": "string",
- "type": "string",
+ "id": "Guid",
+ "adminConsentDisplayName": "String",
+ "adminConsentDescription": "String",
+ "userConsentDisplayName": "String",
+ "userConsentDescription": "String",
+ "value": "String",
+ "type": "String",
"isEnabled": true } ```
v1.0 Presence https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/presence.md
This resource supports subscribing to [change notifications](/graph/webhooks).
## Properties
-| Relationship | Type | Description |
+| Property | Type | Description |
| : | :-- | : | | id | string | The user object id | | availability | string collection | The base presence information for a user. Possible values are `Available`, `AvailableIdle`, `Away`, `BeRightBack`, `Busy`, `BusyIdle`, `DoNotDisturb`, `Offline`, `PresenceUnknown` |
v1.0 Rbacapplication https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/rbacapplication.md
Role management container for unified role definitions and role assignments for
|:-|:|:| | [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Create a new unifiedRoleAssignment by posting to the roleAssignments collection. | | [List roleAssignments](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get a unifiedRoleAssignment object collection. Only specific instances can be queried, by filtering on roleDefitionId or principalId. |
+| [List transitiveRoleAssignments](../api/rbacapplication-list-transitiveroleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
| [Create unifiedRoleDefinition](../api/rbacapplication-post-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) | Create a new unifiedRoleDefinition by posting to the roleDefinitions collection. | | [List roleDefinitions](../api/rbacapplication-list-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) collection | Get a unifiedRoleDefinition object collection. | | [roleSchedules](../api/rbacapplication-roleschedules.md) | [unifiedRoleScheduleBase](unifiedroleschedulebase.md) collection | Function to retrieve a collection of unifiedRoleScheduleBase objects. |
None
## Relationships |Relationship|Type|Description| |:|:|:|
+|resourceNamespaces|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Resource that represents a collection of related actions.|
|roleAssignments|[unifiedRoleAssignment](../resources/unifiedroleassignment.md) collection| Resource to grant access to users or groups. | |roleDefinitions|[unifiedRoleDefinition](../resources/unifiedroledefinition.md) collection| Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. | |roleAssignmentApprovals|[approval](../resources/approval.md) collection| Decisions associated with a role assignment approval.|
None
|roleEligibilityScheduleInstances|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedRoleEligibilityScheduleInstance.md) collection| Instances of eligible role assignments through Azure AD Privileged Identity Management. | |roleEligibilityScheduleRequests|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) collection| Requests for eligible role assignments through Azure AD Privileged Identity Management. | |roleEligibilitySchedules|[unifiedRoleEligibilitySchedule](../resources/unifiedRoleEligibilitySchedule.md) collection| Schedule for eligible role assignments through Azure AD Privileged Identity Management. |-
+|transitiveRoleAssignments|[unifiedRoleAssignment](../resources/unifiedroleassignment.md) collection| Resource to grant access to users or groups that are transitive. |
## JSON representation
v1.0 Rbacapplicationmultiple https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/rbacapplicationmultiple.md
None
|Relationship|Type|Description| |:|:|:|
+|resourceNamespaces|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Resource that represents a collection of related actions.|
|roleAssignments|[unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) collection| Resource to grant access to users or groups. | |roleDefinitions|[unifiedRoleDefinition](../resources/unifiedroledefinition.md) collection| Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. |
v1.0 Resourceaccess https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/resourceaccess.md
Namespace: microsoft.graph
Object used to specify an OAuth 2.0 permission scope or an app role that an application requires, through the **resourceAccess** property of the [requiredResourceAccess](requiredresourceaccess.md) resource type. ## Properties+ | Property | Type |Description| |:|:--|:-|
-|id|GUID|The unique identifier for one of the [oauth2PermissionScopes](permissionscope.md) or [appRole](approle.md) instances that the resource application exposes.|
-|type|String|Specifies whether the **id** property references an [oauth2PermissionScopes](permissionscope.md) or an [appRole](approle.md). The possible values are: `Scope` (for OAuth 2.0 permission scopes) or `Role` (for app roles).|
+|id|Guid|The unique identifier of an [app role](approle.md) or [delegated permission](permissionScope.md) exposed by the resource application. For delegated permissions, this should match the **id** property of one of the [delegated permissions](permissionscope.md) in the **oauth2PermissionScopes** collection of the resource application's [service principal](serviceprincipal.md). For app roles (application permissions), this should match the **id** property of an [app role](approle.md) in the **appRoles** collection of the resource application's [service principal](serviceprincipal.md).|
+|type|String|Specifies whether the **id** property references a [delegated permission](permissionscope.md) or an [app role](approle.md) (application permission). The possible values are: `Scope` (for delegated permissions) or `Role` (for app roles).|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "GUID",
+ "id": "Guid",
"type": "String" }
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/riskdetection.md
For more information about risk events, see [Azure Active Directory Identity Pro
|id|string|Unique ID of the risk detection. | |requestId|string|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.| |correlationId|string|Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in. |
-|riskEventType|string|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. |
+|riskEventType|string|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. <br/> For more information about each value, see [riskEventType values](#riskeventtype-values).|
|riskState|riskState|The state of a detected risky user or sign-in. The possible values are `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, and `unknownFutureValue`. | |riskLevel|riskLevel|Level of the detected risk. The possible values are `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`.| |riskDetail|riskDetail|Details of the detected risk. The possible values are `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`.|
For more information about risk events, see [Azure Active Directory Identity Pro
|additionalInfo|string|Additional information associated with the risk detection in JSON format. | |riskType (deprecated)|riskEventType|List of risk event types.<br />**Note:** This property is deprecated. Use **riskEventType** instead. |
+### riskEventType values
+
+| Member | Description |
+|--|--|
+| unlikelyTravel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |
+| anonymizedIPAddress | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |
+| maliciousIPAddress | Indicates sign-ins from IP addresses known to be malicious. Deprecated and no longer generated for new detections. |
+| unfamiliarFeatures | Indicates sign-ins with characteristics that deviate from past sign-in properties. |
+| malwareInfectedIPAddress | Indicates sign-ins from IP addresses infected with malware |
+| suspiciousIPAddress | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |
+| leakedCredentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |
+| investigationsThreatIntelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |
+| generic | Indicates that the user was not enabled for Identity Protection. |
+| adminConfirmedUserCompromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyusers-confirmcompromised.md). |
+| mcasImpossibleTravel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |
+| mcasSuspiciousInboxManipulationRules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|
+| investigationsThreatIntelligenceSigninLinked | Identifies activity that is unusual with known attack patterns based on threat intelligence |
+| maliciousIPAddressValidCredentialsBlockedIP | Indicates that sign-in was made with valid credentials from a malicious IP address. |
+| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |
++ ## JSON representation The following is a JSON representation of the resource.
v1.0 Schemaextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/schemaextension.md
See the [schema extension example](/graph/extensibility-schema-groups) to learn
| Property | Type |Description| |:|:--|:-| |description|String|Description for the schema extension. Supports `$filter` (`eq`).|
-|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). |
+|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). <br/><br> **Note:** We recommend that your **id** starts with an alphabetic letter between A-Z because query capabilities might be limited for IDs that begin with integers. |
|owner|String| The `appId` of the application that is the owner of the schema extension. This property can be supplied on creation, to set the owner. If not supplied, then the calling application's `appId` will be set as the owner. In either case, the signed-in user must be the owner of the application. So, for example, if creating a new schema extension definition using Graph Explorer, you **must** supply the owner property. Once set, this property is read-only and cannot be changed. Supports `$filter` (`eq`).| |properties|[extensionSchemaProperty](extensionschemaproperty.md) collection|The collection of property names and types that make up the schema extension definition.| |status|String|The lifecycle state of the schema extension. Possible states are **InDevelopment**, **Available**, and **Deprecated**. Automatically set to **InDevelopment** on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|
v1.0 Search Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-api-overview.md
Search requests run in the context of the signed-in user, identified using an [a
## Common use cases
-The Microsoft Search API provides a [query](../api/search-query.md) method to search across your data in Microsoft Search, where you pass a [searchRequest](searchRequest.md) in the request body, defining the specifics of your search.
+The Microsoft Search API provides a [query](../api/search-query.md) method to search across your data in Microsoft Search, where you pass a [searchRequest](searchrequest.md) in the request body, defining the specifics of your search.
-This section lists the common use cases of the **query** method, based on the properties and parameters you set in the **query** [searchRequest](searchRequest.md) body.
+This section lists the common use cases of the **query** method, based on the properties and parameters you set in the **query** [searchRequest](searchrequest.md) body.
Search requests run on behalf of the user. Search results are scoped to enforce any access control applied to the items. For example, in the context of files, permissions on the files are evaluated as part of the search request. Users cannot access more items in a search than they can otherwise obtain from a corresponding GET operation with the same permissions and access control.
See [refine search results](/graph/search-concept-aggregation) for examples that
## Request spelling correction
-Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchresponse](searchresponse.md).
+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).
In the [searchRequest](./searchrequest.md), specify the **queryAlterationOptions** that should be applied to the query for spelling corrections. For details about the **queryAlterationOptions** property, see [searchAlterationOptions](./searchalterationoptions.md).
For examples that show how to use spelling corrections, see [Request spelling co
The search API allows you to render search results from [connectors](/microsoftsearch/connectors-overview), by using the display layout or result template configured by the IT admin for each connector. The result templates are [Adaptive Cards](https://adaptivecards.io/), which are a semantically meaningful combination of layout and data.
-To get the result template in the [searchresponse](searchresponse.md), you have to set **true** the **enableResultTemplate** property, defined in the [resultTemplateOptions](./resulttemplateoption.md), in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [search hit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is included in the response.
+To get the result template in the [searchResponse](searchresponse.md), you have to set **true** the **enableResultTemplate** property, defined in the [resultTemplateOptions](./resulttemplateoption.md), in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [search hit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is included in the response.
See [Use search display layout](/graph/search-concept-display-layout) for examples.
v1.0 Searchalterationoptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/searchalterationoptions.md
Provides the search alteration options for spelling correction.
| Property | Type | Description | |:-|:|:|
-|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, user will get the search results for original search query and suggesting spelling correction in **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true) for typos in query. Optional.|
|enableModification|Boolean|Indicates whether spelling modifications are enabled. If enabled, user will get the search results for corrected query **when there are no results** for the original query with typos and get the spelling modification information in **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true). Optional.|
+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true) for the typos in the query. Optional.|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "enableSuggestion": true,
- "enableModification": true
+ "enableModification": "Boolean",
+ "enableSuggestion": "Boolean"
} ```
v1.0 Serviceannouncement https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceannouncement.md
A top-level container for service communications resources.
None. ## Relationships
-|Property|Type|Description|
+|Relationship|Type|Description|
|-|-|-| |messages|Collection([serviceUpdateMessage](serviceupdatemessage.md))|A collection of service messages for tenant. This property is a contained navigation property, it is nullable and readonly.| |healthOverviews|Collection([serviceHealth](servicehealth.md))|A collection of service health information for tenant. This property is a contained navigation property, it is nullable and readonly.|
v1.0 Serviceplaninfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceplaninfo.md
Here is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "provisioningStatus": "string",
- "servicePlanId": "guid",
- "servicePlanName": "string"
+ "appliesTo": "String",
+ "provisioningStatus": "String",
+ "servicePlanId": "Guid",
+ "servicePlanName": "String"
} ```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|appDisplayName|String|The display name exposed by the associated application.| |appId|String|The unique identifier for the associated application (its **appId** property). Supports `$filter` (`eq`, `ne`, `not`, `in`, `startsWith`).| |applicationTemplateId|String|Unique identifier of the applicationTemplate that the servicePrincipal was created from. Read-only. Supports `$filter` (`eq`, `ne`, `NOT`, `startsWith`).|
-|appOwnerOrganizationId|String|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications.Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications.Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
|appRoleAssignmentRequired|Boolean|Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is `false`. Not nullable. <br><br>Supports `$filter` (`eq`, `ne`, `NOT`). | |appRoles|[appRole](approle.md) collection|The roles exposed by the application which this service principal represents. For more information see the **appRoles** property definition on the [application](application.md) entity. Not nullable. | |customSecurityAttributes|[customSecurityAttributeValue](../resources/customsecurityattributevalue.md)|An open complex type that holds the value of a custom security attribute that is assigned to a directory object. Nullable. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `startsWith`).|
This resource supports using [delta query](/graph/delta-query-overview) to track
{ "accountEnabled": true, "addIns": [{"@odata.type": "microsoft.graph.addIn"}],
- "alternativeNames": "string",
- "appDisplayName": "string",
- "appId": "string",
- "appOwnerOrganizationId": "guid",
- "applicationTemplateId": "string",
+ "alternativeNames": "String",
+ "appDisplayName": "String",
+ "appId": "String",
+ "appOwnerOrganizationId": "Guid",
+ "applicationTemplateId": "String",
"appRoleAssignmentRequired": true, "appRoles": [{"@odata.type": "microsoft.graph.appRole"}], "customSecurityAttributes": { "@odata.type": "microsoft.graph.customSecurityAttributeValue" },
- "disabledByMicrosoftStatus": "string",
- "displayName": "string",
- "errorUrl": "string",
- "homepage": "string",
- "id": "string (identifier)",
+ "disabledByMicrosoftStatus": "String",
+ "displayName": "String",
+ "errorUrl": "String",
+ "homepage": "String",
+ "id": "String (identifier)",
"info": {"@odata.type": "microsoft.graph.informationalUrl"}, "keyCredentials": [{"@odata.type": "microsoft.graph.keyCredential"}],
- "loginUrl": "string",
- "logoutUrl": "string",
+ "loginUrl": "String",
+ "logoutUrl": "String",
"notes": "String",
- "notificationEmailAddresses": ["string"],
+ "notificationEmailAddresses": ["String"],
"publishedPermissionScopes": [{"@odata.type": "microsoft.graph.permissionScope"}], "passwordCredentials": [{"@odata.type": "microsoft.graph.passwordCredential"}], "passwordSingleSignOnSettings": {"@odata.type": "microsoft.graph.passwordSingleSignOnSettings"},
- "preferredSingleSignOnMode": "string",
+ "preferredSingleSignOnMode": "String",
"preferredTokenSigningKeyEndDateTime": "DateTime",
- "preferredTokenSigningKeyThumbprint": "string",
- "replyUrls": ["string"],
- "samlMetadataUrl": "string",
+ "preferredTokenSigningKeyThumbprint": "String",
+ "replyUrls": ["String"],
+ "samlMetadataUrl": "String",
"samlSingleSignOnSettings": "microsoft.DirectoryServices.SamlSingleSignOnSettings",
- "servicePrincipalNames": ["string"],
- "servicePrincipalType": "string",
+ "servicePrincipalNames": ["String"],
+ "servicePrincipalType": "String",
"signInAudience": "String",
- "tags": ["string"],
+ "tags": ["String"],
"tokenEncryptionKeyId": "String", "useCustomTokenSigningKey": false, "verifiedPublisher": {"@odata.type": "microsoft.graph.verifiedPublisher"}
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/subscribedsku.md
The following is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "capabilityStatus": "string",
+ "appliesTo": "String",
+ "capabilityStatus": "String",
"consumedUnits": 1024,
- "id": "string (identifier)",
+ "id": "String (identifier)",
"prepaidUnits": {"@odata.type": "microsoft.graph.licenseUnitsDetail"}, "servicePlans": [{"@odata.type": "microsoft.graph.servicePlanInfo"}],
- "skuId": "guid",
- "skuPartNumber": "string"
+ "skuId": "Guid",
+ "skuPartNumber": "String"
} ```
v1.0 Unifiedrbacresourceaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrbacresourceaction.md
+
+ Title: "unifiedRbacResourceAction resource type"
+description: "Represents an operation that an authorized principal is allowed to perform."
+
+ms.localizationpriority: medium
++
+# unifiedRbacResourceAction resource type
+
+Namespace: microsoft.graph
++
+Represents an operation that an authorized principal is allowed to perform.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRbacResourceActions](../api/unifiedrbacresourcenamespace-list-resourceactions.md)|[unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) collection|Get a list of the [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects and their properties.|
+|[Get unifiedRbacResourceAction](../api/unifiedrbacresourceaction-get.md)|[unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md)|Read the properties and relationships of an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|actionVerb|String|HTTP method for the action, such as `DELETE`, `GET`, `PATCH`, `POST`, `PUT`, or `null`. Supports `$filter` (`eq`) but not for `null` values. |
+|description|String|Description for the action. Supports `$filter` (`eq`). |
+|id|String|Unique identifier for an action within the resource namespace, such as `microsoft.insights-programs-update-patch`. Cannot include slash character (`/`). Case insensitive. Required. Supports `$filter` (`eq`). |
+|name|String|Name for the action within the resource namespace, such as `microsoft.insights/programs/update`. Can include slash character (`/`). Case insensitive. Required. Supports `$filter` (`eq`). |
+|resourceScopeId|String|Not implemented.|
+
+## Relationships
+
+None.
+
+<!-- The resourceScope relationship hasn't been implemented but is in the public schema. To unhide this and its related entities and methods once it's implemented.
+|Relationship|Type|Description|
+|:|:|:|
+|resourceScope| [unifiedRbacResourceScope](unifiedrbacresourcescope.md) |Not implemented.|
+-->
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRbacResourceAction",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRbacResourceAction",
+ "id": "String (identifier)",
+ "actionVerb": "String",
+ "description": "String",
+ "name": "String",
+ "resourceScopeId": "String"
+}
+```
v1.0 Unifiedrbacresourcenamespace https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrbacresourcenamespace.md
+
+ Title: "unifiedRbacResourceNamespace resource type"
+description: "Represents the namespace of the area to which the role permission belongs to."
+
+ms.localizationpriority: medium
++
+# unifiedRbacResourceNamespace resource type
+
+Namespace: microsoft.graph
++
+Represents the namespace of the area or service such as Azure AD, Intune, and Exchange that defines role permissions.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRbacResourceNamespaces](../api/rbacapplicationmultiple-list-resourcenamespaces.md)|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Get a list of the [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects and their properties.|
+|[Get unifiedRbacResourceNamespace](../api/unifiedrbacresourcenamespace-get.md)|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md)|Read the properties and relationships of an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier of the resource namespace that defines permissions, such as `microsoft.aad.b2c`. Required.|
+|name|String|Name of the resource namespace. Typically, the same name as the **id** property, such as `microsoft.aad.b2c`. Required. Supports `$filter` (`eq`, `startsWith`).|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|resourceActions|[unifiedRbacResourceAction](unifiedrbacresourceaction.md) collection|Operations that an authorized principal are allowed to perform.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRbacResourceNamespace",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRbacResourceNamespace",
+ "id": "String (identifier)",
+ "name": "String"
+}
+```
v1.0 Unifiedroleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleassignment.md
Providing either a directoryScopeId or an appScopeId is required.
| Method | Return Type | Description | |:-|:|:| | [List unifiedRoleAssignment](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read a list of unifiedRoleAssignment objects and their properties. |
+| [List transitiveRoleAssignments](../api/rbacapplication-list-transitiveroleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
| [Get unifiedRoleAssignment](../api/unifiedroleassignment-get.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read properties and relationships of unifiedRoleAssignment object. | | [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Create a new unifiedRoleAssignment by posting to the roleAssignment collection. | | [Delete unifiedRoleAssignment](../api/unifiedroleassignment-delete.md) | None | Delete unifiedRoleAssignment object. |
v1.0 Virtualendpoint https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/virtualendpoint.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents a container for APIs to manage Cloud PC.
+Represents a container for APIs to manage Cloud PCs.
-Use the Cloud PC API to provision and manage virtual desktops for employees in an organization. Use it in conjunction with the [Intune API](../resources/intune-graph-overview.md) to manage physical and virtual endpoints.
+Use the Cloud PC API to provision and manage virtual desktops for employees in an organization, or along with the [Intune API](../resources/intune-graph-overview.md) to manage physical and virtual endpoints.
## Methods
Use the Cloud PC API to provision and manage virtual desktops for employees in a
|[List auditEvents](../api/virtualendpoint-list-auditevents.md)|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|List properties and relationships of the [cloudPcAuditEvent](../resources/cloudpcauditevent.md) objects.| |[List supportedRegions](../api/virtualendpoint-list-supportedregions.md)|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|List properties and relationships of the [cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) objects.| |[List servicePlans](../api/virtualendpoint-list-serviceplans.md)|[cloudPcServicePlan](../resources/cloudpcserviceplan.md) collection|List properties and relationships of the [cloudPcServicePlan](../resources/cloudpcserviceplan.md) objects.|
+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|
## Properties |Property|Type|Description| |:|:|:|
-|id|String|The unique identifier for the virtual endpoint id. Read-only.|
+|id|String|The unique identifier for the virtual endpoint. Read-only.|
## Relationships |Relationship|Type|Description| |:|:|:|
+|auditEvents|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|Cloud PC audit event.|
|cloudPCs|[cloudPC](../resources/cloudpc.md) collection|Cloud managed virtual desktops.| |deviceImages|[cloudPcDeviceImage](../resources/cloudpcdeviceimage.md) collection|The image resource on Cloud PC.| |galleryImages|[cloudPcGalleryImage](../resources/cloudpcgalleryimage.md) collection|The gallery image resource on Cloud PC.| |onPremisesConnections|[cloudPcOnPremisesConnection](../resources/cloudpconpremisesconnection.md) collection|A defined collection of Azure resource information that can be used to establish on-premises network connectivity for Cloud PCs.|
+|organizationSettings|[cloudPcOrganizationSettings](../resources/cloudpcorganizationsettings.md) |The Cloud PC organization settings for a tenant. |
|provisioningPolicies|[cloudPcProvisioningPolicy](../resources/cloudpcprovisioningpolicy.md) collection|Cloud PC provisioning policy.|
-|userSettings|[cloudPcUserSetting](../resources/cloudpcusersetting.md) collection|Cloud PC user settings. |
-|auditEvents|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|Cloud PC audit event.|
-|supportedRegions|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|Cloud PC supported regions.|
|servicePlans|[cloudPcServicePlan](../resources/cloudpcserviceplan.md) collection|Cloud PC service plans.|
-|organizationSettings|[cloudPcOrganizationSettings](../resources/cloudpcorganizationsettings.md) |The Cloud PC organization settings for a tenant. |
-
+|snapshots|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Cloud PC snapshots.|
+|supportedRegions|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|Cloud PC supported regions.|
+|userSettings|[cloudPcUserSetting](../resources/cloudpcusersetting.md) collection|Cloud PC user settings. |
## JSON representation The following is a JSON representation of the resource.
v1.0 Webhooks https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/webhooks.md
Using the Microsoft Graph API, an app can subscribe to changes on the following
| [group][] | Changes to all groups:<br>`/groups` <br>Changes to a specific group:<br>`/groups/{id}`<br>Changes to owners of a specific group:<br>`/groups/{id}/owners`<br>Changes to members of a specific group:<br>`/groups/{id}/members` | No | | [list][] under a SharePoint [site][] | `/sites/{id}/lists/{id}` | No | | Microsoft 365 group [conversation][] | Changes to a group's conversations:<br>`groups/{id}/conversations` | No |
-| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | No |
-| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | No |
-| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | No |
+| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | Yes |
+| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | Yes |
+| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | Yes |
| Security [alert][] | Changes to a specific alert:<br>`/security/alerts/{id}` <br>Changes to filtered alerts:<br> `/security/alerts/?$filter`| No | | Teams [callRecord][] | Changes to _all_ call records: `/communications/callRecords` | No | | Teams [channel][] | Changes to channels in all teams:<br>`/teams/getAllChannels` <br>Changes to channel in a specific team:<br>`/teams/{id}/channels` | Yes |
v1.0 Windowshelloforbusinessauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/windowshelloforbusinessauthenticationmethod.md
Inherits from [authenticationMethod](../resources/authenticationmethod.md).
## Relationships |Relationship|Type|Description| |:|:|:|
-|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides.|
+|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides. Supports `$expand`. <br/><br/>When you get a user's Windows Hello for Business registration information, this property is returned only on a single GET and when you specify `?$expand`. For example, GET `/users/admin@contoso.com/authentication/windowsHelloForBusinessMethods/_jpuR-TGZtk6aQCLF3BQjA2?$expand=device`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 X509certificateauthenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/x509certificateauthenticationmethodconfiguration.md
Inherits from [authenticationMethodConfiguration](../resources/authenticationmet
|:|:|:| |[Get x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-get.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object.| |[Update x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-update.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Update the properties of a x509CertificateAuthenticationMethodConfiguration object.|
-|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Restore the x509CertificateAuthenticationMethodConfiguration object to its default configuration.|
+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration.|
## Properties
v1.0 Accesspackageassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accesspackageassignmentrequest-get.md
Content-Type: application/json
"state": "delivered", "status": "Delivered", "createdDateTime": "2019-10-25T22:55:11.623Z",
- "completedDate": "2019-10-26T22:55:11.623Z",
+ "completedDateTime": "2019-10-26T22:55:11.623Z",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Accessreviewhistorydefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistorydefinition-get.md
+
+ Title: "Get accessReviewHistoryDefinition"
+description: "Retrieve an accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# Get accessReviewHistoryDefinition
+
+Namespace: microsoft.graph
+
+Retrieve an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object by its identifier. All the properties of the access review history definition object are returned. If the definition is 30 days or older, a `404 Not Found` error is returned.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+The signed-in user must also be the creator of the associated review history definition, a Global Administrator directory role member, or a Global Reader directory role member to retrieve the definition.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions/{definition-id}
+```
+## Optional query parameters
+
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. Including `?$expand=instances` will include in the response object the instances associated with the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewhistorydefinition"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/b2cb022f-b7e1-40f3-9854-c65a40861c38
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "displayName": "Last quarter's group reviews April 2021",
+ "reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2021-04-05T00:00:00Z",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "done",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistorydefinition-list-instances.md
+
+ Title: "List instances (of an accessReviewHistoryDefinition)"
+description: "Retrieve the instances of an access review history definition."
+
+ms.localizationpriority: medium
++
+# List instances (of an accessReviewHistoryDefinition)
+
+Namespace: microsoft.graph
+
+Retrieve the [instances](../resources/accessreviewhistoryinstance.md) of an [access review history definition](../resources/accessreviewhistorydefinition.md) created in the last 30 days.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+If the signed-in user is not a global administrator or a global reader, only the definitions that the signed-in user created will be returned.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewHistoryInstance](../resources/accessreviewhistoryinstance.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewhistoryinstance"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/90e28cb7-4b9a-48f7-ba4e-a2756fda01b2/instances
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewHistoryInstance)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#accessReviewInstances",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "61a617dd-238f-4037-8fa5-d800e515f5bc",
+ "status": "done",
+ "reviewHistoryPeriodStartDate": "2021-02-01T00:00:00Z",
+ "reviewHistoryPeriodEndDate": "2021-03-01T00:00:00Z",
+ "fulfilledDateTime": "2021-03-01T01:38:15.7998393Z",
+ "downloadUri": "https://dfermconsolreportusc.blob.core.windows.net/df-erm-reports/Last quarter's reviews - via graph 2-22be232e-a93d-42a3-8ac5-313cfd29a0eb.csv?sv=2015-04-05&ss=b&srt=o&sp=rl&st=2021-03-01T19:39:38.0000000Z&se=2021-03-02T19:41:38.0000000Z&spr=https&sig=84rlGCIgU4ToMn%2FFLncBXq95O8a8RsFlwQY1Knl%2Fo%2FI%3D"
+ }
+ ]
+}
+```
v1.0 Accessreviewhistoryinstance Generatedownloaduri https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistoryinstance-generatedownloaduri.md
+
+ Title: "accessReviewHistoryInstance: generateDownloadUri"
+description: "Generate a URI that can be used to retrieve review history data."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryInstance: generateDownloadUri
+
+Namespace: microsoft.graph
+
+Generates a URI for an [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object the **status** for which is `done`. Each URI can be used to retrieve the instance's review history data. Each URI is valid for 24 hours and can be retrieved by fetching the **downloadUri** property from the [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+To generate the link, the signed-in user must be either the creator of the associated review history definition, or assigned the *Global Administrator* or *Global Reader* [directory roles](/azure/active-directory/roles/permissions-reference).
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and an [accessReviewHistoryInstances](../resources/accessReviewHistoryInstance.md) in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewhistoryinstance_generatedownloaduri"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/b2cb022f-b7e1-40f3-9854-c65a40861c38/instances/b2cb022f-b7e1-40f3-9854-c65a40861c38/generateDownloadUri
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryInstance"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryInstance",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "reviewHistoryPeriodStartDateTime": "2000-06-19T08:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2100-06-19T07:00:00Z",
+ "status": "done",
+ "runDateTime": "2022-01-20T17:46:54.6085806Z",
+ "fulfilledDateTime": "2022-01-20T10:00:24.9114365-08:00",
+ "downloadUri": "https://dfermconsolreportusc.blob.core.windows.net/df-erm-reports/Last months reviews for ELM-e642e792-9884-413d-9299-982b37bfe369.csv?skoid=fa04d013-9f36-4d7d-8b8e-7276fb3bd36e&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2022-01-20T18:03:59Z&ske=2022-01-20T18:05:59Z&sks=b&skv=2020-04-08&sv=2020-04-08&st=2022-01-20T18:04:01Z&se=2022-01-21T18:04:01Z&sr=b&sp=r&sig=...",
+ "expiration": "2022-02-19T10:00:24.9114365-08:00"
+}
+```
v1.0 Accessreviewset List Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewset-list-historydefinitions.md
+
+ Title: "List historyDefinitions"
+description: "Get a list of the accessReviewHistoryDefinition objects."
+
+ms.localizationpriority: medium
++
+# List historyDefinitions
+
+Namespace: microsoft.graph
+
+Retrieve the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) objects created in the last 30 days, including all nested properties.
+
+>[!NOTE]
+>The default page size for this API is 100 **accessReviewHistoryDefinitions** objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+>
+>If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+If the signed-in user is not a Global Admin directory role member or a Global Reader directory role member, only the definitions that the signed-in user created will be returned.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions
+```
+
+## Optional query parameters
+
+This method supports the `$top`, `$filter`, `$expand`, and `$skip` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). Including `?$expand=instances` will return the [accessReviewHistoryDefinitions](../resources/accessreviewhistorydefinition.md) objects along with their associated instances.
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewhistorydefinition"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition",
+ "isCollection": "true"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "67e3de15-d263-45a9-8f4f-71271b495db7",
+ "displayName": "Last year's ELM assignment reviews - one time",
+ "reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2021-04-05T00:00:00Z",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "done",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ }
+ ]
+ }
+ ]
+}
+```
v1.0 Accessreviewset Post Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewset-post-historydefinitions.md
+
+ Title: "Create historyDefinitions"
+description: "Create a new accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# Create historyDefinitions
+
+Namespace: microsoft.graph
+
+Create a new [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+The signed-in user must also be in a directory role that permits them to read an access review to retrieve any data. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-overview.md).
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /identityGovernance/accessReviews/historyDefinitions
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object.
+
+The following table shows the required properties used to create an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md).
+
+|Property|Type|Description|
+|:|:|:|
+|displayName | String | Name for the access review history data collection. Required. |
+|reviewHistoryPeriodStartDateTime | DateTimeOffset | A timestamp. Reviews starting on or after this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|reviewHistoryPeriodEndDateTime | DateTimeOffset | A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|scopes|[accessReviewQueryScope](../resources/accessreviewqueryscope.md) collection| Used to filter which reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required. <br> For more, see [Supported scope queries for accessReviewHistoryDefinition](#supported-scope-queries-for-accessreviewhistorydefinition). |
+| scheduleSettings |[accessReviewHistoryScheduleSettings](../resources/accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined.|
+
+### Supported scope queries for accessReviewHistoryDefinition
+
+The **scopes** property of [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) is based on **accessReviewQueryScope**, a resource that allows you to configure different resources in it's **query** property. These resources then represent the scope of the history definition and dictate the type of review history data that is included in the downloadable CSV file which is generated when the history definition's [accessReviewHistoryInstances](../resources/accessreviewhistoryinstance.md) are created.
+
+Use the following format for the **query** property:
+
+```http
+/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '{object}')
+```
+
+The value of `{object}` is one of the resources that can be configured in an **accessReviewScheduleDefinition**. For example, the following includes every accessReviewScheduleDefinition review result on individual groups (and excludes definitions scoped to all Microsoft 365 groups with guest users).
+
+```http
+/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')
+```
+
+For more supported values, see Use the [$filter query parameter on accessReviewScheduleDefinition](accessreviewset-list-definitions.md#use-the-filter-query-parameter).
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object in the response body.
+
+## Examples
+
+The following example shows how to create an access review history definition scoped to access reviews on access packages and groups, running between the start date of 01/01/2021 and end date of 04/05/2021.
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_accessreviewhistorydefinition_from_"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
+Content-Type: application/json
+
+{
+ "displayName": "Last quarter's group reviews April 2021",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "scheduleSettings": {
+ "reportRange": "P1M",
+ "recurrence": {
+ "pattern": {
+ "type": "monthly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2018-08-03T21:02:30.667Z",
+ "count": 0
+ }
+ }
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "displayName": "Last quarter's group reviews April 2021",
+ "scheduleSettings": {
+ "reportRange": "P1M",
+ "recurrence": {
+ "pattern": {
+ "type": "monthly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2018-08-03T21:02:30.667Z",
+ "count": 0
+ }
+ }
+ },
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "requested",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
v1.0 Administrativeunit Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-get.md
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [administrativeUnit](../resources/administrativeunit.md) object in the response body. ## Example
-##### Request
+### Request
Here is an example of the request.
Here is an example of the request.
"name": "get_administrativeunit" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-administrativeunit-csharp-snippets.md)]
GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
-
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits/$entity",
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null,
+ "visibility": "HiddenMembership"
} ```
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-update.md
ms.prod: "directory-management"
doc_type: apiPageType
-# Update administrativeunit
+# Update administrativeUnit
Namespace: microsoft.graph
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |description|string|Description for the administrative unit.| |displayName|string|Display name for the administrative unit.|
-|visibility|string|Visibility for the administrative unit. If not set then the default is "public". Can be set to "HiddenMembership", which hides the membership from non-members.|
-Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to
-add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
## Response
If successful, this method returns a `204 No Content` response code.
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
If successful, this method returns a `204 No Content` response code.
"name": "update_administrativeunit" }--> ```http
-PATCH https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
+PATCH https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value"
+ "displayName": "Greater Seattle District Technical Schools"
} ``` # [C#](#tab/csharp)
Content-type: application/json
---
-##### Response
+### Response
<!-- { "blockType": "response"
v1.0 Application Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be "nbf" + 10 mins.</li></ul><br>Here is a code [sample](/graph/application-rollkey-prooftoken) that can be used to generate this proof of possession token.| ## Response
v1.0 Application Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-removepassword.md
POST /applications/{id}/removePassword
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Bitlocker List Recoverykeys https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bitlocker-list-recoverykeys.md
The response might also contain an `odata.nextLink`, which you can use to page t
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys?$filter=deviceId eq '1ab40ab2-32a8-4b00-b6b5-ba724e407de9'
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
v1.0 Bitlockerrecoverykey Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bitlockerrecoverykey-get.md
This method supports the `$select` OData query parameter to return the **key** p
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request. This example does not return the **k
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4?$select=key
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
+ocp-client-name: "My Friendly Client"
+ocp-client-version: "1.2"
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-bitlockerrecoverykey-key-csharp-snippets.md)]
v1.0 Bookingappointment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bookingappointment-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /solutions/bookingBusinesses/{id}/appointments/{id}- ``` ## Request headers | Name | Description|
If successful, this method returns a `204 No Content` response code. It does not
## Example ### Request
-The following is an example of the request.
+The following is an example of a request.
<!-- { "blockType": "request"
DELETE https://graph.microsoft.com/v1.0/solutions/bookingBusinesses/Contosolunch
``` ### Response
-The following is an example of the response. Note: The response object shown here might be shortened for readability.
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/channel-list-tabs.md
Namespace: microsoft.graph
Retrieve the list of [tabs](../resources/teamstab.md) in the specified [channel](../resources/channel.md) within a [team](../resources/team.md).
+> **Note**: The Files tab is native to a channel or chat and is not returned by this API.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Chat Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/chat-post.md
The following table lists the properties that are required to create a chat obje
|:|:|:| |topic|(Optional) String|The title of the chat. The chat title can be provided only if the chat is of `group` type.| |chatType|[chatType](../resources/chat.md#chattype-values)| Specifies the type of chat. Possible values are: `group` and `oneOnOne`. |
-|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every single user, including the user initiating the create request, who will participate in the chat must be specified in this list.|
+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|
## Response
-If successful, this method returns a 201 Created response code and the newly created **chat** resource in the response body.
+If successful, this method returns a `201 Created` response code and the newly created **chat** resource in the response body.
## Examples
Content-Type: application/json
} ```
+### Example 4: Create a group chat with tenant guest user
+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_chat_group"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/chats
+Content-Type: application/json
+
+{
+ "chatType": "group",
+ "topic": "Group chat title",
+ "members": [
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["guest"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#chats/$entity",
+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",
+ "topic": "Group chat title",
+ "createdDateTime": "2020-12-04T23:11:16.175Z",
+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",
+ "chatType": "group"
+}
+```
v1.0 Columndefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/columndefinition-get.md
GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{colu
## Request body
-
+Do not supply a request body for this method.
-Do not supply a request body with this method.
+## Response
+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.
## Example
-
- ### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get_column_from_contenttype" } -->
GET /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
### Response
-
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "microsoft.graph.columnDefinition", "truncated": true } -->
v1.0 Directory List Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directory-list-administrativeunits.md
+
+ Title: "List administrativeUnits"
+description: "Retrieve a list of administrativeUnit objects."
+
+ms.localizationpriority: medium
++
+# List administrativeUnits
+
+Namespace: microsoft.graph
+
+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+GET /directory/administrativeUnits
+```
+## Optional query parameters
+This method supports the `$count`, `$select`, `$search`, `$filter` (`eq`), and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.
+## Example
+### Request
+Here is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_administrativeunits"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits",
+ "value": [
+ {
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null,
+ "visibility": "HiddenMembership"
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "List administrativeUnits",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directory-post-administrativeunits.md
+
+ Title: "Create administrativeUnit"
+description: "Use this API to create a new administrativeUnit."
+
+ms.localizationpriority: medium
++
+# Create administrativeUnit
+
+Namespace: microsoft.graph
+
+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /directory/administrativeUnits
+
+```
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.
+
+## Example
+
+### Request
+
+The following is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_administrativeunit_from_administrativeunits"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/directory/administrativeUnits
+Content-type: application/json
+
+{
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#administrativeUnits/$entity",
+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+
+## See also
+
+- [Add custom data to resources using extensions](/graph/extensibility-overview)
+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
+<!--
+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)
+-->
++
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create administrativeUnit",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Entitlementmanagement List Assignmentrequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/entitlementmanagement-list-assignmentrequests.md
Content-Type: application/json
"state": "delivered", "status": "Delivered", "createdDateTime": "2019-10-25T22:55:11.623Z",
- "completedDate": "2019-10-26T22:55:11.623Z",
+ "completedDateTime": "2019-10-26T22:55:11.623Z",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Group Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-assignlicense.md
In the request body, provide a JSON object with the following parameters.
| Parameter | Type |Description| |:|:--|:-| |addLicenses|[assignedLicense](../resources/assignedlicense.md) collection|A collection of [assignedLicense](../resources/assignedlicense.md) objects that specify the licenses to add. You can disable servicePlans associated with a license by setting the **disabledPlans** property on an [assignedLicense](../resources/assignedlicense.md) object.|
-|removeLicenses|GUID collection|A collection of skuIds that identify the licenses to remove.|
+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|
## Response
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To remove members from a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-get.md
Get the properties and relationships of a group object.
This operation returns by default only a subset of all the available properties, as noted in the [Properties](../resources/group.md#properties) section. To get properties that are _not_ returned by default, specify them in a `$select` OData query option. The **hasMembersWithLicenseErrors** property is an exception and is not returned in the `$select` query.
+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Return all default properties.
The following is an example of a GET request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "sampleKeys": ["b320ee12-b1cd-4cca-b648-a437be61c5cd"],
The following is an example of a GET request.
```msgraph-interactive GET https://graph.microsoft.com/v1.0/groups/b320ee12-b1cd-4cca-b648-a437be61c5cd ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-
-# [Go](#tab/go)
-
-# [PowerShell](#tab/powershell)
--- #### Response The following is an example of the response. It includes only the default properties.
v1.0 Group List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-list.md
List all the groups in an organization, including but not limited to Microsoft 3
This operation returns by default only a subset of the properties for each group. These default properties are noted in the [Properties](../resources/group.md#properties) section. To get properties that are _not_ returned by default, do a [GET](group-get.md) operation for the group and specify the properties in a `$select` OData query option. The **hasMembersWithLicenseErrors** property is an exception and is not returned in the `$select` query.
+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Group Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To add members to a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Identityapiconnector Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/identityapiconnector-create.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "Test API", "targetUrl": "https://someotherapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Uploadclientcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/identityapiconnector-uploadclientcertificate.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id": "guid",
+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "My API connector", "targetUrl": "https://api.contoso.com/endpoint", "authenticationConfiguration": {
v1.0 List Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/list-create.md
Previously updated : 09/11/2017 Title: Create a SharePoint List ms.localizationpriority: medium ms.prod: "sharepoint"
One of the following permissions is required to call this API. To learn more, in
POST https://graph.microsoft.com/v1.0/sites/{site-id}/lists ```
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+ ## Request body
-In the request body, supply a JSON representation of the [list][] resource to create.
+In the request body, supply a JSON representation of a [list][] object.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.
+
+## Examples
-## Example
+### Request
-Here is an example of how to create a new generic list.
+The following is an example of how to create a new generic list.
+
+> **Note:** Custom columns are optional.
+
+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
+If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
# [HTTP](#tab/http)
Content-Type: application/json
-**Note:** Custom columns are optional.
-
-In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
-If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
- ## Response
-If successful, this method returns a [list][] in the response body for the created list.
+The following is an example of the response.
+
+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.list", "truncated": true } -->
Content-type: application/json
} ```
-**Note:** The response object is truncated for clarity.
-Default properties will be returned from the actual call.
[list]: ../resources/list.md [site]: ../resources/site.md
v1.0 Outlookuser Post Mastercategories https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/outlookuser-post-mastercategories.md
POST /users/{id|userPrincipalName}/outlook/masterCategories
| Name | Description| |:|:-| | Authorization | Bearer {token}. Required. |-
+|Content-Type|application/json. Required.|
## Request body
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.
## Response
-If successful, this method returns `201 Created` response code and [outlookCategory](../resources/outlookcategory.md) object in the response body.
+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
Content-Length: 70 {
- "displayName":"Project expenses",
- "color":"preset9"
+ "displayName": "Project expenses",
+ "color": "preset9"
} ``` # [C#](#tab/csharp)
Content-Length: 70
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-type: application/json {
- "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
- "id":"bac262b7-485d-4739-b436-e31467d64fac",
- "displayName":"Project expenses",
- "color":"preset9"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
+ "id": "bac262b7-485d-4739-b436-e31467d64fac",
+ "displayName": "Project expenses",
+ "color": "preset9"
} ```
v1.0 Participant Invite https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/participant-invite.md
Title: "participant: invite" description: "Invite participants to the active call."-+ ms.localizationpriority: medium ms.prod: "cloud-communications" doc_type: apiPageType
Invite participants to the active call.
For more information about how to handle operations, see [commsoperation](../resources/commsoperation.md).
->**Note:** This API is only supported for group calls.
+>**Note:** Inviting multiple participants in one request is only supported for group calls.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
In the request body, provide a JSON object with the following parameters.
|clientContext|String|Unique Client Context string. Max limit is 256 chars.| ## Response
-If succsessful, this method returns a `200 OK` response code and a location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request.
+If successful, this method returns a `200 OK` response code and a location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request.
The body of the response contains the created [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md).
The following examples show how to call this API.
> **Note:** The response objects might be shortened for readability. All the properties will be returned from an actual call.
-### Example 1: Invite one participant to an existing group call
+### Example 1: Invite one participant to an existing call
##### Request
v1.0 Participant Stopholdmusic https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/participant-stopholdmusic.md
Location: https://graph.microsoft.com/v1.0/communications/calls/e141b67c-90fd-45
{ "@odata.type": "#microsoft.graph.stopHoldMusicOperation", "id": "0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "status": "running",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c"
-}
-```
-
-### Notification sent to the application after the stopHoldMusicOperation finishes
-
-```http
-POST https://bot.contoso.com/api/calls
-Content-Type: application/json
-```
-
-<!-- {
- "blockType": "example",
- "@odata.type": "microsoft.graph.commsNotifications"
-}-->
-```json
-{
- "@odata.type": "#microsoft.graph.commsNotifications",
- "value": [
- {
- "@odata.type": "#microsoft.graph.commsNotification",
- "changeType": "deleted",
- "resourceUrl": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "resourceData": {
- "@odata.type": "#microsoft.graph.stopHoldMusicOperation",
- "@odata.id": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "@odata.etag": "W/\"54451\"",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
- "status": "completed"
- }
- }
- ]
+ "status": "completed",
+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
+ "resultInfo": null
} ```
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters+ This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
+> [!NOTE]
+> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedShift/startDateTime ge 2019-05-09T00:00:00Z and sharedShift/startDateTime le 2019-05-09T23:59:59Z`.
+ ## Request headers | Header | Value |
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-get.md
Title: "Get servicePrincipal"
-description: "Retrieve the properties and relationships of serviceprincipal object."
+description: "Retrieve the properties and relationships of servicePrincipal object."
ms.localizationpriority: high ms.prod: "applications"
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Application.Read.All, Application.ReadWrite.All, Application.ReadWrite.OwnedBy, Directory.Read.All |
+> [!NOTE]
+> A service principal can retrieve its own application and service principal details without being granted any application permissions.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
GET /servicePrincipals/{id}
``` ## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
By default, this API doesn't return the public key value of the **key** in the **keyCredentials** property unless **keyCredentials** is specified in a `$select` query. For example, `$select=id,appId,keyCredentials`.
v1.0 Serviceprincipal List Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-list-approleassignedto.md
For example, if the resource service principal is the service principal for the
If the resource service principal is an application that has app roles granted to users and groups, this will return all the users and groups assigned app roles for this application.
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal List Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-list-approleassignments.md
Retrieve the list of [appRoleAssignment](../resources/approleassignment.md) that
App roles that are assigned to service principals are also known as [application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types). Application permissions can be granted directly by creating app role assignments, or through a [consent experience](/azure/active-directory/develop/application-consent-experience).
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the servicePrincipal's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the servicePrincipal that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be "nbf" + 10 mins.</li></ul><br>Here is a code [sample](/graph/application-rollkey-prooftoken) that can be used to generate this proof of possession token.| ## Response
v1.0 Serviceprincipal Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-removepassword.md
POST /servicePrincipals/{id}/removePassword
| Property | Type |Description| |:|:--|:-|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-delete.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-get.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-post-subscriptions.md
Namespace: microsoft.graph
Subscribes a listener application to receive change notifications when the requested type of changes occur to the specified resource in Microsoft Graph.
-See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+
+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).
## Permissions
OneDrive for Business and SharePoint support sending your application notificati
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
--- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-update.md
On personal OneDrive, you can subscribe to the root folder or any subfolder in t
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Termstore Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/termstore-group-get.md
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/v1.0/sites/mycompany.sharepoint.com,8f03a01c-dcfa-4aaf-9be5-b3fb48e538c1,739084f3-c0fa-46ac-b7f8-13b344781ad0/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C?$select=*,parentSiteId ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Go](#tab/go) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [PowerShell](#tab/powershell) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 User Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-assignlicense.md
Content-type: application/json
"addLicenses": [ { "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "guid"
+ "skuId": "45715bb8-13f9-4bf6-927f-ef96c102d394"
} ], "removeLicenses": [ "bea13e0c-3828-4daa-a392-28af7ff61a0f" ]
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-get.md
Namespace: microsoft.graph
Retrieve the properties and relationships of user object.
-> Note: Getting a user returns a default set of properties only (*businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName*). Use `$select` to get the other properties and relationships for the [user](../resources/user.md) object.
+> **Note:** Getting a user returns a default set of properties only (*businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName*). Use `$select` to get the other properties and relationships for the [user](../resources/user.md) object.
+>
+> This request might have replication delays for users that were recently created, updated, or deleted.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 User List Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-list-licensedetails.md
Title: "List licenseDetails" description: "Retrieve a list of licenseDetails objects."-+ ms.localizationpriority: medium ms.prod: "users" doc_type: apiPageType
v1.0 User List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-list.md
Namespace: microsoft.graph
Retrieve a list of [user](../resources/user.md) objects.
+>**Note:** This request might have replication delays for users that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 User Revokesigninsessions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-revokesigninsessions.md
This operation has no request content.
## Response
-If successful, this method returns a `204 No Content` response code.
+If successful, this method returns a `200 OK` response code.
>[!NOTE]
->This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-HTTP-code). It returns a different HTTP response code.
+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.
## Example The following example shows how to call this API.
-##### Request
+### Request
# [HTTP](#tab/http) <!-- {
- "blockType": "request",
+ "blockType": "ignored",
"name": "user_revokesigninsessionss" }--> ```http
POST https://graph.microsoft.com/v1.0/me/revokeSignInSessions
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 No Content
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean",
+ "value": true
+}
``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|userType|String|A string value that can be used to classify user types in your directory, such as `Member` and `Guest`. | > [!NOTE]
-> The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
## Response
v1.0 Windowshelloforbusinessauthenticationmethod Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/windowshelloforbusinessauthenticationmethod-get.md
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAu
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} ```
+>**Note:** To read the **device** navigation property for another user, specify it in an `$expand` query as follows: `/users/{id}/authentication/windowsHelloForBusinessMethods/{id}?$expand=device`.
+ ## Optional query parameters Not supported.
v1.0 Accesspackageassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accesspackageassignmentrequest.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
## Properties |Property|Type|Description| |:|:|:|
-|completedDate|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|completedDateTime|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
|createdDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |id|String|Read-only.| |requestType|accessPackageRequestType|The type of the request. The possible values are: `notSpecified`, `userAdd`, `userUpdate`, `userRemove`, `adminAdd`, `adminUpdate`, `adminRemove`, `systemAdd`, `systemUpdate`, `systemRemove`, `onBehalfAdd`, `unknownFutureValue`. A request from the user themselves would have requestType of `UserAdd` or `UserRemove`. This property cannot be changed once set.|
The following is a JSON representation of the resource.
"state": "String", "status": "String", "createdDateTime": "String (timestamp)",
- "completedDate": "String (timestamp)",
+ "completedDateTime": "String (timestamp)",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Accessreviewhistorydefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistorydefinition.md
+
+ Title: "accessReviewHistoryDefinition resource type"
+description: "Represents a collection of access review history data."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryDefinition resource type
+
+Namespace: microsoft.graph
+
+Represents a collection of access review historical data and the scopes used to collect that data.
+
+An **accessReviewHistoryDefinition** contains a list of [accessReviewHistoryInstance](accessReviewHistoryInstance.md) objects. Each recurrence of the history definition creates an instance. In the case of a one-time history definition, only one instance is created.
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[List accessReviewHistoryDefinitions](../api/accessreviewset-list-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md) collection|Get a list of the [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) objects and their properties.|
+|[Create accessReviewHistoryDefinition](../api/accessreviewset-post-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|createdBy|[userIdentity](useridentity.md)| User who created this review history definition. |
+|createdDateTime|DateTimeOffset|Timestamp when the access review definition was created.|
+|decisions|String collection|Determines which review decisions will be included in the fetched review history data if specified. Optional on create. All decisions will be included by default if no decisions are provided on create. Possible values are: `approve`, `deny`, `dontKnow`, `notReviewed`, and `notNotified`.|
+|displayName|String|Name for the access review history data collection. Required.|
+|id|String|The assigned unique identifier of an access review history definition.|
+|reviewHistoryPeriodEndDateTime|DateTimeOffset| A timestamp. Reviews ending on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|reviewHistoryPeriodStartDateTime|DateTimeOffset|A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined.|
+| scheduleSettings |[accessReviewHistoryScheduleSettings](accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined.|
+|scopes|[accessReviewScope](accessreviewscope.md) collection|Used to scope what reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required.|
+|status| accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`.|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:|:|:|
+|instances|[accessReviewHistoryInstance](accessreviewhistoryinstance.md) collection| If the **accessReviewHistoryDefinition** is a recurring definition, instances represent each recurrence. A definition that does not recur will have exactly one instance.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "reviewHistoryPeriodStartDateTime": "String (timestamp)",
+ "reviewHistoryPeriodEndDateTime": "String (timestamp)",
+ "status": "String",
+ "decisions": [
+ "String"
+ ],
+ "createdDateTime": "String (timestamp)",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.userIdentity"
+ },
+ "scopes": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ }
+ ],
+ "scheduleSettings": {
+ "@odata.type": "microsoft.graph.accessReviewHistoryScheduleSettings"
+ }
+}
+```
v1.0 Accessreviewhistoryinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistoryinstance.md
+
+ Title: "accessReviewHistoryInstance resource type"
+description: "Represents a recurrence of an accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryInstance resource type
+
+Namespace: microsoft.graph
+
+ Represents a recurrence of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object. A history definition that does not recur will have exactly one instance.
+
+ Every **accessReviewHistoryInstance** along with its associated **accessReviewHistoryDefinition** contain the properties **reviewHistoryPeriodStartDateTime**, **reviewHistoryPeriodEndDateTime**, **decisions**, **scheduleSettings**, and **scopes**. These properties are used when scheduling recurrences as well as selecting review data and can be modified. Each **accessReviewHistoryInstance** object and data is only available for 30 days. Once an **accessReviewHistoryInstance** status has been moved to `done` a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md).
+
+## Methods
+
+| Method | Return type | Description |
+|:|:|:|
+|[List accessReviewHistoryInstances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md) collection| Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
+|[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Generates a URI which can be used to retrieve the instance's review history data.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|downloadUri|String|Uri which can be used to retrieve review history data. This URI will be active for 24 hours after being generated. Required.|
+|expirationDateTime|DateTimeOffset|Timestamp when this instance and associated data expires and the history is deleted. Required.|
+|fulfilledDateTime|DateTimeOffset|Timestamp when all of the available data for this instance was collected. This will be set after this instance's status is set to `done`. Required.|
+|id|String|The assigned unique identifier of an access review history instance. Read-only. Required.|
+|reviewHistoryPeriodEndDateTime|DateTimeOffset|Timestamp, reviews ending on or before this date will be included in the fetched history data.|
+|reviewHistoryPeriodStartDateTime|DateTimeOffset|Timestamp, reviews starting on or after this date will be included in the fetched history data.|
+|runDateTime|DateTimeOffset|Timestamp when the instance's history data is scheduled to be generated.|
+|status|accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`. Once the **status** has been marked as `done`, a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md) method.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewHistoryInstance",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryInstance",
+ "id": "String (identifier)",
+ "reviewHistoryPeriodStartDateTime": "String (timestamp)",
+ "reviewHistoryPeriodEndDateTime": "String (timestamp)",
+ "status": "String",
+ "runDateTime": "String (timestamp)",
+ "fulfilledDateTime": "String (timestamp)",
+ "downloadUri": "String",
+ "expirationDateTime": "String (timestamp)"
+}
+```
v1.0 Accessreviewhistoryschedulesettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistoryschedulesettings.md
+
+ Title: "accessReviewHistoryScheduleSettings resource type"
+description: "In Azure AD access reviews, the accessReviewHistoryScheduleSettings represents the settings associated with an access review history definition series."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryScheduleSettings resource type
+
+Namespace: microsoft.graph
+
+Defines the settings of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| recurrence|[patternedRecurrence](patternedrecurrence.md) | Detailed settings for recurrence using the standard Outlook recurrence object. <br/><br/>**Note:** Only **dayOfMonth**, **interval**, and **type** (`weekly`, `absoluteMonthly`) properties are supported. Use the property **startDate** on **recurrenceRange** to determine the day the review starts. Required. |
+|reportRange|String|A duration string in ISO 8601 duration format specifying the lookback period of the generated review history data. For example, if a history definition is scheduled to run on the 1st of every month, the **reportRange** is `P1M`. In this case, on the first of every month, access review history data will be collected containing only the previous month's review data. <br/><br/>**Note:** Only **years**, **months**, and **days** ISO 8601 properties are supported. Required.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewHistoryScheduleSettings"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryScheduleSettings",
+ "reportRange": "String",
+ "recurrence": {
+ "@odata.type": "microsoft.graph.patternedRecurrence"
+ }
+}
+```
v1.0 Accessreviewset https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewset.md
None.
|Relationship|Type|Description| |:|:|:| |definitions|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection| Represents the template and scheduling for an access review. |
+|historyDefinitions|[accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) collection| Represents a collection of access review history data and the scopes used to collect that data.|
## JSON representation
v1.0 Accessreviewsv2 Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewsv2-overview.md
Typical customer scenarios for access reviews include:
- Customers can review and certify employee access to Azure AD resources. - Customers can review and audit assignments to Azure AD privileged roles. This supports organizations in the management of privileged access.
-The access reviews feature, including the API, is available only with a valid purchase or trial license of Azure AD Premium P2 or EMS E5 subscription.
+The access reviews feature, including the API, is available only with a valid purchase or trial license of Azure AD Premium P2 or EMS E5 subscription. For more information about the license requirements, see [Access reviews license requirements](/azure/active-directory/governance/access-reviews-overview#license-requirements).
## Methods
The following table lists the methods that you can use to interact with access r
|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.| |[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Update the properties of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.| |[accessReviewInstanceDecisionItem: filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Returns the decision items for which the calling user is the reviewer of.|-
+|**History definitions**| | |
+|[List historyDefinitions](../api/accessreviewset-list-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md) collection|Get a list of the [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) objects and their properties.|
+|[Create historyDefinitions](../api/accessreviewset-post-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Generate a URI for an instance that can be used to retrieve review history data.|
+|[List instances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
## Role and application permission authorization checks
v1.0 Addin https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/addin.md
Here is a JSON representation of the resource.
```json {
- "id": "guid",
+ "id": "Guid",
"properties": [{"@odata.type": "microsoft.graph.keyValue"}],
- "type": "string"
+ "type": "String"
} ```
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/administrativeunit.md
This topic provides descriptions of the declared properties and navigation prope
| Method | Return Type | Description | |:|:--|:-|
-|[Create](../api/administrativeunit-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
-|[List](../api/administrativeunit-list.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
|[Get](../api/administrativeunit-get.md) | [administrativeUnit](administrativeunit.md) |Read properties and relationships of a specific administrativeUnit object.| |[Update](../api/administrativeunit-update.md) | [administrativeUnit](administrativeunit.md) |Update administrativeUnit object. | |[Delete](../api/administrativeunit-delete.md) | None |Delete administrativeUnit object. |
This topic provides descriptions of the declared properties and navigation prope
| Property | Type |Description| |:|:--|:-|
-|description|string|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
-|displayName|string|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
-|id|string|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
-|visibility|string|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership` or `Public`. If not set, default behavior is `Public`. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
## Relationships | Relationship | Type |Description|
v1.0 Alterationresponse https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/alterationresponse.md
+
+ Title: "alterationResponse resource type"
+description: "Provides information related to spelling corrections in the alteration response."
+ms.localizationpriority: medium
+++
+# alterationResponse resource type
+
+Namespace: microsoft.graph
+
+Provides information related to spelling corrections in the alteration response.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|originalQueryString|String| Defines the original user query string.|
+|queryAlteration|[searchAlteration](searchalteration.md)| Defines the details of the alteration information for the spelling correction.|
+|queryAlterationType|searchAlterationType| Defines the type of the spelling correction. Possible values are: `suggestion`, `modification`.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.alterationResponse",
+ "baseType": null
+}-->
+
+```json
+{
+ "originalQueryString": "String",
+ "queryAlteration": "String",
+ "queryAlterationType": "String"
+}
+```
v1.0 Alteredquerytoken https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/alteredquerytoken.md
+
+ Title: "alteredQueryToken resource type"
+description: "Represents changed segments related to an original user query."
+ms.localizationpriority: medium
+++
+# alteredQueryToken resource type
+
+Namespace: microsoft.graph
+
+Represents changed segments related to an original user query.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|length|Int32| Defines the length of a changed segment.|
+|offset|Int32| Defines the offset of a changed segment.|
+|suggestion|String| Represents the corrected segment string.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.alteredQueryToken",
+ "baseType": null
+}-->
+
+```json
+{
+ "length": "Int32",
+ "offset": "Int32",
+ "suggestion": "String"
+}
+```
v1.0 Approle https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/approle.md
With [appRoleAssignments](approleassignment.md), app roles can be assigned to us
|allowedMemberTypes|String collection|Specifies whether this app role can be assigned to users and groups (by setting to `["User"]`), to other application's (by setting to `["Application"]`, or both (by setting to `["User", "Application"]`). App roles supporting assignment to other applications' service principals are also known as [application permissions](/graph/auth/auth-concepts#microsoft-graph-permissions). The "Application" value is only supported for app roles defined on **application** entities.| |description|String|The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.| |displayName|String|Display name for the permission that appears in the app role assignment and consent experiences.|
-|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new Guid identifier must be provided. |
+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |
|isEnabled|Boolean|When creating or updating an app role, this must be set to **true** (which is the default). To delete a role, this must first be set to **false**. At that point, in a subsequent call, this role may be removed.| |origin|String| Specifies if the app role is defined on the [application](application.md) object or on the [servicePrincipal](serviceprincipal.md) entity. Must _not_ be included in any POST or PATCH requests. Read-only. | |value|String|Specifies the value to include in the `roles` claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are `:` `!` `#` `$` `%` `&` `'` `(` `)` `*` `+` `,` `-` `.` `/` `:` `;` <code>&lt;</code> `=` <code>&gt;</code> `?` `@` `[` `]` `^` `+` `_` <code>&#96;</code> `{` <code>&#124;</code> `}` `~`, as well as characters in the ranges `0-9`, `A-Z` and `a-z`. Any other character, including the space character, are not allowed. May not begin with `.`. |
The following is a JSON representation of the resource.
```json {
- "allowedMemberTypes": ["string"],
- "description": "string",
- "displayName": "string",
- "id": "guid",
+ "allowedMemberTypes": ["String"],
+ "description": "String",
+ "displayName": "String",
+ "id": "Guid",
"isEnabled": true,
- "origin": "string",
- "value": "string"
+ "origin": "String",
+ "value": "String"
} ```
v1.0 Approleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/approleassignment.md
Here is a JSON representation of the resource
```json {
- "id": "string",
+ "id": "String",
"createdDateTime": "String (timestamp)",
- "principalDisplayName": "string",
- "principalId": "guid",
- "principalType": "string",
- "resourceDisplayName": "string",
- "resourceId": "guid",
- "appRoleId": "guid"
+ "principalDisplayName": "String",
+ "principalId": "Guid",
+ "principalType": "String",
+ "resourceDisplayName": "String",
+ "resourceId": "Guid",
+ "appRoleId": "Guid"
} ```
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/assignedlicense.md
Here is a JSON representation of the resource
```json {
- "disabledPlans": ["guid"],
- "skuId": "guid"
+ "disabledPlans": ["Guid"],
+ "skuId": "Guid"
} ```
v1.0 Assignedplan https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/assignedplan.md
Here is a JSON representation of the resource
```json { "assignedDateTime": "String (timestamp)",
- "capabilityStatus": "string",
- "service": "string",
- "servicePlanId": "guid"
+ "capabilityStatus": "String",
+ "service": "String",
+ "servicePlanId": "Guid"
} ```
v1.0 Changenotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/changenotification.md
None.
| resource | string | The URI of the resource that emitted the change notification relative to `https://graph.microsoft.com`. Required. | | resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Required. | | subscriptionExpirationDateTime | DateTimeOffset | The expiration time for the subscription. Required. |
-| subscriptionId | GUID | The unique identifier of the subscription that generated the notification. |
-| tenantId | GUID | The unique identifier of the tenant from which the change notification originated. |
+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification. |
+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. |
## Relationships
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| installedApps | [teamsAppInstallation](teamsappinstallation.md) collection | A collection of all the apps in the chat. Nullable. | | members | [conversationMember](conversationmember.md) collection | A collection of all the members in the chat. Nullable. | | messages | [chatMessage](chatmessage.md) collection | A collection of all the messages in the chat. Nullable. |
+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |
## JSON representation
v1.0 Claimsmappingpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/claimsmappingpolicy.md
Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Co
- Create claim types that do not already exist - Choose or change the source of data emitted in specific claims
+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)
+ For more scenario and configuration details see [How to: Customize claims emitted in tokens for a specific app in a tenant](/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-properties). Inherits from [stsPolicy](stsPolicy.md).
The properties below form the JSON object that represents a claims-mapping polic
|:|:--|:-| |Version|Integer|Set value of 1. Required.| |IncludeBasicClaimSet|Boolean|If set to `true`, all claims in the basic claim set are emitted in tokens affected by the policy. If set to `false`, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.|
-|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). For more information, see [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
-|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. For more information, see [ClaimsTransformation definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
## Relationships
v1.0 Delegatedpermissionclassification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/delegatedpermissionclassification.md
Delegated permission classifications can be used in combination with user consen
|:|:--|:-| | id | String | A unique identifier for the **delegatedPermissionClassification** Key. Not nullable. Read-only. | | classification | permissionClassificationType | The classification value being given. Possible value: `low`. Does not support `$filter`. |
-| permissionId | Guid | The unique identifier (**id**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |
+| permissionId | String | The unique identifier (**id**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |
| permissionName | String | The claim value (**value**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Does not support `$filter`. | ## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "string (identifier)",
+ "id": "String (identifier)",
"classification": "low",
- "permissionId": "string",
- "permissionName": "string"
+ "permissionId": "String",
+ "permissionName": "String"
} ```
v1.0 Directoryaudit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/directoryaudit.md
Represents the directory audit items and its collection.
| activityDisplayName | String | Indicates the activity name or the operation name (examples: "Create User" and "Add member to group"). For full list, see [Azure AD activity list](/azure/active-directory/active-directory-reporting-activity-audit-logs#azure-ad-audit-activity-list). | | additionalDetails | [keyValue](keyvalue.md) collection | Indicates additional details on the activity. | | category | String | Indicates which resource category that's targeted by the activity. (For example: User Management, Group Management etc..) |
-| correlationId | GUID | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
| id | String | Indicates the unique ID for the activity. This is a GUID. | | initiatedBy | [auditActivityInitiator](auditactivityinitiator.md) | Indicates information about the user or app initiated the activity. | | loggedByService | String | Indicates information on which service initiated the activity (For example: `Self-service Password Management`, `Core Directory`, `B2C`, `Invited Users`, `Microsoft Identity Manager`, `Privileged Identity Management`. |
Here is a JSON representation of the resource.
"id": "String (identifier)", "initiatedBy": {"@odata.type": "microsoft.graph.auditActivityInitiator"}, "loggedByService": "String",
- "result": "string",
+ "result": "String",
"resultReason": "String", "targetResources": [{"@odata.type": "microsoft.graph.targetResource"}] }
v1.0 Directoryobjectpartnerreference https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/directoryobjectpartnerreference.md
The following is a JSON representation of the resource.
```json {
- "description": "string ",
- "displayName": "string",
- "externalPartnerTenantId": "string (identifier)",
- "id": "string (identifier)",
- "objectType": "string"
+ "description": "String ",
+ "displayName": "String",
+ "externalPartnerTenantId": "String (identifier)",
+ "id": "String (identifier)",
+ "objectType": "String"
} ```
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/enums.md
Possible values for user account types (group membership), per Windows definitio
|strategic| |unknownFutureValue|
+### searchAlterationType values
+
+| Member |
+|:|
+|modification|
+|suggestion|
+ ### serviceHealthClassificationType values |Member|
Possible values for user account types (group membership), per Windows definitio
|callUs| |notSet| |unknownFutureValue|+
+### accessReviewHistoryStatus values
+
+| Member|
+|:--|
+|done|
+|inprogress|
+|error|
+|requested|
+|unknownFutureValue|
+
+### accessReviewHistoryDecisionFilter values
+
+| Member|
+|:--|
+|approve|
+|deny|
+|notReviewed|
+|dontKnow|
+|notNotified|
+|unknownFutureValue|
v1.0 Grouplifecyclepolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/grouplifecyclepolicy.md
Here is a JSON representation of the resource.
{ "alternateNotificationEmails": "String", "groupLifetimeInDays": 180,
- "id": "Guid (identifier)",
+ "id": "String (identifier)",
"managedGroupTypes": "String" }
v1.0 List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/list.md
Previously updated : 09/11/2017 Title: List
+ Title: List resource
ms.localizationpriority: high ms.prod: "sharepoint" description: "The list resource represents a list in a site."
All examples below are relative to a site, for example, `https://graph.microsoft
[Create list item]: ../api/listitem-create.md [Get WebSocket channel]: ../api/subscriptions-socketio.md
-## JSON representation
-
-Here is a JSON representation of a **list** resource.
-
-<!--{
- "blockType": "resource",
- "optionalProperties": [
- "items",
- "drive"
- ],
- "keyProperty": "id",
- "baseType": "microsoft.graph.baseItem",
- "@odata.type": "microsoft.graph.list"
-}-->
-
-```json
-{
- "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
- "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
- "displayName": "title of list",
- "drive": { "@odata.type": "microsoft.graph.drive" },
- "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
- "list": {
- "@odata.type": "microsoft.graph.listInfo",
- "hidden": false,
- "template": "documentLibrary | genericList | survey | links | announcements | contacts | accessRequest ..."
- },
- "system": false,
- "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
-
- /* inherited from baseItem */
- "id": "string",
- "name": "name of list",
- "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
- "createdDateTime": "timestamp",
- "description": "description of list",
- "eTag": "string",
- "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
- "lastModifiedDateTime": "timestamp",
- "parentReference": { "@odata.type": "microsoft.graph.itemReference" },
- "sharepointIds": { "@odata.type": "microsoft.graph.sharepointIds" },
- "webUrl": "url to visit the list in a browser"
-}
-```
- ## Properties The **list** resource has the following properties.
The **list** resource has the following relationships to other resources.
[systemFacet]: systemfacet.md [subscription]: subscription.md
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!--{
+ "blockType": "resource",
+ "optionalProperties": [
+ "items",
+ "drive"
+ ],
+ "keyProperty": "id",
+ "baseType": "microsoft.graph.baseItem",
+ "@odata.type": "microsoft.graph.list"
+}-->
+
+```json
+{
+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
+ "displayName": "title of list",
+ "drive": { "@odata.type": "microsoft.graph.drive" },
+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
+ "list": {
+ "@odata.type": "microsoft.graph.listInfo",
+ "hidden": false,
+ "template": "documentLibrary | genericList | survey | links | announcements | contacts | accessRequest ..."
+ },
+ "system": false,
+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
+
+ /* inherited from baseItem */
+ "id": "string",
+ "name": "name of list",
+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "createdDateTime": "timestamp",
+ "description": "description of list",
+ "eTag": "string",
+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "lastModifiedDateTime": "timestamp",
+ "parentReference": { "@odata.type": "microsoft.graph.itemReference" },
+ "sharepointIds": { "@odata.type": "microsoft.graph.sharepointIds" },
+ "webUrl": "url to visit the list in a browser"
+}
+```
+ <!-- { "type": "#page.annotation", "description": "",
v1.0 Onpremisesextensionattributes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/onpremisesextensionattributes.md
Namespace: microsoft.graph
The return type of the **onPremisesExtensionAttributes** property of the [user](user.md) object and **extensionAttributes** property of the [device](device.md) object. Returns fifteen custom extension attribute properties.
-On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
+On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false` or `null`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
The **extensionAttributes** property of the [device](device.md) entity is managed only in Azure AD during device [creation](../api/device-post-devices.md) or [update](../api/device-update.md).
v1.0 Permissionscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/permissionscope.md
Here is a JSON representation of the resource
```json {
- "id": "guid",
- "adminConsentDisplayName": "string",
- "adminConsentDescription": "string",
- "userConsentDisplayName": "string",
- "userConsentDescription": "string",
- "value": "string",
- "type": "string",
+ "id": "Guid",
+ "adminConsentDisplayName": "String",
+ "adminConsentDescription": "String",
+ "userConsentDisplayName": "String",
+ "userConsentDescription": "String",
+ "value": "String",
+ "type": "String",
"isEnabled": true } ```
v1.0 Presence https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/presence.md
This resource supports subscribing to [change notifications](/graph/webhooks).
## Properties
-| Relationship | Type | Description |
+| Property | Type | Description |
| :-- | :- | : | | id | string | The user object id | | availability | string collection | The base presence information for a user. Possible values are `Available`, `AvailableIdle`, `Away`, `BeRightBack`, `Busy`, `BusyIdle`, `DoNotDisturb`, `Offline`, `PresenceUnknown` |
v1.0 Resourceaccess https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resourceaccess.md
The following is a JSON representation of the resource.
```json {
- "id": "GUID",
+ "id": "Guid",
"type": "String" }
v1.0 Resulttemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resulttemplate.md
+
+ Title: "resultTemplate resource type"
+description: "Represents a dictionary of resultTemplateIds and associated values, which include the name and JSON schema of the result templates."
+ms.localizationpriority: medium
+++
+# resultTemplate resource type
+
+Namespace: microsoft.graph
+
+Represents a dictionary of **resultTemplateIds** and associated values, which includes the name and JSON schema of the result templates.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|body|Json|JSON schema of the result template.|
+|displayName|String|Name of the result template.|
+|key|String|ID of a result template. The **key** property must map to a **resultTemplateId** in the [searchHit](searchhit.md) collection.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.resultTemplate",
+ "baseType": null
+}-->
++
+```json
+{
+ "resultTemplateId": {
+ "displayName": "String",
+ "body":{
+ "@odata.type":"microsoft.graph.Json"
+ }
+ }
+}
+```
++
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "resultTemplate resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Resulttemplateoption https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resulttemplateoption.md
+
+ Title: "resultTemplateOption resource type"
+description: "Provides the search result template options to render search results from connectors."
+ms.localizationpriority: medium
+++
+# resultTemplateOption resource type
+
+Namespace: microsoft.graph
+
+Provides the search result template options to render search results from connectors.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|enableResultTemplate|Boolean|Indicates whether search display layouts are enabled. If enabled, the user will get the result template to render the search results content in the **resultTemplates** property of the [response](/graph/api/resources/searchresponse). The result template is based on [Adaptive Cards](https://adaptivecards.io/). Optional. |
++
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.resultTemplateOption",
+ "baseType": null
+}-->
+
+```json
+ {
+ "enableResultTemplate": "Boolean"
+ }
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "resultTemplateOption resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/riskdetection.md
For more information about risk events, see [Azure Active Directory Identity Pro
## Properties |Property|Type|Description| |:|:|:|
-|activity|activityType|Indicates the activity type the detected risk is linked to. . Possible values are: `signin`, `user`, `unknownFutureValue`.|
+|activity|activityType|Indicates the activity type the detected risk is linked to. Possible values are: `signin`, `user`, `unknownFutureValue`.|
|activityDateTime|DateTimeOffset|Date and time that the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: `2014-01-01T00:00:00Z`|
-|additionalInfo|String|Additional information associated with the risk detection in JSON format.|
+|additionalInfo|String|Additional information associated with the risk detection in JSON format. For example, `"[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"}]"`. Possible keys in the additionalInfo JSON string are: `userAgent`, `alertUrl`, `relatedEventTimeInUtc`, `relatedUserAgent`, `deviceInformation`, `relatedLocation`, `requestId`, `correlationId`, `lastActivityTimeInUtc`, `malwareName`, `clientLocation`, `clientIp`, `riskReasons`. <br/>For more information about riskReasons and possible values, see [riskReasons values](#riskreasons-values). |
|correlationId|String|Correlation ID of the sign-in associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in.|
-|detectedDateTime|DateTimeOffset|Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: `2014-01-01T00:00:00Z`|
+|detectedDateTime|DateTimeOffset|Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: `2014-01-01T00:00:00Z`|
|detectionTimingType|riskDetectionTimingType|Timing of the detected risk (real-time/offline). Possible values are: `notDefined`, `realtime`, `nearRealtime`, `offline`, `unknownFutureValue`.| |id|String|Unique ID of the risk detection. Inherited from [entity](../resources/entity.md)| |ipAddress|String|Provides the IP address of the client from where the risk occurred.|
For more information about risk events, see [Azure Active Directory Identity Pro
|location|[signInLocation](../resources/signinlocation.md)|Location of the sign-in.| |requestId|String|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.| |riskDetail|riskDetail|Details of the detected risk. Possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`.|
-|riskEventType|String|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. If the risk detection is a premium detection, will show `generic`|
+|riskEventType|String|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `passwordSpray`, `impossibleTravel`, `newCountry`, `anomalousToken`, `tokenIssuerAnomaly`,`suspiciousBrowser`, `riskyIPAddress`, `mcasSuspiciousInboxManipulationRules`, `suspiciousInboxForwarding`, and `unknownFutureValue`. If the risk detection is a premium detection, will show `generic`. <br/>For more information about each value, see [riskEventType values](#riskeventtype-values).|
|riskLevel|riskLevel|Level of the detected risk. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.| |riskState|riskState|The state of a detected risky user or sign-in. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.| |source|String|Source of the risk detection. For example, `activeDirectory`. |
For more information about risk events, see [Azure Active Directory Identity Pro
|userId|String|Unique ID of the user.| |userPrincipalName|String|The user principal name (UPN) of the user.|
+### riskEventType values
+
+| Name | UI Display Name | Description |
+|--|--|--|
+| unlikelyTravel | Atypical travel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |
+| anonymizedIPAddress | Anonymous IP address | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |
+| maliciousIPAddress | Malicious IP address | Indicates sign-ins from a malicious IP address. An IP address is considered malicious based on high failure rates because of invalid credentials received from the IP address or other IP reputation sources. |
+| unfamiliarFeatures | Unfamiliar sign-in properties | Indicates sign-ins with characteristics that deviate from past sign-in properties. |
+| malwareInfectedIPAddress | Malware linked IP address | Indicates sign-ins from IP addresses infected with malware. Deprecated and no longer generated for new detections. |
+| suspiciousIPAddress | Malicious IP address | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |
+| leakedCredentials | Leaked credentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |
+| investigationsThreatIntelligence | Azure AD threat intelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |
+| generic | Additional risk detected | Indicates that the user was not enabled for Identity Protection. |
+| adminConfirmedUserCompromised | Admin confirmed user compromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyuser-confirmcompromised.md). |
+| passwordSpray | Password spray | Indicates that multiple usernames are attacked using common passwords in a unified brute force manner to gain unauthorized access. |
+| anomalousToken | Anomalous Token | Indicates that there are abnormal characteristics in the token such as an unusual token lifetime or a token that is played from an unfamiliar location. |
+| tokenIssuerAnomaly | Token Issuer Anomaly | Indicates that The SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns. |
+| suspiciousBrowser | Suspicious browser | Suspicious sign-in activity across multiple tenants from different countries in the same browser. |
+| impossibleTravel | Impossible travel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |
+| newCountry | New country | This detection is discovered by Microsoft Cloud App Security (MCAS). The sign-in occurred from a location that wasn't recently or never visited by the given user. |
+| riskyIPAddress | Activity from anonymous IP address | This detection is discovered by Microsoft Cloud App Security (MCAS). Users were active from an IP address that has been identified as an anonymous proxy IP address. |
+| mcasSuspiciousInboxManipulationRules | Suspicious inbox manipulation rules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|
+| suspiciousInboxForwarding | Suspicious inbox forwarding | This detection is discovered by Microsoft Cloud App Security (MCAS). It looks for suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address. |
+| unknownFutureValue | N/A | Evolvable enumeration sentinel value. Do not use. |
+
+### riskReasons values
+
+| riskEventType | Value | UI display string |
+|--|--|--|
+| `investigationsThreatIntelligence` | `suspiciousIP` | This sign-in was from a suspicious IP address |
+| `investigationsThreatIntelligence` | `passwordSpray` | This user account was attacked by a password spray. |
+ ## Relationships None.
v1.0 Schemaextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/schemaextension.md
See the [schema extension example](/graph/extensibility-schema-groups) to learn
| Property | Type |Description| |:|:--|:-| |description|String|Description for the schema extension. Supports `$filter` (`eq`).|
-|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). |
+|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). **Note:** We recommend that your **id** starts with an alphabetic letter between A-Z because query capabilities might be limited for IDs that begin with integers. |
|owner|String|The `appId` of the application that is the owner of the schema extension. This property can be supplied on creation, to set the owner. If not supplied, then the calling application's `appId` will be set as the owner. In either case, the signed-in user must be the owner of the application. So, for example, if creating a new schema extension definition using Graph Explorer, you **must** supply the owner property. Once set, this property is read-only and cannot be changed. Supports `$filter` (`eq`).| |properties|[extensionSchemaProperty](extensionschemaproperty.md) collection|The collection of property names and types that make up the schema extension definition.| |status|String|The lifecycle state of the schema extension. Possible states are **InDevelopment**, **Available**, and **Deprecated**. Automatically set to **InDevelopment** on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|
v1.0 Search Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/search-api-overview.md
Search requests run on behalf of the user. Search results are scoped to enforce
|[Use KQL in query terms](#keyword-query-language-kql-support) | **query** | |[Sort search results](#sort-search-results)| **sort** | |[Refine results using aggregations](#refine-results-using-aggregations)| **aggregations** |
+|[Request spelling correction](#request-spelling-correction)| **queryAlterationOptions** |
+|[Search display layout](#search-display-layout) (preview)| **resultTemplateOptions**|
## Scope search based on entity types
Once the response is returned containing the collection of [searchBucket](search
Aggregations are currently supported for any refinable property on the following SharePoint and OneDrive types: [driveItem](driveitem.md), [listItem](listitem.md), [list](list.md), [site](site.md), and on Microsoft Graph connectors [externalItem](externalconnectors-externalitem.md).
-See [refine search results](/graph/search-concept-aggregation) for examples that show using aggregation to enhance and narrow down search results.
+For examples that show how to use aggregation to enhance and narrow down search results, see [Refine search results](/graph/search-concept-aggregation).
+
+## Request spelling correction
+
+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).
+
+In the request body of the [query](/graph/api/search-query) method, specify the **queryAlterationOptions** that should be applied to the query for the spelling corrections. The description of **queryAlterationOptions** is defined in the [searchRequest](./searchrequest.md).
+
+For examples that show how to use spelling corrections, see [Request spelling correction](/graph/search-concept-speller).
+
+## Search display layout
+
+The search API allows you to render search results from [connectors](/microsoftsearch/connectors-overview) by using the display layout or the result template configured by the IT admin for each connector. The result templates are [Adaptive Cards](https://adaptivecards.io/), which are a semantically meaningful combination of layout and data.
+
+To get the result template in the [searchResponse](searchresponse.md) you have to set the **enableResultTemplate** property to **true**, which is defined in the [resultTemplateOptions](./resulttemplateoption.md) in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [searchHit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is part of the response.
+
+For examples that show how to render search results, see [Use search display layout](/graph/search-concept-display-layout).
## Error handling
Any combinations involving **message**, **event**, SharePoint and OneDrive types
- [Search content in SharePoint and OneDrive](/graph/search-concept-files) - [Sort search results](/graph/search-concept-sort) - [Refine search results](/graph/search-concept-aggregation)
+ - [Request spelling correction](/graph/search-concept-speller)
+ - [Use search display layout](/graph/search-concept-display-layout)
- Explore the search APIs in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). - Find out about the [latest new features and updates](/graph/whats-new-overview) for this API set.
v1.0 Searchalteration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchalteration.md
+
+ Title: "searchAlteration resource type"
+description: "Provides the details about the search alteration for spelling correction."
+ms.localizationpriority: medium
+++
+# searchAlteration resource type
+
+Namespace: microsoft.graph
+
+Provides the details about the search alteration for spelling correction.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|alteredHighlightedQueryString|String| Defines the altered highlighted query string with spelling correction. The annotation around the corrected segment is: `\ue000, \ue001`.|
+|alteredQueryString|String| Defines the altered query string with spelling correction.|
+|alteredQueryTokens|[alteredQueryToken](alteredquerytoken.md) collection| Represents changed segments related to an original user query.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.searchAlteration",
+ "baseType": null
+}-->
+
+```json
+{
+ "alteredHighlightedQueryString": "String",
+ "alteredQueryString": "String",
+ "alteredQueryTokens": [{"@odata.type": "microsoft.graph.alteredQueryToken"}]
+}
+```
v1.0 Searchalterationoptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchalterationoptions.md
+
+ Title: "searchAlterationOptions resource type"
+description: "Provides the search alteration options for spelling correction."
+ms.localizationpriority: medium
+++
+# searchAlterationOptions resource type
+
+Namespace: microsoft.graph
+
+Provides the search alteration options for spelling correction.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|enableModification|Boolean|Indicates whether spelling modifications are enabled. If enabled, the user will get the search results for the corrected query *in case of no results* for the original query with typos. The [response](/graph/api/resources/searchresponse) will also include the spelling modification information in the **queryAlterationResponse** property. Optional.|
+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse) for the typos in the query. Optional.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.searchAlterationOptions",
+ "baseType": null
+}-->
+
+```json
+{
+ "enableModification": "Boolean",
+ "enableSuggestion": "Boolean"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "searchAlterationOptions resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Searchhit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchhit.md
Represents a single result within the list of search results.
| Property | Type | Description | |:-|:|:|
+|contentSource|String|The name of the content source which the **externalItem** is part of .|
|hitId|String|The internal identifier for the item.| |rank|Int32|The rank or the order of the result.|
-|contentSource|String|The name of the content source which the **externalItem** is part of .|
-|summary|String|A summary of the result, if a summary is available.|
+|resultTemplateId|String|ID of the result template used to render the search result. This ID must map to a display layout in the **resultTemplates** dictionary that is also included in the [searchResponse](searchresponse.md).|
|resource|[entity](entity.md)|The underlying Microsoft Graph representation of the search result.|
+|summary|String|A summary of the result, if a summary is available.|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "hitId": "String",
- "rank": 1,
- "summary": "String",
"contentSource": "String",
- "resource": { "@odata.type": "microsoft.graph.entity" }
+ "hitId": "String",
+ "rank": "Int32",
+ "resultTemplateId": "String",
+ "resource": { "@odata.type": "microsoft.graph.entity" },
+ "summary": "String"
} ```
v1.0 Searchrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchrequest.md
The JSON blob contains the types of resources expected in the response, the unde
## Properties
-| Property | Type | Description
-|:-|:|:
-|aggregations|[aggregationOption](aggregationOption.md) collection|Specifies aggregations (also known as refiners) to be returned alongside search results. Optional.|
+| Property | Type | Description|
+|:-|:|:|
|aggregationFilters|String collection|Contains one or more filters to obtain search results aggregated and filtered to a specific value of a field. Optional.<br>Build this filter based on a prior search that aggregates by the same field. From the response of the prior search, identify the [searchBucket](searchBucket.md) that filters results to the specific value of the field, use the string in its **aggregationFilterToken** property, and build an aggregation filter string in the format **"{field}:\\"{aggregationFilterToken}\\""**. <br>If multiple values for the same field need to be provided, use the strings in its **aggregationFilterToken** property and build an aggregation filter string in the format **"{field}:or(\\"{aggregationFilterToken1}\\",\\"{aggregationFilterToken2}\\")"**. <br>For example, searching and aggregating drive items by file type returns a **searchBucket** for the file type `docx` in the response. You can conveniently use the **aggregationFilterToken** returned for this **searchBucket** in a subsequent search query and filter matches down to drive items of the `docx` file type. [Example 1](/graph/search-concept-aggregation#example-1-request-aggregations-by-string-fields) and [example 2](/graph/search-concept-aggregation#example-2-apply-an-aggregation-filter-based-on-a-previous-request) show the actual requests and responses.|
+|aggregations|[aggregationOption](aggregationOption.md) collection|Specifies aggregations (also known as refiners) to be returned alongside search results. Optional.|
|contentSources|String collection|Contains the connection to be targeted.| |enableTopResults|Boolean|This triggers hybrid sort for messages : the first 3 messages are the most relevant. This property is only applicable to entityType=`message`. Optional.| |entityTypes|entityType collection| One or more types of resources expected in the response. Possible values are: `list`, `site`, `listItem`, `message`, `event`, `drive`, `driveItem`, `externalItem`. See [known limitations](search-api-overview.md#known-limitations) for those combinations of two or more entity types that are supported in the same search request. Required.|
-|fields|String collection |Contains the fields to be returned for each resource object specified in **entityTypes**, allowing customization of the fields returned by default otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive. Optional.|
+|fields|String collection |Contains the fields to be returned for each resource object specified in **entityTypes**, allowing customization of the fields returned by default; otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive, or custom fields in **externalItem** from the content that Microsoft Graph connectors bring in. The **fields** property can use the [semantic labels](/microsoftsearch/configure-connector#step-6-assign-property-labels) applied to properties. For example, if a property is labeled as title, you can retrieve it using the following syntax: `label_title`. Optional.|
|from|Int32|Specifies the offset for the search results. Offset 0 returns the very first result. Optional.| |query|[searchQuery](searchquery.md)|Contains the query terms. Required.|
+|queryAlterationOptions|[searchAlterationOptions](searchalterationoptions.md)|Query alteration options formatted in a JSON blob that contains two optional flags related to spelling correction. Optional. |
+|resultTemplateOptions|[resultTemplateOption](resulttemplateoption.md) collection|Provides the search result template options to render search results from connectors.|
|size|Int32|The size of the page to be retrieved. Optional.| |sortProperties|[sortProperty](sortProperty.md) collection|Contains the ordered collection of fields and direction to sort results. There can be at most 5 sort properties in the collection. Optional.|
The following is a JSON representation of the resource.
```json {
+ "aggregationFilters": ["String"],
+ "aggregations": {"@odata.type": "microsoft.graph.aggregationOption"},
+ "enableTopResults": "Boolean",
"entityTypes": ["String"], "contentSources": ["String"],
- "query": {"@odata.type": "microsoft.graph.searchQuery"},
- "from": 1024,
- "size": 1024,
"fields": ["String"],
- "enableTopResults": true
+ "from": "Int32",
+ "query": {"@odata.type": "microsoft.graph.searchQuery"},
+ "queryAlterationOptions": {"@odata.type": "microsoft.graph.searchAlterationOptions"},
+ "resultTemplateOptions": [{"@odata.type": "microsoft.graph.resultTemplateOption"}],
+ "size": "Int32"
} ```
The following is a JSON representation of the resource.
- Search content in SharePoint and OneDrive ([files, lists and sites](/graph/search-concept-files)) - [Sort](/graph/search-concept-sort) search results - Use [aggregations](/graph/search-concept-aggregations) to refine search results-
+- Use [display layout](/graph/search-concept-display-layout.md)
+- Enable [spell corrections](/graph/search-concept-speller) in search results
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
v1.0 Searchresponse https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchresponse.md
Represents results from a search query, and the terms used for the query.
| Property | Type | Description | |:-|:|:| |hitsContainers|[searchHitsContainer](searchhitscontainer.md) collection|A collection of search results.|
+|resultTemplates|[resultTemplate](resulttemplate.md) collection|A dictionary of **resultTemplateIds** and associated values, which include the name and JSON schema of the result templates.|
|searchTerms|String collection|Contains the search terms sent in the initial search query.|
+|queryAlterationResponse|[alterationResponse](alterationresponse.md)|Provides information related to spelling corrections in the alteration response.|
## JSON representation
The following is a JSON representation of the resource.
```json { "hitsContainers": [{"@odata.type": "microsoft.graph.searchHitsContainer"}],
+ "queryAlterationResponse": {"@odata.type": "microsoft.graph.alterationResponse"},
+ "resultTemplates": [{"@odata.type":"microsoft.graph.resultTemplateDictionary"}],
"searchTerms": ["String"] } ```
v1.0 Serviceannouncement https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceannouncement.md
A top-level container for service communications resources.
None. ## Relationships
-|Property|Type|Description|
+|Relationship|Type|Description|
|-|-|-| |messages|Collection([serviceUpdateMessage](serviceupdatemessage.md))|A collection of service messages for tenant. This property is a contained navigation property, it is nullable and readonly.| |healthOverviews|Collection([serviceHealth](servicehealth.md))|A collection of service health information for tenant. This property is a contained navigation property, it is nullable and readonly.|
v1.0 Serviceplaninfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceplaninfo.md
Here is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "provisioningStatus": "string",
- "servicePlanId": "guid",
- "servicePlanName": "string"
+ "appliesTo": "String",
+ "provisioningStatus": "String",
+ "servicePlanId": "Guid",
+ "servicePlanName": "String"
} ```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|appDisplayName|String|The display name exposed by the associated application.| |appId|String|The unique identifier for the associated application (its **appId** property). Supports `$filter` (`eq`, `ne`, `not`, `in`, `startsWith`).| |applicationTemplateId|String|Unique identifier of the applicationTemplate that the servicePrincipal was created from. Read-only. Supports `$filter` (`eq`, `ne`, `NOT`, `startsWith`).|
-|appOwnerOrganizationId|String|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications. Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications. Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
|appRoleAssignmentRequired|Boolean|Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is `false`. Not nullable. <br><br>Supports `$filter` (`eq`, `ne`, `NOT`). | |appRoles|[appRole](approle.md) collection|The roles exposed by the application which this service principal represents. For more information see the **appRoles** property definition on the [application](application.md) entity. Not nullable. | | deletedDateTime | DateTimeOffset | The date and time the service principal was deleted. Read-only. |
Here is a JSON representation of the resource
{ "accountEnabled": true, "addIns": [{"@odata.type": "microsoft.graph.addIn"}],
- "alternativeNames": ["string"] ,
- "appDisplayName": "string",
- "appId": "string",
- "appOwnerOrganizationId": "guid",
+ "alternativeNames": ["String"] ,
+ "appDisplayName": "String",
+ "appId": "String",
+ "appOwnerOrganizationId": "Guid",
"appRoleAssignmentRequired": true, "appRoles": [{"@odata.type": "microsoft.graph.appRole"}],
- "disabledByMicrosoftStatus": "string",
- "displayName": "string",
- "homepage": "string",
- "id": "string (identifier)",
+ "disabledByMicrosoftStatus": "String",
+ "displayName": "String",
+ "homepage": "String",
+ "id": "String (identifier)",
"info": {"@odata.type": "microsoft.graph.informationalUrl"}, "keyCredentials": [{"@odata.type": "microsoft.graph.keyCredential"}],
- "logoutUrl": "string",
- "notes": "string",
+ "logoutUrl": "String",
+ "notes": "String",
"oauth2PermissionScopes": [{"@odata.type": "microsoft.graph.permissionScope"}], "passwordCredentials": [{"@odata.type": "microsoft.graph.passwordCredential"}],
- "replyUrls": ["string"],
- "servicePrincipalNames": ["string"],
- "servicePrincipalType": "string",
- "tags": ["string"],
+ "replyUrls": ["String"],
+ "servicePrincipalNames": ["String"],
+ "servicePrincipalType": "String",
+ "tags": ["String"],
"tokenEncryptionKeyId": "String", "verifiedPublisher": {"@odata.type": "microsoft.graph.verifiedPublisher"} }
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/subscribedsku.md
The following is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "capabilityStatus": "string",
+ "appliesTo": "String",
+ "capabilityStatus": "String",
"consumedUnits": 1024,
- "id": "string (identifier)",
+ "id": "String (identifier)",
"prepaidUnits": {"@odata.type": "microsoft.graph.licenseUnitsDetail"}, "servicePlans": [{"@odata.type": "microsoft.graph.servicePlanInfo"}],
- "skuId": "guid",
- "skuPartNumber": "string"
+ "skuId": "Guid",
+ "skuPartNumber": "String"
} ```
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/subscription.md
For the possible resource path values for each supported resource and to learn h
| SharePoint **list** | 42300 minutes (under 30 days) | | Outlook **message**, **event**, **contact** | 4230 minutes (under 3 days) | | **user**, **group**, other directory resources | 41760 minutes (under 29 days) |
+| **presence** | 60 minutes (1 hour) |
| Print **printer** | 4230 minutes (under 3 days) | | Print **printTaskDefinition** | 4230 minutes (under 3 days) |
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/user.md
This resource supports:
### mail and proxyAddresses properties **mail** and **proxyAddresses** are both email-related properties. **proxyAddresses** is a collection of addresses only relevant for Microsoft Exchange server. It's used to store a list of mail addresses for a user that are tied to a single mailbox. **mail** property is used as the user's email address for various purposes including user sign in and defines the primary proxy address.
-Both **mail** and **proxyAddresses** can be retrieved through the [GET user](add link) API on MS Graph. **mail** can be updated via the [PATCH method of the Update user](add link) API, but **proxyAddresses** can't be updated via Microsoft Graph. When a user's **mail** property is updated, it triggers recalculation of **proxyAddresses** and the newly updated mail is set to be the primary proxy address, except in the following scenarios:
+Both **mail** and **proxyAddresses** can be retrieved through the [GET user](/graph/api/user-get) API on MS Graph. **mail** can be updated via the [PATCH method of the Update user](/graph/api/user-update) API, but **proxyAddresses** can't be updated via Microsoft Graph. When a user's **mail** property is updated, it triggers recalculation of **proxyAddresses** and the newly updated mail is set to be the primary proxy address, except in the following scenarios:
1. If a user has a license that includes Microsoft Exchange, all their proxy addresses must belong to a verified domain on the tenant. Any that don't belong to verified domains are silently removed. 2. A user's mail will NOT be set to the primary proxy address if the user is a guest and the primary proxy address contains the guest user UPN string with #EXT#.
v1.0 Windowshelloforbusinessauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/windowshelloforbusinessauthenticationmethod.md
Inherits from [authenticationMethod](../resources/authenticationmethod.md).
## Relationships |Relationship|Type|Description| |:|:|:|
-|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides.|
+|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides. Supports `$expand`. <br/><br/>When you get a user's Windows Hello for Business registration information, this property is returned only on a single GET and when you specify `?$expand`. For example, GET `/users/admin@contoso.com/authentication/windowsHelloForBusinessMethods/_jpuR-TGZtk6aQCLF3BQjA2?$expand=device`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
href: api/organizationalbrandinglocalization-update.md - name: Delete href: api/organizationalbrandinglocalization-delete.md
- - name: Policy
- href: resources/policy-overview.md
+ - name: Policies
items:
+ - name: Overview
+ href: resources/policy-overview.md
- name: Activity-based timeout policy href: resources/activitybasedtimeoutpolicy.md items:
items:
href: api/accessreviewinstancedecisionitem-update.md - name: Filter by current user href: api/accessreviewinstancedecisionitem-filterbycurrentuser.md
+ - name: Access review history definition
+ href: resources/accessreviewhistorydefinition.md
+ items:
+ - name: Get
+ href: api/accessreviewhistorydefinition-get.md
+ - name: List
+ href: api/accessreviewset-list-historydefinitions.md
+ - name: Create
+ href: api/accessreviewset-post-historydefinitions.md
+ - name: Access review history instance
+ href: resources/accessreviewhistoryinstance.md
+ items:
+ - name: List
+ href: api/accessreviewhistorydefinition-list-instances.md
+ - name: Generate download URI
+ href: api/accessreviewhistoryinstance-generatedownloaduri.md
- name: Consent requests href: resources/consentrequests-overview.md items: