Updates from: 02/06/2022 02:03:50
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackage List Accesspackagesincompatiblewith https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-accesspackagesincompatiblewith.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/accessPackagesIncompatibleWith
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackagesIncompatibleWith
``` ## Optional query parameters
v1.0 Accesspackage List Incompatibleaccesspackages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatibleaccesspackages.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleAccessPackages
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleAccessPackages
``` ## Optional query parameters
v1.0 Accesspackage List Incompatiblegroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-list-incompatiblegroups.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /identityGovernance/entitlementManagement/accessPackage/{id}/incompatibleGroups
+GET /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleGroups
``` ## Optional query parameters
v1.0 Accesspackageassignmentrequest Reprocess https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-reprocess.md
One of the following permissions is required to call this API. To learn more, in
} --> ```http
-POST /identityGovernance/entitlementManagement/accessPackageAssignmentsRequests/{id}/reprocess
+POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/reprocess
``` ## Request headers
The following is an example of the request.
<!-- { "blockType": "ignored",
- "name": "reprocess_accesspackageassignmentsrequest"
+ "name": "reprocess_accesspackageassignmentrequest"
}--> ```http POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/d82eb508-acc4-43cc-bcf1-7c1c4a2c073b/reprocess
v1.0 Allowedvalue Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/allowedvalue-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Attributeset Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/attributeset-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use the `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter which supports the values `A` and `B`, based on the preferred licensing and payment requirements. If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used. Following are the examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Customsecurityattributedefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition List Allowedvalues https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-list-allowedvalues.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Customsecurityattributedefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/customsecurityattributedefinition-update.md
PATCH /directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefi
|:|:| |Authorization|Bearer {token}. Required.| |Content-Type|application/json. Required.|
+|OData-Version|4.01. Optional.|
+
+> [!NOTE]
+> To update the predefined values for a custom security attribute, you must add the **OData-Version** header and assign it the value `4.01`.
## Request body In the request body, supply *only* the values for properties that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values.
Content-Type: application/json
HTTP/1.1 204 No Content ```
-### Example 2: Deactivate a custom security attribute
+### Example 2: Update the predefined values for a custom security attribute
+
+The following example updates the status of an existing predefined value and adds a new predefined value for a custom security attribute definition.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Update predefined value: `Baker`++ New predefined value: `Skagit`+
+> [!NOTE]
+> For this request, you must add the **OData-Version** header and assign it the value `4.01`.
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` msgraph-interactive
+PATCH https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions/Engineering_Project
+Content-Type: application/json
+OData-Version: 4.01
+
+{
+ "allowedValues@delta": [
+ {
+ "id": "Baker",
+ "isActive": false
+ },
+ {
+ "id": "Skagit",
+ "isActive": true
+ }
+ ]
+}
+```
+
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
+### Example 3: Deactivate a custom security attribute
The following example deactivates a custom security attribute definition.
v1.0 Directory List Attributesets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-attributesets.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory List Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-list-customsecurityattributedefinitions.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
+|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
v1.0 Directory Post Customsecurityattributedefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directory-post-customsecurityattributedefinitions.md
Content-length: 310
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customSecurityAttributeDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/customSecurityAttributeDefinitions/$entity",
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "id": "Engineering_Project",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true
+}
+```
+
+### Example 3: Add a custom security attribute with a list of predefined values
+
+The following example adds a new custom security attribute definition with a list of predefined values as a collection of strings.
+++ Attribute set: `Engineering`++ Attribute: `Project`++ Attribute data type: Collection of Strings++ Predefined values: `Alpine`, `Baker`, `Cascade`+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_customsecurityattributedefinition_allowedvalues"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinitions
+Content-Type: application/json
+
+{
+ "attributeSet": "Engineering",
+ "description": "Active projects for user",
+ "isCollection": true,
+ "isSearchable": true,
+ "name": "Project",
+ "status": "Available",
+ "type": "String",
+ "usePreDefinedValuesOnly": true,
+ "allowedValues": [
+ {
+ "id": "Alpine",
+ "isActive": true
+ },
+ {
+ "id": "Baker",
+ "isActive": true
+ },
+ {
+ "id": "Cascade",
+ "isActive": true
+ }
+ ]
+}
+```
+ #### Response <!-- { "blockType": "response",
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-checkmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmembergroups.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryobject-getmemberobjects.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Meetingregistration Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/meetingregistration-post.md
In the request body, supply a JSON representation of a [meetingRegistration](../
## Response
-If successful, this method returns a `201 Created` response code and [meetingRegistration](../resources/meetingregistration.md) object in the response body.
+If successful, this method returns a `201 Created` response code and a [meetingRegistration](../resources/meetingregistration.md) object in the response body.
> [!NOTE] >
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-get.md
Content-type: application/json
], "signInAudience": "AzureADandPersonalMicrosoftAccount", "tags": [],
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"addIns": [], "api": { "resourceSpecificApplicationPermissions": []
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
Attribute #4
+ Attribute data type: String + Attribute value: `"Public"`
-To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.
+To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.Read.All* or *CustomSecAttributeAssignment.ReadWrite.All* permission.
#### Request
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-update.md
Namespace: microsoft.graph
Update the properties of a [user](../resources/user.md) object. Not all properties can be updated by Member or Guest users with their default permissions without Administrator roles. [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions) to see properties they can manage. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+One of the following pefrmissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
|Permission type | Permissions (from least to most privileged) | |:--|:|
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|assignedLicenses|[assignedLicense](../resources/assignedlicense.md) collection|The licenses that are assigned to the user. Not nullable. | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. **NOTE:** Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |customSecurityAttributes|[customSecurityAttributeValue](../resources/customsecurityattributevalue.md)|An open complex type that holds the value of a custom security attribute that is assigned to a directory object.<br/><br/>To update this property, the calling principal must be assigned the Attribute Assignment Administrator role and must be granted the *CustomSecAttributeAssignment.ReadWrite.All* permission.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates.|
-|employeeId|String|The employee identifier assigned to the user by the organization.|
+|employeeId|String|The employee identifier assigned to the user by the organization. The maximum length is 16 characters.|
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
v1.0 X509certificateauthenticationmethodconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-delete.md
+
+ Title: "Delete x509CertificateAuthenticationMethodConfiguration"
+description: "Delete a x509CertificateAuthenticationMethodConfiguration object and restores all the other properties to their default settings"
+
+ms.localizationpriority: medium
++
+# Delete x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Restore the [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object to its default configuration.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "delete_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-get.md
+
+ Title: "Get x509CertificateAuthenticationMethodConfiguration"
+description: "Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Get x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Read the configuration details for the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md) in the [authentication methods policy](../resources/authenticationmethodspolicy.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Global Reader
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Optional query parameters
+This method does not support the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+
v1.0 X509certificateauthenticationmethodconfiguration Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-update.md
+
+ Title: "Update x509CertificateAuthenticationMethodConfiguration"
+description: "Update the properties of a x509CertificateAuthenticationMethodConfiguration object."
+
+ms.localizationpriority: medium
++
+# Update x509CertificateAuthenticationMethodConfiguration
+Namespace: microsoft.graph
++
+Update the properties of the [X.509 certificate authentication method](../resources/x509certificateauthenticationmethodconfiguration.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):
+
+* Authentication Policy Administrator
+* Global Administrator
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+The following properties can be updated.
+
+|Property|Type|Description|
+|:|:|:|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
+
+>**Note:** The `@odata.type` property with a value of `#microsoft.graph.x509CertificateAuthenticationMethodConfiguration` must be included in the body.
++
+## Response
+
+If successful, this method returns a `204 No Content` response code and an updated [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_x509certificateauthenticationmethodconfiguration"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [{
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets": [{
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }]
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+Content-Type: application/json
+```
+
v1.0 Authenticationmethodspolicies Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/authenticationmethodspolicies-overview.md
The authentication method policies APIs are used to manage policy settings. For
|[emailauthenticationmethodconfiguration](emailauthenticationmethodconfiguration.md)|Define users who can use email OTP on the Azure AD tenant.| |[passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration](passwordlessmicrosoftauthenticatorauthenticationmethodconfiguration.md) (deprecated)|Define users who can use Passwordless Phone Sign-in to sign in to Azure AD.| |[temporaryaccesspassauthenticationmethodconfiguration](temporaryaccesspassauthenticationmethodconfiguration.md)|Define users who can use Temporary Access Pass to sign in to Azure AD.|
+|[x509CertificateAuthenticationMethodConfiguration](x509CertificateAuthenticationMethodConfiguration.md)|Define users who can use X.509 certificate to sign in to Azure AD.|
## Policies available to push users to set up authentication methods: |Policy | Description |
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
|block| |unknownFutureValue|
+### x509CertificateAuthenticationMode values
+|Member|
+|:|
+|x509CertificateSingleFactor|
+|x509CertificateMultiFactor|
+|unknownFutureValue|
+
+### x509CertificateRuleType values
+|Member|
+|:|
+|issuerSubject|
+|policyOID|
+|unknownFutureValue|
+ ### anniversaryType values |Member|
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licenseAssignmentState.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 Resulttemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/resulttemplate.md
The following is a JSON representation of the resource.
```json {
- "resultTemplateId": {
- "displayName": "String",
- "body": "Json schema"
- }
+ "resultTemplateId": {
+ "displayName": "String",
+ "body": "Json schema"
+ }
} ```
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
This resource supports:
|:|:--|:| | aboutMe | String | A freeform text entry field for the user to describe themselves. <br><br>Returned only on `$select`. | | accountEnabled | Boolean | `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
+| ageGroup | [ageGroup](#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
| assignedLicenses | [assignedLicense](assignedlicense.md) collection | The licenses that are assigned to the user, including inherited (group-based) licenses. <br><br>Not nullable. Supports `$filter` (`eq` and `not`). | | assignedPlans | [assignedPlan](assignedplan.md) collection | The plans that are assigned to the user. Read-only. Not nullable.<br><br>Supports `$filter` (`eq` and `not`). | | birthday | DateTimeOffset | The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z` <br><br>Returned only on `$select`. | | businessPhones | String collection | The telephone numbers for the user. Only one number can be set for this property. <br><br>Read-only for users synced from on-premises directory. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| | city | String | The city in which the user is located. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). |
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| consentProvidedForMinor | [consentProvidedForMinor](#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
| country | String | The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). | | createdDateTime | DateTimeOffset | The date and time the user was created. The value cannot be modified and is automatically populated when the entity is created. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. Property is nullable. A null value indicates that an accurate creation time couldn't be determined for the user. Read-only. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`). | | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`). </ul> <br>Read-only.<br>Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
This resource supports:
| department | String | The name for the department in which the user works. Maximum length is 64 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values). | | displayName | String | The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters.<br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| | externalUserState | String | For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `in`). |
This resource supports:
| isResourceAccount | Boolean | Do not use ΓÇô reserved for future use. | | jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| | lastPasswordChangeDateTime | DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, , whichever date the latest action was performed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. <br><br>Returned only on `$select`. |
-| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
+| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. |
| licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. Read-only. <br><br>Returned only on `$select`. | | mail | String | The SMTP address for the user, for example, `admin@contoso.com`. Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters. <br><br> Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values). | | mailboxSettings | [mailboxSettings](mailboxsettings.md) | Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale, and time zone. For more information, see [User preferences for languages and regional formats](#user-preferences-for-languages-and-regional-formats). <br><br>Returned only on `$select`. |
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 X509certificateauthenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmethodconfiguration.md
+
+ Title: "x509CertificateAuthenticationMethodConfiguration resource type"
+description: "Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationMethodConfiguration resource type
+
+Namespace: microsoft.graph
++
+Represents the details of the Azure AD native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it.
+
+Inherits from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[Get x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-get.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Update x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-update.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Update the properties of a x509CertificateAuthenticationMethodConfiguration object.|
+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Restore the x509CertificateAuthenticationMethodConfiguration object to its default configuration.|
++
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The identifier for the authentication method policy. The value is always `X509Certificate`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|state|authenticationMethodState|The possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|
+|certificateUserBindings|[x509CertificateUserBinding](../resources/x509certificateuserbinding.md) collection|Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The **priority** of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
+|authenticationModeConfiguration|[x509CertificateAuthenticationModeConfiguration](../resources/x509certificateauthenticationmodeconfiguration.md)|Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
++
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of users or groups who are enabled to use the authentication method.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "baseType": "microsoft.graph.authenticationMethodConfiguration",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "String (identifier)",
+ "state": "String",
+ "certificateUserBindings": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+ }
+}
+```
+
v1.0 X509certificateauthenticationmodeconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateauthenticationmodeconfiguration.md
+
+ Title: "x509CertificateAuthenticationModeConfiguration resource type"
+description: "Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings."
+
+ms.localizationpriority: medium
++
+# x509CertificateAuthenticationModeConfiguration resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configurations for the X.509 certificate. This configuration includes the default authentication mode and the different rules of strong authentication bindings.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|rules|[x509CertificateRule](../resources/x509certificaterule.md) collection| Rules are configured in addition to the authentication mode to bind a specific **x509CertificateRuleType** to an **x509CertificateAuthenticationMode**. For example, bind the `policyOID` with identifier `1.32.132.343` to `x509CertificateMultiFactor` authentication mode.|
+|x509CertificateAuthenticationDefaultMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationModeConfiguration",
+ "x509CertificateAuthenticationDefaultMode": "String",
+ "rules": [
+ {
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+ }
+ ]
+}
+```
+
v1.0 X509certificaterule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificaterule.md
+
+ Title: "x509CertificateRule resource type"
+description: "Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode."
+
+ms.localizationpriority: medium
++
+# x509CertificateRule resource type
+
+Namespace: microsoft.graph
++
+Defines the strong authentication configuration rules for the X.509 certificate. Rules are configured in addition to the authentication mode.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|identifier|String| The identifier of the X.509 certificate. Required.|
+|x509CertificateAuthenticationMode|x509CertificateAuthenticationMode| The type of strong authentication mode. The possible values are: `x509CertificateSingleFactor`, `x509CertificateMultiFactor`, `unknownFutureValue`. Required.|
+|x509CertificateRuleType|x509CertificateRuleType| The type of the X.509 certificate mode configuration rule. The possible values are: `issuerSubject`, `policyOID`, `unknownFutureValue`. Required.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateRule"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateRule",
+ "x509CertificateRuleType": "String",
+ "identifier": "String",
+ "x509CertificateAuthenticationMode": "String"
+}
+```
+
v1.0 X509certificateuserbinding https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/x509certificateuserbinding.md
+
+ Title: "x509CertificateUserBinding resource type"
+description: "Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account."
+
+ms.localizationpriority: medium
++
+# x509CertificateUserBinding resource type
+
+Namespace: microsoft.graph
++
+Defines the fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user account.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|priority|Int32|The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the **certificateUserBindings** property of an **x509CertificateAuthenticationMethodConfiguration** object. Required|
+|userProperty|String|Defines the Azure AD user property of the user object to use for the binding. The possible values are: **userPrincipalName**, `onPremisesUserPrincipalName`, `email`. Required.|
+|x509CertificateField|String|The field on the X.509 certificate to use for the binding. The possible values are: `PrincipalName`, `RFC822Name`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.x509CertificateUserBinding"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.x509CertificateUserBinding",
+ "x509CertificateField": "String",
+ "userProperty": "String",
+ "priority": "Integer"
+}
+```
+
v1.0 Accesspackagecatalog Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accesspackagecatalog-update.md
If successful, this method returns a `204 No Content` response code.
} --> ```http
-PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageCatalogs/{accessPackageCatalogId}
+PATCH https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/catalogs/{accessPackageCatalogId}
Content-Type: application/json {
v1.0 Application Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/application-get.md
Content-type: application/json
"addIns": [], "publisherDomain": "contoso.onmicrosoft.com", "signInAudience": "AzureADandPersonalMicrosoftAccount",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"tags": [], "tokenEncryptionKeyId": null, "api": {
v1.0 Channel Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-getallmessages.md
GET /teams/{team-id}/channels/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /teams/{team-id}/channels/getAllMessages?model=A
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chats-getallmessages.md
GET /users/{id | user-principal-name}/chats/getAllMessages
## Optional query parameters
-You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred licensing and payment requirements, as shown in the following examples.
+You can use `model` query parameter, which supports the values `A` and `B`, based on the preferred [licensing and payment model](/graph/teams-licenses),
+as shown in the following examples.
+If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.
```http GET /users/{id | user-principal-name}/chats/getAllMessages?model=A
v1.0 Directoryobject Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Check for membership in a specified list of groups, and return from that list those groups of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
+Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
v1.0 Directoryobject Checkmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-checkmemberobjects.md
doc_type: "apiPageType"
Namespace: microsoft.graph
-Check for membership in a list of groups, administrative units, or directory roles for the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
+Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
## Permissions
v1.0 Directoryobject Getmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmembergroups.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all the group IDs for the groups that the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Directoryobject Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryobject-getmemberobjects.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
+Return all IDs for the groups, administrative units, and directory roles that a [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member of. This function is transitive.
**Note:** Only users and role-enabled groups can be members of directory roles.
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters
-This method supports the $filter [OData query parameter](/graph/query-parameters) to help customize the response.
+This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-get.md
Content-type: application/json
"endpoints": [], "homepage": null, "id": "00af5dfb-85da-4b41-a677-0c6b86dd34f8",
+ "verifiedPublisher": {
+ "displayName": "publisher_contoso",
+ "verifiedPublisherId": "9999999",
+ "addedDateTime": "2021-04-24T17:49:44Z"
+ },
"info": { "termsOfServiceUrl": null, "supportUrl": null,
v1.0 Serviceprincipal List Homerealmdiscoverypolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-list-homerealmdiscoverypolicies.md
HTTP/1.1 200 OK
Content-type: application/json {
- "value": [
- {
- "definition": [
- "definition-value"
- ],
- "displayName": "displayName-value",
- "isOrganizationDefault": true,
- "id": "id-value"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(microsoft.graph.homeRealmDiscoveryPolicy)",
+ "value": [
+ {
+ "id": "6c6f154f-cb39-4ff9-bf5b-62d5ad585cde",
+ "deletedDateTime": null,
+ "definition": [
+ "{\"HomeRealmDiscoveryPolicy\": {\"AccelerateToFederatedDomain\":true, \"PreferredDomain\":\"federated.example.edu\", \"AlternateIdLogin\":{\"Enabled\":true}}}"
+ ],
+ "displayName": "Contoso default HRD Policy",
+ "isOrganizationDefault": false
+ }
+ ]
} ```
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-get.md
For a specific user:
GET /users/{id | userPrincipalName} ```
->**Note:**
-> + When the **userPrincipalName** begins with a `$` character, remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes. For example, `/users('$AdeleVance@contoso.com')`. For details, see the [known issues](/graph/known-issues#users) list.
+> [!TIP]
+>
+> + When the **userPrincipalName** begins with a `$` character, the GET request URL syntax `/users/$x@y.com` fails with a `400 Bad Request` error code. This is because this request URL violates the OData URL convention, which expects only system query options to be prefixed with a `$` character. Remove the slash (/) after `/users` and enclose the **userPrincipalName** in parentheses and single quotes, as follows: `/users('$x@y.com')`. For example, `/users('$AdeleVance@contoso.com')`.
> + To query a B2B user using the **userPrincipalName**, encode the hash (#) character. That is, replace the `#` symbol with `%23`. For example, `/users/AdeleVance_adatum.com%23EXT%23@contoso.com`. For the signed-in user:
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. A global administrator assigned the _Directory.AccessAsUser.All_ delegated permission can update the **accountEnabled** status of all administrators in the tenant.|
-| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| ageGroup | [ageGroup](../resources/user.md#agegroup-values) | Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |businessPhones| String collection | The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property.| |city|String|The city in which the user is located.|
-| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters. |
-| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
+| companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters. |
+| consentProvidedForMinor | [consentProvidedForMinor](../resources/user.md#consentprovidedforminor-values) | Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](../resources/user.md#legal-age-group-property-definitions) for further information. |
|country|String|The country/region in which the user is located; for example, `US` or `UK`.| |department|String|The name for the department in which the user works.| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. |
-| employeeId | String | The employee identifier assigned to the user by the organization. |
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. |
| employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`.| |givenName|String|The given name (first name) of the user.| |employeeHireDate|DateTimeOffset|The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
-|isSyncedFromOnPremises|Boolean| Indicates if this extension property was sycned from onpremises directory using Azure AD Connect. Read-only. |
+|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. |
|name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/licenseassignmentstate.md
The **licenseAssignmentStates** property of the [user](user.md) entity is a coll
|:|:--|:-| |assignedByGroup|string|The id of the group that assigns this license. If the assignment is a direct-assigned license, this field will be Null. Read-Only.| |disabledPlans|Collection(String)|The service plans that are disabled in this assignment. Read-Only.|
-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. Possible values: `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Others`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
+|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|
|lastUpdatedDateTime|DateTimeOffset|The timestamp when the state of the license assignment was last updated.| |skuId|String|The unique identifier for the SKU. Read-Only.|
-|state|String|Indicate the current state of this assignment. Read-Only. Possible values: Active, ActiveWithError, Disabled and Error.|
+|state|String|Indicate the current state of this assignment. Read-Only. The possible values are `Active`, `ActiveWithError`, `Disabled`, and `Error`.|
## JSON representation
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/user.md
This resource supports:
|:|:--|:-| |aboutMe|String|A freeform text entry field for the user to describe themselves. Returned only on `$select`.| |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. This property is required when a user is created. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`). |
-|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `minor`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|ageGroup|[ageGroup](#agegroup-values)|Sets the age group of the user. Allowed values: `null`, `Minor`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|assignedLicenses|[assignedLicense](assignedlicense.md) collection|The licenses that are assigned to the user, including inherited (group-based) licenses. Not nullable. Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |assignedPlans|[assignedPlan](assignedplan.md) collection|The plans that are assigned to the user. Read-only. Not nullable. <br><br>Returned only on `$select`. Supports `$filter` (`eq` and `not`). | |birthday|DateTimeOffset|The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.| |businessPhones|String collection|The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. <br><br>Returned by default. Supports `$filter` (`eq`, `not`, `ge`, `le`, `startsWith`).| |city|String|The city in which the user is located. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
-|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `granted`, `denied` and `notRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
+|companyName | String | The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.<br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+|consentProvidedForMinor|[consentProvidedForMinor](#consentprovidedforminor-values)|Sets whether consent has been obtained for minors. Allowed values: `null`, `Granted`, `Denied` and `NotRequired`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, and `in`).|
|country|String|The country/region in which the user is located; for example, `US` or `UK`. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |createdDateTime | DateTimeOffset |The created date of the user object. Read-only. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | creationType | String | Indicates whether the user account was created through one of the following methods: <br/> <ul><li>As a regular school or work account (`null`). <li>As an external account (`Invitation`). <li>As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). <li>Through self-service sign-up by an internal user using email verification (`EmailVerified`). <li>Through self-service sign-up by an external user signing up through a link that is part of a user flow (`SelfServiceSignUp`).</ul> <br>Read-only.<br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `in`). |
This resource supports:
|department|String|The name for the department in which the user works. Maximum length is 64 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, and `eq` on `null` values).| |displayName|String|The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$orderBy`, and `$search`.| | employeeHireDate | DateTimeOffset | The date and time when the user was hired or will start work in case of a future hire. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).|
-| employeeId | String | The employee identifier assigned to the user by the organization. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
+| employeeId | String | The employee identifier assigned to the user by the organization. The maximum length is 16 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
|employeeOrgData|[employeeOrgData](employeeorgdata.md) |Represents organization data (e.g. division and costCenter) associated with a user. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`).| | employeeType | String | Captures enterprise worker type. For example, `Employee`, `Contractor`, `Consultant`, or `Vendor`. Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`).| |externalUserState|String|For an external user invited to the tenant using the [invitation API](../api/invitation-post.md), this property represents the invited user's invitation status. For invited users, the state can be `PendingAcceptance` or `Accepted`, or `null` for all other users. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not` , `in`).|
This resource supports:
|isResourceAccount|Boolean| Do not use ΓÇô reserved for future use.| |jobTitle|String|The user's job title. Maximum length is 128 characters. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).| |lastPasswordChangeDateTime| DateTimeOffset | The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. <br><br>Returned only on `$select`.|
-|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
+|legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult` and `Adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`.|
|licenseAssignmentStates|[licenseAssignmentState](licenseassignmentstate.md) collection|State of license assignments for this user. Read-only. <br><br>Returned only on `$select`.| |mail|String|The SMTP address for the user, for example, `jeff@contoso.onmicrosoft.com`.<br>Changes to this property will also update the user's **proxyAddresses** collection to include the value as an SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. This property cannot contain accent characters.<br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values).| |mailboxSettings|[mailboxSettings](mailboxsettings.md)|Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale and time zone. <br><br>Returned only on `$select`.|
For example: Cameron is administrator of a directory for an elementary school in
| Member | Description| |:|:-| |null|Default value, no **ageGroup** has been set for the user.|
-|minorWithoutParentalConsent |(Reserved for future use)|
-|minorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
-|adult|The user considered an adult based on the age-related regulations of their country or region.|
-|notAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
-|minorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
+|MinorWithoutParentalConsent |(Reserved for future use)|
+|MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region and the administrator of the account has obtained appropriate consent from a parent or guardian.|
+|Adult|The user considered an adult based on the age-related regulations of their country or region.|
+|NotAdult|The user is from a country or region that has additional age-related regulations (such as the United States, United Kingdom, European Union or South Korea), and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as `notAdult` in regulated countries.|
+|MinorNoParentalConsentRequired|The user is a minor but is from a country or region that has no age-related regulations.|
#### ageGroup values | Member | Description| |:|:--| |null|Default value, no **ageGroup** has been set for the user.|
-|minor|The user is considered a minor.|
-|notAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
-|adult|The user should be a treated as an adult.|
+|Minor|The user is considered a minor.|
+|NotAdult|The user is from a country that has statutory regulations (such as the United States, United Kingdom, European Union or South Korea) and user's age is more than the upper limit of kid age (as per country) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as `notAdult` in regulated countries.|
+|Adult|The user should be a treated as an adult.|
#### consentProvidedForMinor values | Member | Description| |:|:-| |null|Default value, no **consentProvidedForMinor** has been set for the user.|
-|granted|Consent has been obtained for the user to have an account.|
-|denied|Consent has not been obtained for the user to have an account.|
-|notRequired|The user is from a location that does not require consent.|
+|Granted|Consent has been obtained for the user to have an account.|
+|Denied|Consent has not been obtained for the user to have an account.|
+|NotRequired|The user is from a location that does not require consent.|
## Relationships
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
- name: Assignment settings href: resources/educationassignmentsettings.md items:
- - name: Get assignment settings
+ - name: Get
href: api/educationassignmentsettings-get.md
- - name: Update assignment settings
+ - name: Update
href: api/educationassignmentsettings-update.md - name: Assignment defaults href: resources/educationassignmentdefaults.md items:
- - name: Get assignment defaults
+ - name: Get
href: api/educationassignmentdefaults-get.md
- - name: Update assignment defaults
+ - name: Update
href: api/educationassignmentdefaults-update.md - name: Category href: resources/educationcategory.md items:
- - name: Create category
+ - name: Create
href: api/educationclass-post-category.md
- - name: Get category
+ - name: Get
href: api/educationcategory-get.md
- - name: Delete category
+ - name: Delete
href: api/educationcategory-delete.md - name: Rubric href: resources/educationrubric.md items:
- - name: Create rubric
+ - name: Create
href: api/educationuser-post-rubrics.md
- - name: Get rubric
+ - name: Get
href: api/educationrubric-get.md
- - name: Update rubric
+ - name: Update
href: api/educationrubric-update.md
- - name: Delete rubric
+ - name: Delete
href: api/educationrubric-delete.md - name: Submission href: resources/educationsubmission.md