+### Example 1: Retrieve a policy

+#### Request

+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/b2eba9a1-b357-42ee-83a8-336522ed6cbf

+#### Response

+### Example 2: Retrieve the custom extension handlers for a policy

+#### Request

+The following is an example of a request to retrieve the collection of custom extension handlers that are defined for a policy and their associated custom workflow extension.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_accesspackageassignmentpolicy_expand_customextensionhandlers"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197?$expand=customExtensionHandlers($expand=customExtension)

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "id": "4540a08f-8ab5-43f6-a923-015275799197",

+ "displayName": "policy with custom access package workflow extension",

+ "description": "Run specified custom access package workflow extension at different stages.",

+ "canExtend": true,

+ "durationInDays": 0,

+ "expirationDateTime": null,

+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",

+ "accessReviewSettings": null,

+ "requestorSettings": {

+ "scopeType": "AllExistingDirectorySubjects",

+ "acceptRequests": true,

+ "allowedRequestors": []

+ },

+ "requestApprovalSettings": {

+ "isApprovalRequired": false,

+ "isApprovalRequiredForExtension": false,

+ "isRequestorJustificationRequired": false,

+ "approvalMode": "NoApproval",

+ "approvalStages": []

+ },

+ "customExtensionHandlers": [

+ {

+ "id": "5a38d27a-b702-48d9-ac72-dcf158ba1b0d",

+ "stage": "assignmentRequestCreated",

+ "customExtension": {

+ "id": "219f57b6-7983-45a1-be01-2c228b7a43f8",

+ "displayName": "test_action_1",

+ "description": "Test logic app",

+ "createdDateTime": "2022-01-11T05:19:16.97Z",

+ "lastModifiedDateTime": "2022-01-11T05:19:16.97Z",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "resourcegroup",

+ "logicAppWorkflowName": "customextension_test"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"

+ }

+ }

+ }

+ ]

+}

+```

+### Example 1: Update the details of a policy

+#### Request

+#### Response

+### Example 2: Remove the customExtensionHandlers from a policy

+To remove the collection of **customExtensionHandlers** and their associated custom workflow extension objects from a policy, assign an empty collection to the **customExtensionHandlers** object.

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_accesspackageassignmentpolicy_delete_customExtensionHandlers"

+}

+-->

+```http

+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197

+Content-Type: application/json

+{

+ "id": "4540a08f-8ab5-43f6-a923-015275799197",

+ "displayName": "policy with custom access package workflow extension",

+ "description": "Run specified custom access package workflow extension at different stages.",

+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",

+ "expiration": {

+ "type": "afterDuration",

+ "duration": "P365D"

+ },

+ "requestApprovalSettings": null,

+ "requestorSettings": {

+ "acceptRequests": true,

+ "scopeType": "AllExistingDirectorySubjects",

+ "allowedRequestors": []

+ },

+ "accessReviewSettings": null,

+ "customExtensionHandlers": []

+}

+```

+# [JavaScript](#tab/javascript)

+#### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "4540a08f-8ab5-43f6-a923-015275799197",

+ "displayName": "policy with custom access package workflow extension",

+ "description": "Run specified custom access package workflow extension at different stages.",

+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",

+ "expiration": {

+ "type": "afterDuration",

+ "duration": "P365D"

+ },

+ "requestApprovalSettings": null,

+ "requestorSettings": {

+ "acceptRequests": true,

+ "scopeType": "AllExistingDirectorySubjects",

+ "allowedRequestors": []

+ },

+ "accessReviewSettings": null

+}

+```

+ "id": "c0cfd117-f90e-4f48-8226-e282a2ae752c",

+ "requestType": "UserAdd",

+ "requestState": "delivered",

+ "requestStatus": "Delivered",

+ "createdDateTime": "2022-01-07T00:51:12.817Z",

+ "completedDate": "2022-01-07T00:53:15.127Z",

+ "schedule": {

+ "startDateTime": null,

+ "recurrence": null,

+ "expiration": {

+ "endDateTime": null,

+ "duration": null,

+ "type": "notSpecified"

+ }

+ },

+ "customExtensionHandlerInstances": [

+ {

+ "status": "requestReceived",

+ "externalCorrelationId": "08585600902100964604743022906CU13",

+ "customExtensionId": "e59ef33d-7bc4-4b15-8d3c-01153de8a498",

+ "stage": "assignmentRequestCreated"

+ }

+ ]

+ Title: "List customAccessPackageWorkflowExtensions"

+description: "Get a list of the customAccessPackageWorkflowExtension objects and their properties."

+ms.localizationpriority: medium

+# List customAccessPackageWorkflowExtensions

+Namespace: microsoft.graph

+Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties. The resulting list includes all the **customAccessPackageWorkflowExtension** objects for the catalog that the caller has access to read.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions

+```

+## Optional query parameters

+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For example, to search for access packages with a particular name, include a filter such as `$filter=contains(tolower(displayName),'team')` in the query. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_customaccesspackageworkflowextension"

+}

+-->

+``` http

+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.customAccessPackageWorkflowExtension)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions",

+ "value": [

+ {

+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",

+ "displayName": "test_action_0124",

+ "description": "this is for graph testing only",

+ "createdDateTime": "2022-01-24T21:48:57.15Z",

+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",

+ "clientConfiguration": null,

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "test",

+ "logicAppWorkflowName": "elm-extension-email"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"

+ }

+ }

+ ]

+}

+```

+ Title: "Create customAccessPackageWorkflowExtensions"

+description: "Create a new customAccessPackageWorkflowExtension object."

+ms.localizationpriority: medium

+# Create customAccessPackageWorkflowExtensions

+Namespace: microsoft.graph

+Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object and add it to an existing [accessPackageCatalog](../resources/accesspackagecatalog.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EntitlementManagement.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.

+You can specify the following properties when creating a **customAccessPackageWorkflowExtension**.

+|Property|Type|Description|

+|:|:|:|

+|description|String|Description for the customAccessPackageWorkflowExtension object.|

+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|

+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|

+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|

+## Response

+If successful, this method returns a `201 Created` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_customaccesspackageworkflowextension_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions

+Content-Type: application/json

+{

+ "displayName": "test_action_0124",

+ "description": "this is for graph testing only",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "EMLogicApp",

+ "logicAppWorkflowName": "customextension_test"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"

+ }

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",

+ "displayName": "test_action_0124",

+ "description": "this is for graph testing only",

+ "createdDateTime": "2022-01-24T21:48:57.1483656Z",

+ "lastModifiedDateTime": "2022-01-24T21:48:57.1483656Z",

+ "clientConfiguration": null,

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "EMLogicApp",

+ "logicAppWorkflowName": "customextension_test"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"

+ }

+}

+```

+ "status": "done",

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+description: "Use this API to remove a member (user, group, or device) from an administrative unit."

+Use this API to remove a member (user, group, or device) from an administrative unit.

+### Request

+The following is an example of the request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.

+```msgraph-interactive

+### Response

+The following is an example of the response.

+### Request

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+description: "Use this API to get a specific member (user, group, or device) in an administrative unit."

+Use this API to get a specific member (user, group, or device) in an administrative unit.

+If successful, this method returns a `200 OK` response code and a [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object in the response body.

+### Request

+The following is an example of the request.

+```msgraph-interactive

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+GET /directory/administrativeUnits/{id}

+### Request

+GET https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "isMemberManagementRestricted": null,

+ "visibility": "HiddenMembership",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null

+description: "Use this API to get the members list (users, groups, and devices) in an administrative unit."

+Use this API to get the members list (users, groups, and devices) in an administrative unit.

+## Optional query parameters

+This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.

+`$search` is supported on the **displayName** and **description** properties only. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).

+| Header |Value|

+| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |

+If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) objects in the response body. Adding `$ref` at the end of the request returns a collection of only `@odata.id` URLs of the members.

+### Example 1: List member objects

+#### Request

+#### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+### Example 2: List member references

+#### Request

+#### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+description: "Use this API to add a member (user, group, or device) to an administrative unit."

+Use this API to add a member (user, group, or device) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.

+**Note:** Currently, it's only possible to add one member at a time to an administrative unit.`

+In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added.

+In the request body, provide the `id` of the [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object you want to add.

+PATCH /directory/administrativeUnits/{id}

+|description|String|Description for the administrative unit.|

+|displayName|String|Display name for the administrative unit.|

+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.

+### Request

+PATCH https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8

+ "displayName": "Greater Seattle District Technical Schools"

+### Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+### Request

+DELETE https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/0ec9f6a6-159d-4dd8-a563-1f0b5935e80b

+# [PowerShell](#tab/powershell)

+### Response

+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.

+## Examples

+### Example 1: Retrieve an agreement

+#### Request

+GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/0ec9f6a6-159d-4dd8-a563-1f0b5935e80b

+# [PowerShell](#tab/powershell)

+#### Response

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#agreements/$entity",

+ "id": "0ec9f6a6-159d-4dd8-a563-1f0b5935e80b",

+ "displayName": "All users terms of use",

+ "termsExpiration": null,

+ "userReacceptRequiredFrequency": "P90D",

+ "isViewingBeforeAcceptanceRequired": false,

+ "isPerDeviceAcceptanceRequired": false

+}

+```

+### Example 2: Retrieve an agreement and its related files

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_agreement_files"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/093b947f-8363-4979-a47d-4c52b33ee1be?$expand=files

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.agreement"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#agreements(files())/$entity",

+ "id": "0ec9f6a6-159d-4dd8-a563-1f0b5935e80b",

+ "displayName": "All users terms of use",

+ "termsExpiration": null,

+ "userReacceptRequiredFrequency": "P90D",

+ "isViewingBeforeAcceptanceRequired": false,

+ "isPerDeviceAcceptanceRequired": false,

+ "files@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/termsOfUse/agreements('0ec9f6a6-159d-4dd8-a563-1f0b5935e80b')/files",

+ "files": [

+ {

+ "id": "681b73a7-e9ae-4f2d-aca5-9e857599cd15",

+ "fileName": "ToU.pdf",

+ "displayName": "Contoso Terms of Use",

+ "language": "en-GB",

+ "isDefault": true,

+ "isMajorVersion": false,

+ "createdDateTime": "2022-03-02T14:11:32.885186Z",

+ "fileData": null

+ }

+ ]

+ Title: "List acceptances"

+description: "Get the details about the acceptance records for a specific agreement."

+ms.localizationpriority: medium

+# List acceptances

+Namespace: microsoft.graph

+Get the details about the acceptance records for a specific agreement.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AgreementAcceptance.Read, AgreementAcceptance.Read.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identityGovernance/termsOfUse/agreements/{agreementsId}/acceptances

+```

+## Optional query parameters

+This method the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [agreementAcceptance](../resources/agreementacceptance.md) objects in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_agreementacceptance"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/94410bbf-3d3e-4683-8149-f034e55c39dd/acceptances

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.agreementAcceptance)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#agreementAcceptances",

+ "value": [

+ {

+ "id": "94410bbf-3d3e-4683-8149-f034e55c39dd_d4bb5206-77bf-4d5c-96b4-cf7b0ed3be98",

+ "agreementId": "94410bbf-3d3e-4683-8149-f034e55c39dd",

+ "userId": "d4bb5206-77bf-4d5c-96b4-cf7b0ed3be98",

+ "deviceId": "00000000-0000-0000-0000-000000000000",

+ "deviceDisplayName": null,

+ "deviceOSType": null,

+ "deviceOSVersion": null,

+ "agreementFileId": "08033369-8972-42a3-8533-90bbd2757a01",

+ "userDisplayName": "Megan Bowen",

+ "userPrincipalName": "MeganB@Contoso.com",

+ "userEmail": "MeganB@Contoso.com",

+ "recordedDateTime": "2022-03-04T14:11:22.6658376Z",

+ "expirationDateTime": null,

+ "state": "accepted"

+ }

+ ]

+}

+```

+ Title: "List files (localized agreement files)"

+description: "Retrieve all localized files related to an agreement."

+ms.localizationpriority: medium

+# List files (localized agreement files)

+Namespace: microsoft.graph

+Retrieve all localized files related to an agreement.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Agreement.Read.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /agreements/{agreementsId}?$expand=files

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [agreementFileLocalization](../resources/agreementfilelocalization.md) objects in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_agreementfilelocalization"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/94410bbf-3d3e-4683-8149-f034e55c39dd?$expand=files

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.agreementFileLocalization"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#agreements(files())/$entity",

+ "id": "94410bbf-3d3e-4683-8149-f034e55c39dd",

+ "displayName": "Contoso ToU for guest users",

+ "termsExpiration": null,

+ "userReacceptRequiredFrequency": null,

+ "isViewingBeforeAcceptanceRequired": true,

+ "isPerDeviceAcceptanceRequired": false,

+ "files@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/termsOfUse/agreements('94410bbf-3d3e-4683-8149-f034e55c39dd')/files",

+ "files": [

+ {

+ "id": "08033369-8972-42a3-8533-90bbd2757a01",

+ "fileName": "TOU.pdf",

+ "displayName": "Contoso ToU for guest users",

+ "language": "en",

+ "isDefault": true,

+ "isMajorVersion": false,

+ "createdDateTime": "2022-03-04T13:14:13.9361722Z",

+ "fileData": null

+ },

+ {

+ "id": "90d1723c-52c1-40e3-a51a-da99a82c0327",

+ "fileName": "Contoso ToU for guest users (French)",

+ "displayName": "Contoso ToU for guest users (French)",

+ "language": "fr-FR",

+ "isDefault": false,

+ "isMajorVersion": false,

+ "createdDateTime": "2022-03-04T14:38:22.8292386Z",

+ "fileData": null

+ }

+ ]

+}

+```

+ Title: "Create agreementFileLocalization"

+description: "Create a new localized agreement file."

+ms.localizationpriority: medium

+# Create agreementFileLocalization

+Namespace: microsoft.graph

+Create a new localized agreement file.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Agreement.ReadWrite.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /agreements/{agreementsId}/files

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [agreementFileLocalization](../resources/agreementfilelocalization.md) object.

+You can specify the following properties when creating an **agreementFileLocalization**.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|Localized display name of the policy file of an agreement. The localized display name is shown to end users who view the agreement.|

+|fileData|[agreementFileData](../resources/agreementfiledata.md)|Data that represents the terms of use PDF document.|

+|fileName|String|Name of the agreement file (for example, TOU.pdf). |

+|isDefault|Boolean|If none of the languages matches the client preference, indicates whether this is the default agreement file . If none of the files are marked as default, the first one is treated as the default. Read-only.|

+|isMajorVersion|Boolean|Indicates whether the agreement file is a major version update. Major version updates invalidate the agreement's acceptances on the corresponding language.|

+|language|String|The language of the agreement file in the format "languagecode2-country/regioncode2". "languagecode2" is a lowercase two-letter code derived from ISO 639-1, while "country/regioncode2" is derived from ISO 3166 and usually consists of two uppercase letters, or a BCP-47 language tag. For example, U.S. English is `en-US`.|

+## Response

+If successful, this method returns a `200 OK` response code and an [agreementFileLocalization](../resources/agreementfilelocalization.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "ignored",

+ "name": "create_agreementfilelocalization_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/94410bbf-3d3e-4683-8149-f034e55c39dd/files

+Content-Type: application/json

+{

+ "fileName": "Contoso ToU for guest users (French)",

+ "language": "fr-FR",

+ "isDefault": false,

+ "isMajorVersion": false,

+ "displayName": "Contoso ToU for guest users (French)",

+ "fileData": {

+ "data": "JVBERi0xLjUKJb/3ov4KNCAwIG9iago8PCAvTGluZWFyaX//truncated-binary-data"

+ }

+}

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.agreementFileLocalization"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/termsOfUse/agreements('94410bbf-3d3e-4683-8149-f034e55c39dd')/files/$entity",

+ "id": "90d1723c-52c1-40e3-a51a-da99a82c0327",

+ "fileName": "Contoso ToU for guest users (French)",

+ "displayName": "Contoso ToU for guest users (French)",

+ "language": "fr-FR",

+ "isDefault": false,

+ "isMajorVersion": false,

+ "createdDateTime": "2022-03-04T14:38:22.8292386Z",

+ "fileData": {

+ "data": "JVBERi0xLjUKJb/"

+ }

+}

+```

+If successful, this method returns a `204 No Content` response code.

+```msgraph-interactive

+PATCH https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/0ec9f6a6-159d-4dd8-a563-1f0b5935e80b

+ "displayName": "All Contoso volunteers - Terms of use",

+ "isViewingBeforeAcceptanceRequired": true

+# [PowerShell](#tab/powershell)

+ "truncated": true

+HTTP/1.1 204 No Content

+ Title: "Get agreementFile"

+description: "Retrieve the details of the default file for an agreement, including the language and version information. "

+ms.localizationpriority: medium

+# Get agreementFile

+Namespace: microsoft.graph

+Retrieve the details of the default file for an agreement, including the language and version information. The file information is specified through the [agreementFile](../resources/agreementfile.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|Agreement.Read.All, Agreement.ReadWrite.All |

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /agreements/{agreementsId}/file

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [agreementFile](../resources/agreementfile.md) objects in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_agreementfile"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/94410bbf-3d3e-4683-8149-f034e55c39dd/file

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.agreementFile"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/termsOfUse/agreements('94410bbf-3d3e-4683-8149-f034e55c39dd')/file/$entity",

+ "@odata.type": "#microsoft.graph.agreementFileLocalization",

+ "id": "08033369-8972-42a3-8533-90bbd2757a01",

+ "fileName": "TOU.pdf",

+ "displayName": "Contoso ToU for guest users",

+ "language": "en",

+ "isDefault": true,

+ "isMajorVersion": false,

+ "createdDateTime": "2022-03-04T13:14:13.9361722Z",

+ "fileData": null

+}

+```

+ },

+ "windows": null

+|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All|

+GET https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties",

+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",

+ "appDisplayName": "",

+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",

+ "User"

+ ]

+ },

+ {

+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",

+ "deletedDateTime": null,

+ "appDisplayName": "",

+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",

+ "dataType": "String",

+ "isSyncedFromOnPremises": false,

+ "targetObjects": [

+ "User"

+ },

+ "windows" : null

+POST https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties

+ "name": "jobGroup",

+ "dataType": "String",

+ "User"

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",

+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",

+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",

+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",

+ "User"

+| keyId | Guid | The unique identifier for the password.|

+| keyId | Guid | The unique identifier for the password. Required. |

+| windows | [windowsApplication](../resources/windowsapplication.md) | Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store. Includes package SID and redirect URIs for authorization codes and access tokens. |

+ "textBody": "",

+|textBody|String|The task body in text format that typically contains information about the task.|

+|viewpoint|[taskViewpoint](../resources/taskviewpoint.md)|Properties that are personal to a user such as reminderDateTime.|

+ "@odata.type": "#microsoft.graph.task",

+ "textBody": "String",

+ "viewpoint": {

+ "@odata.type": "microsoft.graph.taskViewpoint"

+ "@odata.type": "microsoft.graph.task"

+ "textBody": "",

+ "textBody": "",

+|textBody|String|The task body in text format that typically contains information about the task.|

+|viewpoint|[taskViewpoint](../resources/taskviewpoint.md)|Properties that are personal to a user such as reminderDateTime.|

+ "@odata.type": "#microsoft.graph.task",

+ "textBody": "String",

+ "viewpoint": {

+ "@odata.type": "microsoft.graph.taskViewpoint"

+ "@odata.type": "microsoft.graph.task"

+ "textBody": "",

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}

+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key

+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"

+ocp-client-name: "My Friendly Client"

+ocp-client-version: "1.2"

+### Request

+The following is an example of a request.

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+|maximumAttendeesCount|Int32|The maximum number of customers allowed in the appointment. Required. |

+> [!NOTE]

+> If the maximum number of customers (**maximumAttedeesCount**) allowed in the [service](../resources/bookingservice.md) is greater than 1:

+> - Make sure that the customers exist in the Booking Calendar. If they donΓÇÖt, create using the [Create bookingCustomer](bookingbusiness-post-customers.md) operation.

+> - Pass valid customer IDs when you create or update the appointment. If the customer ID is not valid, that customer won't be included in the appointment object.

+If the maximum number of customers (**maximumAttedeesCount**) allowed in the [service](../resources/bookingservice.md) is greater than 1:

+- Make sure that the customers exist in the Booking Calendar. If they donΓÇÖt, create using the [Create bookingCustomer](bookingbusiness-post-customers.md) operation.

+- Pass valid customer IDs when you create or update the appointment. If the customer ID is not valid, that customer won't be included in the appointment object.

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+> **Note**: The Files tab is native to a channel or chat and is not returned by this API.

+# [Go](#tab/go)

+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|

+### Example 5: Create a group chat with tenant guest user

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_chat_group"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/chats

+Content-Type: application/json

+{

+ "chatType": "group",

+ "topic": "Group chat title",

+ "members": [

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["owner"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"

+ },

+ {

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "roles": ["guest"],

+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chat"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats/$entity",

+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",

+ "topic": "Group chat title",

+ "createdDateTime": "2020-12-04T23:11:16.175Z",

+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",

+ "chatType": "group",

+ "webUrl": "https://teams.microsoft.com/l/chat/19%3A1c5b01696d2e4a179c292bc9cf04e63b@thread.v2/0?tenantId=b33cbe9f-8ebe-4f2a-912b-7e2a427f477f"

+}

+```

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+ Title: "Get cloudPcSnapshot"

+description: "Read the properties and relationships of a cloudPcSnapshot object."

+ms.localizationpriority: medium

+# Get cloudPcSnapshot

+Namespace: microsoft.graph

+Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/virtualEndpoint/snapshots/{cloudPcSnapshotId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_cloudpcsnapshot"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots/A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.cloudPcSnapshot"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",

+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",

+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",

+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",

+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",

+ "status": "ready"

+ }

+}

+```

+ "restorePointSetting": {

+ "frequencyInHours": 16,

+ "userRestoreEnabled": true

+ },

+ "restorePointSetting": {

+ "frequencyInHours": 16,

+ "userRestoreEnabled": true

+ },

+|restorePointSetting|[cloudPcRestorePointSetting](../resources/cloudpcrestorepointsetting.md)|Defines how frequently a restore point is created (that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.|

+ "restorePointSetting": {

+ "frequencyInHours": 16,

+ "userRestoreEnabled": true

+ },

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.

+The following is an example of a request.

+The following is an example of the response.

+ Title: "Get contactMergeSuggestions"

+description: "Read the properties and relationships of a contactMergeSuggestions object."

+ms.localizationpriority: medium

+# Get contactMergeSuggestions

+Namespace: microsoft.graph

+Read the properties and relationships of a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|User.Read, User.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/settings/contactMergeSuggestions

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object in the response body.

+## Examples

+The following is an example of the request to get **contactMergeSuggestions** settings for the user.

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_contactmergesuggestions"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/me/settings/contactMergeSuggestions

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.contactMergeSuggestions",

+ "name": "get_contactmergesuggestions"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "isEnabled": true

+}

+```

+ Title: "Update contactMergeSuggestions"

+description: "Update the properties of a contactMergeSuggestions object."

+ms.localizationpriority: medium

+# Update contactMergeSuggestions

+Namespace: microsoft.graph

+Update the properties of a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|User.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /me/settings/contactMergeSuggestions

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+|Property|Type|Description|

+|:|:|:|

+|isEnabled|Boolean|`true` if the duplicate contact merge suggestions feature is enabled for user; `false` if the feature is disabled. Default is `true`.|

+## Response

+If successful, this method returns a `204 No Content` response code and the value is updated on the backend.

+## Examples

+The following example updates the **isEnabled** privacy setting to disable the duplicate contacts merge suggestions feature.

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_contactmergesuggestions"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/me/settings/contactMergeSuggestions

+Content-Type: application/json

+{

+ "isEnabled": false

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "name": "update_contactmergesuggestions"

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+ Title: "Delete customAccessPackageWorkflowExtension"

+description: "Delete a customAccessPackageWorkflowExtension object."

+ms.localizationpriority: medium

+# Delete customAccessPackageWorkflowExtension

+Namespace: microsoft.graph

+Delete a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object. The custom workflow extension must first be removed from any associated [policies](../resources/accesspackageassignmentpolicy.md) before it can be deleted. Follow these steps to remove the custom workflow extension from any associated policies:

+1. First retrieve the accessPackageCatalogId by calling the [Get accessPackageAssignmentPolicies](accesspackageassignmentpolicy-get.md) operation and appending `?$expand=accessPackage($expand=accessPackageCatalog)` to the query. For example, `https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies?$expand=accessPackage($expand=accessPackageCatalog)`.

+2. Use the access package catalog ID and retrieve the ID of the **customAccessPackageWorkflowExtension** object that you want to delete by running the [LIST customAccessPackageWorkflowExtensions](accesspackagecatalog-list-customaccesspackageworkflowextensions.md) operation.

+3. Call the [Update accessPackageAssignmentPolicy](accesspackageassignmentpolicy-update.md) operation to remove the custom workflow extension object from the policy. For an example, see [Example 2: Remove the customExtensionHandlers from a policy](accesspackageassignmentpolicy-update.md#example-2-remove-the-customextensionhandlers-from-a-policy).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EntitlementManagement.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_customaccesspackageworkflowextension"

+}

+-->

+``` http

+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Response

+```

+ Title: "Get customAccessPackageWorkflowExtension"

+description: "Read the properties and relationships of a customAccessPackageWorkflowExtension object."

+ms.localizationpriority: medium

+# Get customAccessPackageWorkflowExtension

+Namespace: microsoft.graph

+Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object for an [accessPackageCatalog](../resources/accesspackagecatalog.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to retrieve specific properties. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_customaccesspackageworkflowextension"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",

+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",

+ "displayName": "test_action_0124_email",

+ "description": "this is for graph testing only",

+ "createdDateTime": "2022-01-24T21:48:57.15Z",

+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",

+ "clientConfiguration": null,

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "test",

+ "logicAppWorkflowName": "elm-extension-email"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"

+ }

+}

+```

+ Title: "Update customAccessPackageWorkflowExtension"

+description: "Update the properties of a customAccessPackageWorkflowExtension object."

+ms.localizationpriority: medium

+# Update customAccessPackageWorkflowExtension

+Namespace: microsoft.graph

+Update the properties of an existing [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EntitlementManagement.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PUT /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+|Property|Type|Description|

+|:|:|:|

+|description|String|Description for the customAccessPackageWorkflowExtension object.|

+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|

+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|

+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_customaccesspackageworkflowextension"

+}

+-->

+``` http

+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.customAccessPackageWorkflowExtension",

+ "displayName": "test_action_0124_email",

+ "description": "this is for graph testing only"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "displayName": "test_action_0124_email",

+ "description": "this is for graph testing only",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "EMLogicApp",

+ "logicAppWorkflowName": "elm-extension-email"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"

+ }

+}

+```

+ Title: "List memberOf"

+description: "Get groups or administrative units that this device is a direct member of. This operation is not transitive."

+# List memberOf

+Get [groups](../resources/group.md) and [administrative units](../resources/administrativeunit.md) that the device is a direct member of. This operation is not transitive.

+ Title: "List administrativeUnits"

+description: "Retrieve a list of administrativeUnit objects."

+ms.localizationpriority: medium

+# List administrativeUnits

+Namespace: microsoft.graph

+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /administrativeUnits

+GET /directory/administrativeUnits

+```

+## Optional query parameters

+This method supports the `$count`, `$select`, `$search`, `$filter`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_administrativeunits"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/administrativeUnits

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits",

+ "value": [

+ {

+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "isMemberManagementRestricted": null,

+ "visibility": "HiddenMembership",

+ "membershipRule": null,

+ "membershipType": null,

+ "membershipRuleProcessingState": null

+ }

+ ]

+}

+```

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "List administrativeUnits",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+ Title: "Create administrativeUnit"

+description: "Use this API to create a new administrativeUnit."

+ms.localizationpriority: medium

+# Create administrativeUnit

+Namespace: microsoft.graph

+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | AdministrativeUnit.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /administrativeUnits

+POST /directory/administrativeUnits

+```

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required. |

+| Content-type | application/json. Required. |

+## Request body

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.

+## Response

+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_administrativeunit_from_administrativeunits"

+}-->

+```http

+POST https://graph.microsoft.com/beta/administrativeUnits

+Content-type: application/json

+{

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.administrativeUnit"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",

+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",

+ "deletedDateTime": null,

+ "displayName": "Seattle District Technical Schools",

+ "description": "Seattle district technical schools administration",

+ "visibility": "HiddenMembership"

+}

+```

+## See also

+- [Add custom data to resources using extensions](/graph/extensibility-overview)

+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)

+<!--

+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)

+-->

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "Create administrativeUnit",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+ Title: "Delete directorySetting"

+# Delete directorySetting

+Delete a tenant-wide setting.

+DELETE /settings/{directorySettingId}

+```

+<!-- { "blockType": "ignored" } -->

+Delete a group-specific setting.

+```http

+DELETE /groups/{groupId}/settings/{directorySettingId}

+### Request

+```msgraph-interactive

+DELETE https://graph.microsoft.com/beta/settings/3c105fc3-2254-4861-9e2d-d59e2126f3ef

+### Response

+ Title: "Get directorySetting"

+# Get directorySetting

+### List tenant-wide settings

+### List group-specific settings

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Group.Read.All, Group.ReadWrite.All |

+<!-- { "blockType": "ignored" } -->

+Get a tenant-wide setting.

+```http

+GET /settings/{directorySettingId}

+```

+Get a group-specific setting.

+GET /groups/{groupId}/settings/{directorySettingId}

+This method supports the `$select` [OData query parameters](/graph/query-parameters) to help customize the response.

+### Response

+ Title: "Update directorySetting"

+# Update directorySetting

+Update a tenant-wide setting.

+```http

+PATCH /settings/{directorySettingId}

+```

+<!-- { "blockType": "ignored" } -->

+Update a group-specific setting.

+PATCH /groups/{groupId}/settings/{directorySettingId}

+### Request

+```msgraph-interactive

+PATCH https://graph.microsoft.com/beta/settings/3c105fc3-2254-4861-9e2d-d59e2126f3ef

+ "values": [

+ {

+ "name": "CustomBlockedWordsList",

+ "value": "Contoso"

+ }

+ ]

+### Response

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+|:|:|

+| Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All |

+| Delegated (personal Microsoft account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All |

+| Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All |

+description: "Download the contents of the primary stream (file) of a driveItem. Only driveItems with the file property can be downloaded."

+# Download the contents of a driveItem

+Download the contents of the primary stream (file) of a [driveItem](../resources/driveitem.md). Only **driveItems** with the **file** property can be downloaded.

+### Request

+## Downloading files in JavaScript apps

+To download files in a JavaScript app, you cannot use the `/content` API, because this responds with a `302` redirect.

+A `302` redirect is explicitly prohibited when a [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) _preflight_ is required, such as when providing the **Authorization** header.

+Instead, your app needs to select the `@microsoft.graph.downloadUrl` property, which returns the same URL that `/content` directs to.

+This URL can then be requested directly using XMLHttpRequest.

+Because these URLs are pre-authenticated, they can be retrieved without a CORS preflight request.

+### Example

+To retrieve the download URL for a file, first make a request that includes the `@microsoft.graph.downloadUrl` property:

+```http

+GET /drive/items/{item-ID}?select=id,@microsoft.graph.downloadUrl

+```

+This returns the ID and download URL for a file:

+```http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "12319191!11919",

+ "@microsoft.graph.downloadUrl": "https://..."

+}

+```

+You can then make an XMLHttpRequest for the URL provided in `@microsoft.graph.downloadUrl` to retrieve the file.

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+### Example 4: Create a policy and specify the stages to trigger pre-defined custom workflow extensions

+#### Request

+In the following example, the pre-defined **customAccessPackageWorkflowExtension** object is triggered when an access package assigned request is created and when it's granted.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_accesspackageassignmentpolicy_customaccesspackageworkflowextension"

+}-->

+```msgraph-interactive

+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies

+Content-type: application/json

+{

+ "displayName": "extension-policy",

+ "description": "test",

+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",

+ "expiration": {

+ "type": "afterDuration",

+ "duration": "P365D"

+ },

+ "canExtend": false,

+ "requestApprovalSettings": null,

+ "requestorSettings": {

+ "acceptRequests": true,

+ "scopeType": "AllExistingDirectorySubjects",

+ "allowedRequestors": [],

+ "isOnBehalfAllowed": false

+ },

+ "accessReviewSettings": null,

+ "questions": [],

+ "customExtensionHandlers": [

+ {

+ "stage": "assignmentRequestCreated",

+ "customExtension": {

+ "id": "219f57b6-7983-45a1-be01-2c228b7a43f8" //customAccessPackageWorkflowExtension.id

+ }

+ },

+ {

+ "stage": "assignmentRequestGranted",

+ "customExtension": {

+ "id": "219f57b6-7983-45a1-be01-2c228b7a43f8"

+ }

+ }

+ ]

+}

+```

+# [JavaScript](#tab/javascript)

+# [Go](#tab/go)

+#### Response

+The following is an example of the response. The **customExtensionHandlers** object isn't returned by default. To retrieve this object, use the **GET** method with `$expand`. For more information, see [Retrieve the custom extension handlers for a policy](accesspackageassignmentpolicy-get.md#example-2-retrieve-the-custom-extension-handlers-for-a-policy)

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",

+ "displayName": "extension-policy",

+ "description": "test",

+ "canExtend": false,

+ "durationInDays": 0,

+ "expirationDateTime": null,

+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",

+ "accessReviewSettings": null,

+ "questions": [],

+ "requestorSettings": {

+ "scopeType": "AllExistingDirectorySubjects",

+ "acceptRequests": true,

+ "allowedRequestors": []

+ },

+ "requestApprovalSettings": {

+ "isApprovalRequired": false,

+ "isApprovalRequiredForExtension": false,

+ "isRequestorJustificationRequired": false,

+ "approvalMode": "NoApproval",

+ "approvalStages": []

+ }

+}

+```

+To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group. If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role which allows them to modify groups. If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.

+To add an Azure AD application as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadApplication` and the value of the **originId** is the identifier of the [servicePrincipal](../resources/serviceprincipal.md). If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role which allows them to modify application role assignments.

+To add a SharePoint Online site as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `SharePointOnline` and the value of the **originId** is the URI of the [site](../resources/site.md). If using delegated permissions, the user should be in the the SharePoint Administrator role. If using application permissions, the application requesting to add the site should also be assigned the `Sites.FullControl.All` permission. To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:

+To remove a resource from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences&$expand=exceptionOccurrences

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+ Title: "Delete extensionProperty"

+description: "Delete an extensionProperty."

+ms.localizationpriority: medium

+# Delete extensionProperty

+Namespace: microsoft.graph

+Delete an [extensionProperty](../resources/extensionproperty.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |

+|Delegated (personal Microsoft account) | Application.ReadWrite.All |

+|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+DELETE /applications/{id}/extensionProperties/{id}

+```

+## Request headers

+| Name | Description|

+|:--|:-|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_extensionproperty"

+}-->

+```http

+DELETE https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/1f0f15e3-925d-40f0-8fc8-9d3ad135bce0

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "Delete extensionProperty",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "Get extensionProperty"

+description: "Read an extensionProperty object."

+ms.localizationpriority: medium

+# Get extensionProperty

+Namespace: microsoft.graph

+Read an [extensionProperty](../resources/extensionproperty.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All |

+|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All |

+|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /applications/{applicationsId}/extensionProperties/{extensionPropertyId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [extensionProperty](../resources/extensionproperty.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_extensionproperty"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/1f0f15e3-925d-40f0-8fc8-9d3ad135bce0

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.extensionProperty"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",

+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",

+ "deletedDateTime": null,

+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",

+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",

+ "dataType": "String",

+ "isSyncedFromOnPremises": false,

+ "targetObjects": [

+ "User"

+ ]

+}

+```

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|

+> [!IMPORTANT]

+> To remove members from a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.

+### Example 6: Use OData cast to retrieve service principals added as group members

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_members_serviceprincipals"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/groups/3802e9bb-0951-4e18-b9eb-f934b4241194/members/microsoft.graph.servicePrincipal

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+#### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.servicePrincipal",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#servicePrincipals",

+ "value": [

+ {

+ "id": "11111111-2222-3333-4444-555555555555",

+ "deletedDateTime": null,

+ "accountEnabled": true,

+ "appDisplayName": "Contoso Azure App",

+ "appId": "11111111-2222-3333-4444-555555555555",

+ }

+ ]

+}

+```

+ Title: "List settings"

+description: "Retrieve a list of directory setting objects."

+ms.localizationpriority: medium

+# List settings

+Namespace: microsoft.graph

+Retrieve a list of tenant-level or group-specific group settings objects.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### List tenant-wide settings

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Directory.Read.All, Directory.ReadWrite.All |

+### List group-specific settings

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Group.Read.All, Group.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+List tenant-wide or group settings

+```http

+GET /settings

+```

+<!-- { "blockType": "ignored" } -->

+List group-specific settings

+```http

+GET /groups/{groupId}/settings

+```

+## Optional query parameters

+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and collection of [directorySetting](../resources/directorysetting.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_settings_1"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/settings

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.directorySetting",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings",

+ "value": [

+ {

+ "id": "f0b2d6f5-097d-4177-91af-a24e530b53cc",

+ "displayName": "Group.Unified",

+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",

+ "values": [

+ {

+ "name": "EnableMIPLabels",

+ "value": "true"

+ },

+ {

+ "name": "CustomBlockedWordsList",

+ "value": ""

+ },

+ {

+ "name": "EnableMSStandardBlockedWords",

+ "value": "true"

+ },

+ {

+ "name": "ClassificationDescriptions",

+ "value": ""

+ },

+ {

+ "name": "DefaultClassification",

+ "value": ""

+ },

+ {

+ "name": "PrefixSuffixNamingRequirement",

+ "value": "[Contoso-][GroupName]"

+ },

+ {

+ "name": "AllowGuestsToBeGroupOwner",

+ "value": "false"

+ },

+ {

+ "name": "AllowGuestsToAccessGroups",

+ "value": "true"

+ },

+ {

+ "name": "GuestUsageGuidelinesUrl",

+ "value": "https://privacy.contoso.com/privacystatement"

+ },

+ {

+ "name": "GroupCreationAllowedGroupId",

+ "value": ""

+ },

+ {

+ "name": "AllowToAddGuests",

+ "value": "true"

+ },

+ {

+ "name": "UsageGuidelinesUrl",

+ "value": ""

+ },

+ {

+ "name": "ClassificationList",

+ "value": ""

+ },

+ {

+ "name": "EnableGroupCreation",

+ "value": "true"

+ }

+ ]

+ }

+ ]

+}

+```

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+2015-10-25 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "List settings",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+# [Go](#tab/go)

+# [Go](#tab/go)

+### Example 8: List any groups with any licenses

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_groups_with_licenses"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/groups?$select=id,assignedLicenses&$filter=assignedLicenses/any()

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.group",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#groups(id,assignedLicenses)",

+ "value": [

+ {

+ "id": "5caf712c-8483-4b3d-8384-d8da988c0ca4",

+ "assignedLicenses": [

+ {

+ "disabledPlans": [],

+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"

+ }

+ ]

+ },

+ {

+ "id": "aae8ec2a-5a08-4013-ae70-fafbb5c20de1",

+ "assignedLicenses": [

+ {

+ "disabledPlans": [

+ "7547a3fe-08ee-4ccb-b430-5077c5041653"

+ ],

+ "skuId": "18181a46-0d4e-45cd-891e-60aabd171b4e"

+ }

+ ]

+ },

+ {

+ "id": "e55bdaa0-e104-479a-979e-b0457fff6380",

+ "assignedLicenses": [

+ {

+ "disabledPlans": [

+ "7547a3fe-08ee-4ccb-b430-5077c5041653"

+ ],

+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"

+ }

+ ]

+ }

+ ]

+}

+```

+> [!IMPORTANT]

+> To add members to a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.

+ Title: "Create settings"

+# Create settings

+Create a new setting based on the templates available in [directorySettingTemplates](../resources/directorysettingtemplate.md). These settings can be at the tenant-level or at the group level.

+Group settings apply to only Microsoft 365 groups. The template named `Group.Unified` can be used to configure tenant-wide Microsoft 365 group settings, while the template named `Group.Unified.Guest` can be used to configure group-specific settings.

+Create a tenant-wide setting.

+<!-- { "blockType": "ignored" } -->

+```http

+POST /settings

+```

+Create a group-specific setting.

+## Examples

+### Example 1: Create a setting to block guests for a specific Microsoft 365 group

+#### Request

+ "name": "create_groupsetting_from_groupsettings_for_guests"

+POST https://graph.microsoft.com/beta/groups/05aa6a98-956a-45c0-b13b-88076a23f2cd/settings

+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",

+ {

+ "name": "AllowToAddGuests",

+ "value": "false"

+ }

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+#### Response

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",

+ "id": "a06fa228-3042-4662-bd09-33e298da1afe",

+ "displayName": null,

+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",

+ "values": [

+ {

+ "name": "AllowToAddGuests",

+ "value": "false"

+ }

+ ]

+}

+```

+### Example 2: Create a directory or tenant-level setting

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_directorysettings"

+}-->

+```msgraph-interactive

+POST https://graph.microsoft.com/beta/settings

+Content-type: application/json

+{

+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",

+ "values": [

+ {

+ "name": "GuestUsageGuidelinesUrl",

+ "value": "https://privacy.contoso.com/privacystatement"

+ },

+ {

+ "name": "EnableMSStandardBlockedWords",

+ "value": "true"

+ },

+ {

+ "name": "EnableMIPLabels",

+ "value": "true"

+ },

+ {

+ "name": "PrefixSuffixNamingRequirement",

+ "value": "[Contoso-][GroupName]"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.directorySetting"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",

+ "id": "844d252c-4de2-43eb-a784-96df77231aae",

+ "displayName": null,

+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",

+ {

+ "name": "GuestUsageGuidelinesUrl",

+ "value": "https://privacy.contoso.com/privacystatement"

+ },

+ {

+ "name": "EnableMSStandardBlockedWords",

+ "value": "true"

+ },

+ {

+ "name": "EnableMIPLabels",

+ "value": "true"

+ },

+ {

+ "name": "PrefixSuffixNamingRequirement",

+ "value": "[Contoso-][GroupName]"

+ }

+ "id":"GUID",

+ "id":"GUID",

+ "id":"GUID",

+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+ Title: "Get aospDeviceOwnerCertificateProfileBase"

+description: "Read properties and relationships of the aospDeviceOwnerCertificateProfileBase object."

+localization_priority: Normal

+# Get aospDeviceOwnerCertificateProfileBase

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Read properties and relationships of the [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Optional query parameters

+This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1295

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerCertificateProfileBase",

+ "id": "0a3f3f7e-3f7e-0a3f-7e3f-3f0a7e3f3f0a",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7

+ }

+}

+```

+ Title: "List aospDeviceOwnerCertificateProfileBases"

+description: "List properties and relationships of the aospDeviceOwnerCertificateProfileBase objects."

+localization_priority: Normal

+# List aospDeviceOwnerCertificateProfileBases

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+List properties and relationships of the [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md) objects.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1373

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerCertificateProfileBase",

+ "id": "0a3f3f7e-3f7e-0a3f-7e3f-3f0a7e3f3f0a",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7

+ }

+ ]

+}

+```

+ Title: "Create aospDeviceOwnerPkcsCertificateProfile"

+description: "Create a new aospDeviceOwnerPkcsCertificateProfile object."

+localization_priority: Normal

+# Create aospDeviceOwnerPkcsCertificateProfile

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Create a new [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/deviceConfigurations

+POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the aospDeviceOwnerPkcsCertificateProfile object.

+The following table shows the properties that are required when you create the aospDeviceOwnerPkcsCertificateProfile.

+|Property|Type|Description|

+|:|:|:|

+|id|String|Key of the entity. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|lastModifiedDateTime|DateTimeOffset|DateTime the object was last modified. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|roleScopeTagIds|String collection|List of Scope Tags for this Entity instance. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|supportsScopeTags|Boolean|Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsEdition|[deviceManagementApplicabilityRuleOsEdition](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosedition.md)|The OS edition applicability for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsVersion|[deviceManagementApplicabilityRuleOsVersion](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosversion.md)|The OS version applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleDeviceMode|[deviceManagementApplicabilityRuleDeviceMode](../resources/intune-deviceconfig-devicemanagementapplicabilityruledevicemode.md)|The device mode applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|createdDateTime|DateTimeOffset|DateTime the object was created. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|description|String|Admin provided description of the Device Configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|displayName|String|Admin provided name of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|version|Int32|Version of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|certificationAuthority|String|PKCS Certification Authority|

+|certificationAuthorityName|String|PKCS Certification Authority Name|

+|certificationAuthorityType|[deviceManagementCertificationAuthority](../resources/intune-deviceconfig-devicemanagementcertificationauthority.md)|Certification authority type. Possible values are: `notConfigured`, `microsoft`, `digiCert`.|

+|certificateTemplateName|String|PKCS Certificate Template Name|

+|subjectAlternativeNameFormatString|String|Custom String that defines the AAD Attribute.|

+|subjectNameFormatString|String|Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US|

+|certificateStore|[certificateStore](../resources/intune-shared-certificatestore.md)|Target store certificate. Possible values are: `user`, `machine`.|

+|customSubjectAlternativeNames|[customSubjectAlternativeName](../resources/intune-deviceconfig-customsubjectalternativename.md) collection|Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.|

+## Response

+If successful, this method returns a `201 Created` response code and a [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations

+Content-type: application/json

+Content-length: 1663

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+Content-Length: 1835

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "id": "9e0cbf94-bf94-9e0c-94bf-0c9e94bf0c9e",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+}

+```

+ Title: "Delete aospDeviceOwnerPkcsCertificateProfile"

+description: "Deletes a aospDeviceOwnerPkcsCertificateProfile."

+localization_priority: Normal

+# Delete aospDeviceOwnerPkcsCertificateProfile

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Deletes a [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md).

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Example

+### Request

+Here is an example of the request.

+``` http

+DELETE https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get aospDeviceOwnerPkcsCertificateProfile"

+description: "Read properties and relationships of the aospDeviceOwnerPkcsCertificateProfile object."

+localization_priority: Normal

+# Get aospDeviceOwnerPkcsCertificateProfile

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Read properties and relationships of the [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Optional query parameters

+This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1946

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "id": "9e0cbf94-bf94-9e0c-94bf-0c9e94bf0c9e",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+ }

+}

+```

+ Title: "List aospDeviceOwnerPkcsCertificateProfiles"

+description: "List properties and relationships of the aospDeviceOwnerPkcsCertificateProfile objects."

+localization_priority: Normal

+# List aospDeviceOwnerPkcsCertificateProfiles

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+List properties and relationships of the [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) objects.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 2052

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "id": "9e0cbf94-bf94-9e0c-94bf-0c9e94bf0c9e",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+ }

+ ]

+}

+```

+ Title: "Update aospDeviceOwnerPkcsCertificateProfile"

+description: "Update the properties of a aospDeviceOwnerPkcsCertificateProfile object."

+localization_priority: Normal

+# Update aospDeviceOwnerPkcsCertificateProfile

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Update the properties of a [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object.

+The following table shows the properties that are required when you create the [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md).

+|Property|Type|Description|

+|:|:|:|

+|id|String|Key of the entity. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|lastModifiedDateTime|DateTimeOffset|DateTime the object was last modified. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|roleScopeTagIds|String collection|List of Scope Tags for this Entity instance. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|supportsScopeTags|Boolean|Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsEdition|[deviceManagementApplicabilityRuleOsEdition](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosedition.md)|The OS edition applicability for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsVersion|[deviceManagementApplicabilityRuleOsVersion](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosversion.md)|The OS version applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleDeviceMode|[deviceManagementApplicabilityRuleDeviceMode](../resources/intune-deviceconfig-devicemanagementapplicabilityruledevicemode.md)|The device mode applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|createdDateTime|DateTimeOffset|DateTime the object was created. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|description|String|Admin provided description of the Device Configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|displayName|String|Admin provided name of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|version|Int32|Version of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|certificationAuthority|String|PKCS Certification Authority|

+|certificationAuthorityName|String|PKCS Certification Authority Name|

+|certificationAuthorityType|[deviceManagementCertificationAuthority](../resources/intune-deviceconfig-devicemanagementcertificationauthority.md)|Certification authority type. Possible values are: `notConfigured`, `microsoft`, `digiCert`.|

+|certificateTemplateName|String|PKCS Certificate Template Name|

+|subjectAlternativeNameFormatString|String|Custom String that defines the AAD Attribute.|

+|subjectNameFormatString|String|Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US|

+|certificateStore|[certificateStore](../resources/intune-shared-certificatestore.md)|Target store certificate. Possible values are: `user`, `machine`.|

+|customSubjectAlternativeNames|[customSubjectAlternativeName](../resources/intune-deviceconfig-customsubjectalternativename.md) collection|Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [aospDeviceOwnerPkcsCertificateProfile](../resources/intune-deviceconfig-aospdeviceownerpkcscertificateprofile.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+PATCH https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+Content-type: application/json

+Content-length: 1663

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1835

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerPkcsCertificateProfile",

+ "id": "9e0cbf94-bf94-9e0c-94bf-0c9e94bf0c9e",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "certificationAuthority": "Certification Authority value",

+ "certificationAuthorityName": "Certification Authority Name value",

+ "certificationAuthorityType": "microsoft",

+ "certificateTemplateName": "Certificate Template Name value",

+ "subjectAlternativeNameFormatString": "Subject Alternative Name Format String value",

+ "subjectNameFormatString": "Subject Name Format String value",

+ "certificateStore": "machine",

+ "customSubjectAlternativeNames": [

+ {

+ "@odata.type": "microsoft.graph.customSubjectAlternativeName",

+ "sanType": "emailAddress",

+ "name": "Name value"

+ }

+ ]

+}

+```

+ Title: "Create aospDeviceOwnerTrustedRootCertificate"

+description: "Create a new aospDeviceOwnerTrustedRootCertificate object."

+localization_priority: Normal

+# Create aospDeviceOwnerTrustedRootCertificate

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Create a new [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/deviceConfigurations

+POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the aospDeviceOwnerTrustedRootCertificate object.

+The following table shows the properties that are required when you create the aospDeviceOwnerTrustedRootCertificate.

+|Property|Type|Description|

+|:|:|:|

+|id|String|Key of the entity. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|lastModifiedDateTime|DateTimeOffset|DateTime the object was last modified. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|roleScopeTagIds|String collection|List of Scope Tags for this Entity instance. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|supportsScopeTags|Boolean|Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsEdition|[deviceManagementApplicabilityRuleOsEdition](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosedition.md)|The OS edition applicability for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsVersion|[deviceManagementApplicabilityRuleOsVersion](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosversion.md)|The OS version applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleDeviceMode|[deviceManagementApplicabilityRuleDeviceMode](../resources/intune-deviceconfig-devicemanagementapplicabilityruledevicemode.md)|The device mode applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|createdDateTime|DateTimeOffset|DateTime the object was created. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|description|String|Admin provided description of the Device Configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|displayName|String|Admin provided name of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|version|Int32|Version of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|trustedRootCertificate|Binary|Trusted Root Certificate|

+|certFileName|String|File name to display in UI.|

+## Response

+If successful, this method returns a `201 Created` response code and a [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations

+Content-type: application/json

+Content-length: 1148

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+Content-Length: 1320

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "id": "fa03dc2b-dc2b-fa03-2bdc-03fa2bdc03fa",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+}

+```

+ Title: "Delete aospDeviceOwnerTrustedRootCertificate"

+description: "Deletes a aospDeviceOwnerTrustedRootCertificate."

+localization_priority: Normal

+# Delete aospDeviceOwnerTrustedRootCertificate

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Deletes a [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md).

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+DELETE /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Example

+### Request

+Here is an example of the request.

+``` http

+DELETE https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get aospDeviceOwnerTrustedRootCertificate"

+description: "Read properties and relationships of the aospDeviceOwnerTrustedRootCertificate object."

+localization_priority: Normal

+# Get aospDeviceOwnerTrustedRootCertificate

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Read properties and relationships of the [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Optional query parameters

+This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1407

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "id": "fa03dc2b-dc2b-fa03-2bdc-03fa2bdc03fa",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+ }

+}

+```

+ Title: "List aospDeviceOwnerTrustedRootCertificates"

+description: "List properties and relationships of the aospDeviceOwnerTrustedRootCertificate objects."

+localization_priority: Normal

+# List aospDeviceOwnerTrustedRootCertificates

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+List properties and relationships of the [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) objects.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/deviceConfigurations

+GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1489

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "id": "fa03dc2b-dc2b-fa03-2bdc-03fa2bdc03fa",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+ }

+ ]

+}

+```

+ Title: "Update aospDeviceOwnerTrustedRootCertificate"

+description: "Update the properties of a aospDeviceOwnerTrustedRootCertificate object."

+localization_priority: Normal

+# Update aospDeviceOwnerTrustedRootCertificate

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Update the properties of a [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object.

+## Prerequisites

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration

+PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer &lt;token&gt; Required.|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object.

+The following table shows the properties that are required when you create the [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md).

+|Property|Type|Description|

+|:|:|:|

+|id|String|Key of the entity. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|lastModifiedDateTime|DateTimeOffset|DateTime the object was last modified. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|roleScopeTagIds|String collection|List of Scope Tags for this Entity instance. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|supportsScopeTags|Boolean|Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsEdition|[deviceManagementApplicabilityRuleOsEdition](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosedition.md)|The OS edition applicability for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleOsVersion|[deviceManagementApplicabilityRuleOsVersion](../resources/intune-deviceconfig-devicemanagementapplicabilityruleosversion.md)|The OS version applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|deviceManagementApplicabilityRuleDeviceMode|[deviceManagementApplicabilityRuleDeviceMode](../resources/intune-deviceconfig-devicemanagementapplicabilityruledevicemode.md)|The device mode applicability rule for this Policy. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|createdDateTime|DateTimeOffset|DateTime the object was created. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|description|String|Admin provided description of the Device Configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|displayName|String|Admin provided name of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|version|Int32|Version of the device configuration. Inherited from [deviceConfiguration](../resources/intune-shared-deviceconfiguration.md)|

+|trustedRootCertificate|Binary|Trusted Root Certificate|

+|certFileName|String|File name to display in UI.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [aospDeviceOwnerTrustedRootCertificate](../resources/intune-deviceconfig-aospdeviceownertrustedrootcertificate.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+PATCH https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}

+Content-type: application/json

+Content-length: 1148

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 1320

+{

+ "@odata.type": "#microsoft.graph.aospDeviceOwnerTrustedRootCertificate",

+ "id": "fa03dc2b-dc2b-fa03-2bdc-03fa2bdc03fa",

+ "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",

+ "roleScopeTagIds": [

+ "Role Scope Tag Ids value"

+ ],

+ "supportsScopeTags": true,

+ "deviceManagementApplicabilityRuleOsEdition": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",

+ "osEditionTypes": [

+ "windows10EnterpriseN"

+ ],

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleOsVersion": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",

+ "minOSVersion": "Min OSVersion value",

+ "maxOSVersion": "Max OSVersion value",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "deviceManagementApplicabilityRuleDeviceMode": {

+ "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",

+ "deviceMode": "sModeConfiguration",

+ "name": "Name value",

+ "ruleType": "exclude"

+ },

+ "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",

+ "description": "Description value",

+ "displayName": "Display Name value",

+ "version": 7,

+ "trustedRootCertificate": "dHJ1c3RlZFJvb3RDZXJ0aWZpY2F0ZQ==",

+ "certFileName": "Cert File Name value"

+}

+```

+|Permission type | Permissions (from least to most privileged)|

+|:--|:-|

+|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|

+|Delegated (personal Microsoft account) | Not supported.|

+|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|

+## Request headers

+| Name | Description |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [itemActivityStats][] object in the response body.

+### Request

+The following is an example of a request.

+### Response

+The following is an example of the response.

+[itemActivityStats]: ../resources/itemactivitystat.md

+|Permission type | Permissions (from least to most privileged)|

+|:--|:-|

+|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|

+|Delegated (personal Microsoft account) | Not supported.|

+|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|

+## Optional query parameters

+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+| Name | Description |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [itemAnalytics][] objects in the response body.

+### Request

+The following is an example of a request.

+# [Go](#tab/go)

+### Response

+The following is an example of the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of a [list][] object.

+## Response

+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.

+## Examples

+### Request

+The following is an example of how to create a new generic list.

+> **Note:** Custom columns are optional.

+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.

+If the **list** facet or **template** is not specified, the list defaults to the `genericList` template, which includes a _Title_ column.

+### Response

+The following is an example of the response.

+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.

+## Request headers

+| Name | Description |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [list][] objects in the response body.

+The following is an example of a request.

+The following is an example of the response.

+[lists]: ../resources/list.md

+[list]: ../resources/list.md

+[site]: ../resources/site.md

+[system]: ../resources/systemfacet.md

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {code}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [listItem][item] objects in the response body.

+### Request

+The following is an example of a request.

+### Response

+The following is an example of the response.

+ Title: "managedDevice: bulkRestoreCloudPc"

+description: "Restore multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices and a restore point date and time."

+ms.localizationpriority: medium

+# managedDevice: bulkRestoreCloudPc

+Namespace: microsoft.graph

+Restore multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices and a restore point date and time.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CloudPC.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CloudPC.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/managedDevices/bulkRestoreCloudPc

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the parameters.

+The following table shows the parameters that can be used with this action.

+|Parameter|Type|Description|

+|:|:|:|

+|managedDeviceIds|String collection|The IDs of the Cloud PC devices.|

+|restorePointDateTime|DateTimeOffset|The UTC time point for the selected Cloud PC devices to restore to a previous state. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is '2014-01-01T00:00:00Z'.|

+|timeRange|[restoreTimeRange](#restoretimerange-values)|The time range of the restore point. Possible values are: `before`, `after`, `beforeOrAfter`, `unknownFutureValue`.|

+### restoreTimeRange values

+|Member|Description|

+|:|:|

+|before|Choose the closest snapshot before the selected time point.|

+|after|Choose the closest snapshot after the selected time point.|

+|beforeOrAfter|Choose the closest snapshot around the selected time point.|

+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

+## Response

+If successful, this action returns a `200 OK` response code and a [cloudPcBulkRemoteActionResult](../resources/cloudpcbulkremoteactionresult.md) in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "manageddevicethis.bulkrestorecloudpc"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/managedDevices/bulkRestoreCloudPc

+Content-Type: application/json

+Content-length: 123

+{

+ "managedDeviceIds": [

+ "30d0e128-de93-41dc-89ec-33d84bb662a0",

+ "7c82a3e3-9459-44e4-94d9-b92f93bf78dd"

+ ],

+ "restorePointDateTime": "2021-09-23T04:00:00.0000000",

+ "timeRange": "before"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.cloudPcBulkRemoteActionResult"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "microsoft.graph.cloudPcBulkRemoteActionResult",

+ "successfulDeviceIds": [

+ "30d0e128-de93-41dc-89ec-33d84bb662a0"

+ ],

+ "failedDeviceIds": [

+ "7c82a3e3-9459-44e4-94d9-b92f93bf78dd"

+ ],

+ "notFoundDeviceIds": [

+ ],

+ "notSupportedDeviceIds": [

+ ]

+ }

+}

+```

+ Title: "managedDevice: restoreCloudPc"

+description: "Restore a Cloud PC device to a previous state from a snapshot."

+ms.localizationpriority: medium

+# managedDevice: restoreCloudPc

+Namespace: microsoft.graph

+Restore a Cloud PC device to a previous state from a snapshot.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CloudPC.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CloudPC.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/managedDevices/{managedDeviceId}/restoreCloudPc

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the parameters.

+The following table shows the parameters that can be used with this action.

+|Parameter|Type|Description|

+|:|:|:|

+|cloudPcSnapshotId|String|The unique identifier for the snapshot of the Cloud PC device at a specific point in time.|

+## Response

+If successful, this action returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "manageddevicethis.restorecloudpc"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/managedDevices/5e1387aa-d960-4916-ae7c-293b977e49bf/restoreCloudPc

+Content-Type: application/json

+Content-length: 37

+{

+ "cloudPcSnapshotId": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get auditEvent"

+description: "Read the properties and relationships of an auditEvent object."

+ms.localizationpriority: medium

+# Get auditEvent

+Namespace: microsoft.graph.managedTenants

+Read the properties and relationships of an [auditEvent](../resources/managedtenants-auditevent.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ManagedTenant.Read.All, ManagedTenant.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /auditEvent

+GET /managedTenant/auditEvents/{auditEventId}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [auditEvent](../resources/managedtenants-auditevent.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_auditevent"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/tenantRelationships/managedTenants/auditEvent

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.managedTenants.auditEvent"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "c3b0d319-9913-bd52-7376-1125f0594129",

+ "activityDateTime": "2021-12-21T16:48:23.0330765Z",

+ "activityId": "64be6675-3cb8-4b14-95f3-6d5ce9eecd79",

+ "initiatedByAppId": "00000003-0000-0000-c000-000000000000",

+ "initiatedByUpn": "meganb@contoso.onmicrosoft.com",

+ "category": "Baselines",

+ "activity": "/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "httpVerb": "POST",

+ "path": "/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "url": "https://graph.microsoft.com/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "requestBody": ""

+}

+```

+ Title: "List auditEvents"

+description: "Get a list of the auditEvent objects and their properties."

+ms.localizationpriority: medium

+# List auditEvents

+Namespace: microsoft.graph.managedTenants

+Get a list of the [auditEvent](../resources/managedtenants-auditevent.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ManagedTenant.Read.All, ManagedTenant.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /managedTenant/auditEvents

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [auditEvent](../resources/managedTenants-auditevent.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_auditevent"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/managedTenant/auditEvents

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.managedTenants.auditEvent)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "id": "c3b0d319-9913-bd52-7376-1125f0594129",

+ "activityDateTime": "2021-12-21T16:48:23.0330765Z",

+ "activityId": "64be6675-3cb8-4b14-95f3-6d5ce9eecd79",

+ "initiatedByAppId": "00000003-0000-0000-c000-000000000000",

+ "initiatedByUpn": "meganb@contoso.onmicrosoft.com",

+ "category": "Baselines",

+ "activity": "/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "httpVerb": "POST",

+ "path": "/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "url": "https://graph.microsoft.com/managementActionTenantDeploymentStatuses/microsoft.graph.managedTenants.changeDeploymentStatus",

+ "requestBody": ""

+ }

+ ]

+}

+```

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+|Content-Type|application/json. Required.|

+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.

+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.

+### Request

+The following is an example of a request.

+ "displayName": "Project expenses",

+ "color": "preset9"

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",

+ "id": "bac262b7-485d-4739-b436-e31467d64fac",

+ "displayName": "Project expenses",

+ "color": "preset9"

+>**Note:** Inviting multiple participants in one request is only supported for group calls.

+If successful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.

+### Example 1: Invite one participant to an existing call

+ "status": "completed",

+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",

+ "resultInfo": null

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+GET /roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}'

+This operation requires the `$filter` query parameter. You can filter on the `roleDefinitionId`, `principalId` or `appScopeId` properties. The `roleDefinitionId` property can be either a role object ID or a role template object ID. The `$expand` query parameter is also supported on **principal**. For general information, see [OData query parameters](/graph/query-parameters).

+### Example 3: Request using $filter for role assignments on an access package catalog and expand principal

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_roleAssignments_3"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/4cee616b-fdf9-4890-9d10-955e0ccb12bc'&$expand=principal

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignments",

+ "value": [

+ {

+ "id": "900633fe-2508-4b13-a561-a15e320ad35f",

+ "principalId": "39228473-522e-4533-88cc-a9553180cb99",

+ "roleDefinitionId": "ae79f266-94d4-4dab-b730-feca7e132178",

+ "appScopeId": "/AccessPackageCatalog/4cee616b-fdf9-4890-9d10-955e0ccb12bc",

+ "principal": {

+ "@odata.type": "#microsoft.graph.user",

+ "id": "39228473-522e-4533-88cc-a9553180cb99"

+ }

+ }

+ ]

+}

+```

+|Delegated (work or school account) | RoleManagement.Read.CloudPC, CloudPC.Read.All, RoleManagement.ReadWrite.CloudPC, CloudPC.ReadWrite.All, RoleManagement.Read.All |

+|Application | RoleManagement.Read.CloudPC, CloudPC.Read.All, RoleManagement.ReadWrite.CloudPC, CloudPC.ReadWrite.All, RoleManagement.Read.All |

+ Title: "List transitiveRoleAssignment"

+description: "List direct and transitive role assignments for a specific principal."

+ms.localizationpriority: medium

+# List transitiveRoleAssignment

+Namespace: microsoft.graph

+Get the list of direct and transitive [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects for a specific principal. For example, if a user is assigned an Azure AD role through group membership, the role assignment is transitive, and this request will list the group's ID as the **principalId**. Results can also be filtered by the **roleDefinitionId** and **directoryScopeId**. Supported only for directory (Azure AD) provider.

+For more information, see [Use Azure AD groups to manage role assignments](/azure/active-directory/roles/groups-concept).

+> [!NOTE]

+> This request might have replication delays for role assignments that were recently created, updated, or deleted.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |

+## HTTP request

+To list transitive role assignments for a directory provider:

+<!-- {

+ "blockType": "ignored"

+}

+-->

+```http

+GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'

+```

+## Optional query parameters

+This method supports the `$count`, `$filter` (`eq`), and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). You can filter by the **principalId**, **roleDefinitionId** and **directoryScopeId** to retrieve both direct and transitive role assignments for a principal.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token} Required. |

+| ConsistencyLevel | eventual. This header, `$count`, and `$filter` are required. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects in the response body.

+## Examples

+For the examples in this section, consider the following role assignment scenario. A user named Alice has both direct and transitive role assignments as follows:

+| User | Group | Role | Scope | Role assignment ID |

+| :: | :: | :: | :: | :: |

+| Alice<br/>`2c7936bc-3517-40f3-8eda-4806637b6516` | | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA1<br/>`857708a7-b5e0-44f9-bfd7-53531d72a739` |

+| | G1<br/>`ae2fc327-4c71-48ed-b6ca-f48632186510`<br/>(Alice is a member) | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA2<br/>`8a021d5f-7351-4713-aab4-b088504d476e` |

+| | G2<br/>`6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8`<br/>(Alice is a member) | Helpdesk Administrator<br/>`729827e3-9c14-49f7-bb1b-9608f156bbb8` | Administrative unit (AU1)<br/>`26e79164-0c5c-4281-8c5b-be7bc7809fb2` | RA3<br/>`6cc86637-13c8-473f-afdc-e0e65c9734d2` |

+### Example 1 : Get direct and transitive role assignments of a principal

+#### Request

+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_unifiedroleassignment_all"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516'

+ConsistencyLevel: eventual

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",

+ "isCollection": true

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",

+ "value": [

+ {

+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",

+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",

+ "directoryScopeId": "/",

+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"

+ },

+ {

+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",

+ "principalId": "ae2fc327-4c71-48ed-b6ca-f48632186510",

+ "directoryScopeId": "/",

+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"

+ },

+ {

+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",

+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",

+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",

+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"

+ }

+ ]

+}

+```

+### Example 2: Get direct and transitive assignments of a principal, but only specific role definitions

+#### Request

+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_unifiedroleassignment_transitive"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and roleDefinitionId eq 'fe930be7-5e62-47db-91af-98c3a49a38b1'

+ConsistencyLevel: eventual

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",

+ "isCollection": true

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",

+ "value": [

+ {

+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",

+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",

+ "directoryScopeId": "/",

+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"

+ },

+ {

+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",

+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",

+ "directoryScopeId": "/",

+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"

+ }

+ ]

+}

+```

+### Example 3: Get direct and transitive role assignments of a principal, but only administrative unit scoped

+#### Request

+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_unifiedroleassignment_tenantscoped"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and directoryScopeId eq '/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2'

+ConsistencyLevel: eventual

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",

+ "isCollection": true

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",

+ "value": [

+ {

+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",

+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",

+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",

+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"

+ }

+ ]

+}

+```

+|Delegated (work or school account) | RoleManagement.ReadWrite.CloudPC, CloudPC.ReadWrite.All |

+|Application | RoleManagement.ReadWrite.CloudPC, CloudPC.ReadWrite.All |

+ Title: "List resourceNamespaces"

+description: "Get a list of the unifiedRbacResourceNamespace objects and their properties."

+ms.localizationpriority: medium

+# List resourceNamespaces

+Namespace: microsoft.graph

+Get a list of the [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /roleManagement/directory/resourceNamespaces

+```

+## Optional query parameters

+This method supports the `$filter` and `$select` OData query parameters to help customize the response. This method supports `$filter` for **id** and **name**. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects in the response body.

+## Examples

+The following example gets all resource namespaces.

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_unifiedrbacresourcenamespace"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here has been shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceNamespace)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces",

+ "value": [

+ {

+ "id": "microsoft.aad.b2c",

+ "name": "microsoft.aad.b2c"

+ },

+ {

+ "id": "microsoft.aad.cloudAppSecurity",

+ "name": "microsoft.aad.cloudAppSecurity"

+ },

+ {

+ "id": "microsoft.directory",

+ "name": "microsoft.directory"

+ }

+ ]

+}

+```

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [Go](#tab/go)

+> [!NOTE]

+> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedShift/startDateTime ge 2019-05-09T00:00:00Z and sharedShift/startDateTime le 2019-05-09T23:59:59Z`.

+ Title: "Delete acronym"

+description: "Deletes an acronym object."

+ms.localizationpriority: medium

+# Delete acronym

+Namespace: microsoft.graph.search

+Deletes an [acronym](../resources/search-acronym.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /search/acronyms/{acronymsId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_acronym"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/search/acronyms/{acronymsId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get acronym"

+description: "Read the properties and relationships of an acronym object."

+ms.localizationpriority: medium

+# Get acronym

+Namespace: microsoft.graph.search

+Read the properties and relationships of an [acronym](../resources/search-acronym.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /search/acronyms/{acronymsId}

+```

+## Optional query parameters

+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [acronym](../resources/search-acronym.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_acronym"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/search/acronyms/{acronymsId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.search.acronym"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",

+ "displayName": "DNN",

+ "standsFor": ["Deep Neural Network"],

+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers.",

+ "webUrl": "http://microsoft.com/deep-neural-network",

+ "state": "published",

+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",

+ "lastModifiedBy": {

+ "user": {

+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",

+ "displayName": "Amalie Larsen"

+ }

+ }

+}

+```

+ Title: "Update acronym"

+description: "Update the properties of an acronym object."

+ms.localizationpriority: medium

+# Update acronym

+Namespace: microsoft.graph.search

+Update the properties of an [acronym](../resources/search-acronym.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /search/acronyms/{acronymsId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [acronym](../resources/search-acronym.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

+|Property|Type|Description|

+|:|:|:|

+|description|String|A brief description of the acronym that gives users more info about the acronym and what it stands for. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+|displayName|String|The actual short form or acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+|standsFor|String collection|What the acronym stands for.|

+|state|microsoft.graph.search.answerState|State of the acronym. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|

+|webUrl|String|The URL of the page or website where users can go for more information about the acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_acronym"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/search/acronyms/{acronymsId}

+Content-Type: application/json

+{

+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers."

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete bookmark"

+description: "Delete a bookmark object."

+ms.localizationpriority: medium

+# Delete bookmark

+Namespace: microsoft.graph.search

+Delete a [bookmark](../resources/search-bookmark.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /search/bookmarks/{bookmarksId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_bookmark"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/search/bookmarks/{bookmarkId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get bookmark"

+description: "Read the properties and relationships of a bookmark object."

+ms.localizationpriority: medium

+# Get bookmark

+Namespace: microsoft.graph.search

+Read the properties and relationships of a [bookmark](../resources/search-bookmark.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /search/bookmarks/{bookmarksId}

+```

+## Optional query parameters

+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [bookmark](../resources/search-bookmark.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_bookmark"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/search/bookmarks/{bookmarksId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.search.bookmark"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",

+ "displayName": "Italy Holiday",

+ "webUrl": "http://www.margiestravel.com/",

+ "description": "Book a fancy vacation in Tuscany or browse museums in Florence.",

+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",

+ "lastModifiedBy": {

+ "user": {

+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",

+ "displayName": "Amalie Larsen"

+ }

+ },

+ "keywords": {

+ "keywords": ["Vacation in Europe", "Holiday in Europe"],

+ "reservedKeywords": ["Vacation in Italy"],

+ "matchSimilarKeywords": true

+ },

+ "categories": ["HR"],

+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",

+ "availabilityEndDateTime": "2020-11-21T20:01:37Z",

+ "languageTags": ["en-US"],

+ "platforms": ["ios"],

+ "groupIds": ["groupId"],

+ "targetedVariations": null,

+ "powerAppIds": ["powerAppId"],

+ "state": "published",

+ "isSuggested": false

+}

+```

+ Title: "Update bookmark"

+description: "Update the properties of a bookmark object."

+ms.localizationpriority: medium

+# Update bookmark

+Namespace: microsoft.graph.search

+Update the properties of a [bookmark](../resources/search-bookmark.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /search/bookmarks/{bookmarksId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [bookmark](../resources/search-bookmark.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

+>**Note:** Updates to collection properties will update the entire collection. Any updates to a collection, such as keywords or categories, will replace the collection entirely.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|Bookmark name displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+|description|String|Bookmark description shown on search results page. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+|webUrl|String|Bookmark URL link. When users click this bookmark in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

+|categories|String collection|Categories commonly used to describe this bookmark. For example, IT and HR.|

+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the bookmark will start to appear as a search result. Set as `null` for always available.|

+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the bookmark will stop to appear as a search result. Set as `null` for always available.|

+|languageTags|String collection|List of countries or regions able to view this bookmark.|

+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this bookmark. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|

+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a bookmark for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|

+|powerAppIds|String collection|List of Power Apps associated with this bookmark. If users add existing Power Apps to a bookmark, they can complete tasks, such as to enter vacation time or to report expenses on the search results page.|

+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this bookmark to appear in search results.|

+|state|microsoft.graph.search.answerState|State of the bookmark. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|

+|groupIds|String collection|List of security groups able to view this bookmark.|

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_bookmark"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/search/bookmarks/{bookmarksId}

+Content-Type: application/json

+{

+ "description": "Book a fancy vacation in Tuscany or browse museums in Florence."

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete qna"

+description: "Delete a qna object."

+ms.localizationpriority: medium

+# Delete qna

+Namespace: microsoft.graph.search

+Delete a [qna](../resources/search-qna.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /search/qnas/{qnaId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_qna"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/search/qnas/{qnaId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get qna"

+description: "Read the properties and relationships of a qna object."

+ms.localizationpriority: medium

+# Get qna

+Namespace: microsoft.graph.search

+Read the properties and relationships of a [qna](../resources/search-qna.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+|Delegated (personal Microsoft account)| Not supported. |

+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /search/qnas/{qnaId}

+```

+## Optional query parameters

+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [qna](../resources/search-qna.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_qna"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/search/qnas/{qnaId}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.search.qna"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",

+ "displayName": "Global Country Holidays",

+ "webUrl": "http://www.contoso.com/",

+ "description": "The dates that Contoso offices will be closed to observe holidays. These dates may differ from the actual date of the holiday in cases where the holiday falls on a weeΓÇïkend.",

+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",

+ "lastModifiedBy": {

+ "user": {

+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",

+ "displayName": "Amalie Larsen"

+ }

+ },

+ "keywords": {

+ "keywords": ["new years day", "martin luther king day", "presidents day", "memorial day", "independence day", "labor day", "thanksgiving", "christmas"],

+ "reservedKeywords": ["holidays", "paid days off"],

+ "matchSimilarKeywords": true

+ },

+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",

+ "availabilityEndDateTime": "2021-12-31T20:01:37Z",