Updates from: 03/24/2024 08:09:32
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackage Delete Accesspackageresourcerolescopes https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-delete-accesspackageresourcerolescopes.md
Title: "Remove resourceRoleScope from an access package"
description: "Remove a resourceRoleScope from an access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Remove a [accessPackageResourceRoleScope](../resources/accesspackageresourcerolescope.md) from an [accessPackage](../resources/accesspackage.md) list of resource role scopes. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_delete_accesspackageresourcerolescopes" } -->
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-DELETE /identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes/{id}
+DELETE /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes/{id}
``` ## Request headers | Name | Description | |:--|:--|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a 200-series response code. It does not return anything in the response body.
+If successful, this method returns a 200-series response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+Here's an example of the request.
<!-- { "blockType": "request",
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+Here's an example of the response.
<!-- { "blockType": "response",
v1.0 Accesspackage Delete Incompatibleaccesspackage https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-delete-incompatibleaccesspackage.md
Title: "Remove accessPackage from incompatibleAccessPackages"
description: "Remove a link that indicates an access package is incompatible with a specified access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Remove an [access package](../resources/accesspackage.md) from the list of access packages that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Remove an [access package](../resources/accesspackage.md) from the list of access packages marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_delete_incompatibleaccesspackage" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibl
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response"
v1.0 Accesspackage Delete Incompatiblegroup https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-delete-incompatiblegroup.md
Title: "Remove group from incompatibleGroups"
description: "Remove a link that indicates a group is incompatible with a specified access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Remove a [group](../resources/group.md) from the list of groups that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Remove a [group](../resources/group.md) from the list of groups marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_delete_incompatiblegroup" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibl
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response"
v1.0 Accesspackage Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-delete.md
Title: "Delete accessPackage"
description: "Delete accessPackage." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Delete an [accessPackage](../resources/accesspackage.md) object.
-You cannot delete an access package if it has any **accessPackageAssignment**. To delete the access package, first [query if there are any assignments](entitlementmanagement-list-accesspackageassignments.md) with a filter to indicate the specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`. For more information on how to remove assignments that are still in the delivered state, see [Remove an assignment](entitlementmanagement-post-accesspackageassignmentrequests.md#example-4-remove-an-assignment).
+You can't delete an access package if it has any **accessPackageAssignment**. To delete the access package, first [query if there are any assignments](entitlementmanagement-list-accesspackageassignments.md) with a filter to indicate the specific access package, such as: `$filter=accessPackage/id eq 'a914b616-e04e-476b-aa37-91038f0b165b'`. For more information on how to remove assignments that are still in the delivered state, see [Remove an assignment](entitlementmanagement-post-accesspackageassignmentrequests.md#example-4-remove-an-assignment).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_delete" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackages/{id}
| Name | Description | |:--|:--|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Accesspackage Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-filterbycurrentuser.md
Title: "accessPackage: filterByCurrentUser"
description: "Retrieve a list of accesspackage objects filtered on the signed-in user." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackage](../resources/accesspackage.md) objects filtered on the signed-in user.
+In [Microsoft Entra Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackage](../resources/accesspackage.md) objects filtered on the signed-in user.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackage_filterbycurrentuser" } -->
## HTTP request
The following table shows the parameters that can be used with this function.
|:|:|:| |on|accessPackageFilterByCurrentUserOptions|The list of current user options that can be used to filter on the access packages list. The allowed value is `allowedRequestor`.| -- `allowedRequestor` is used to get the `accessPackage` objects for which the signed-in user is allowed to submit access requests. The resulting list includes all access packages that can be requested by the caller across all catalogs.
+- `allowedRequestor` is used to get the `accessPackage` objects for which the signed-in user is allowed to submit access requests. The resulting list includes all access packages that the caller can request across all catalogs.
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
The following example gets the access packages that can be requested by the sign
### Request
+The following example shows a request.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
[!INCLUDE [sample-code](../includes/snippets/php/accesspackage-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accesspackage-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
] } ```-
v1.0 Accesspackage Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-get.md
Title: "Get accessPackage"
description: "Retrieve the properties and relationships of an accessPackage object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties and relationships of an [accessPackage](../resources/accesspackage.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_get" } -->
## HTTP request
This method supports the `$select` and `$expand` OData query parameters to help
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage Getapplicablepolicyrequirements https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md
Title: "accessPackage: getApplicablePolicyRequirements"
description: "Allow callers to find requirements to request an assignment for a specific accessPackage." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), this action retrieves a list of [accessPackageAssignmentRequestRequirements](../resources/accesspackageassignmentrequestrequirements.md) objects that the currently signed-in user can use to create an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md). Each requirement object corresponds to an access package assignment policy that the currently signed-in user is allowed to request an assignment for.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), this action retrieves a list of [accessPackageAssignmentRequestRequirements](../resources/accesspackageassignmentrequestrequirements.md) objects that the currently signed-in user can use to create an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md). Each requirement object corresponds to an access package assignment policy that the currently signed-in user is allowed to request an assignment for.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackage_getapplicablepolicyrequirements" } -->
## HTTP request
None.
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method if you wish to retrieve a list of access package requirements as in example 1. If you want to get policy requirements for user scope as in example 2, you must supply a request body.
+Don't supply a request body for this method if you wish to retrieve a list of access package requirements as in example 1. If you want to get policy requirements for user scope as in example 2, you must supply a request body.
## Response
-If successful, this method returns a `200 OK` response code and an [accessPackageAssignmentRequestRequirements](../resources/accesspackageassignmentrequestrequirements.md) collection in the response body, one object for each policy for which the user is an **allowedRequestor**. If there is a policy with no requirements, the **accessPackageAssignmentRequestRequirements** will have `false` and `null` values. If there are no policies where the user is an **allowedRequestor**, an empty collection will be returned instead.
+If successful, this method returns a `200 OK` response code and an [accessPackageAssignmentRequestRequirements](../resources/accesspackageassignmentrequestrequirements.md) collection in the response body, one object for each policy for which the user is an **allowedRequestor**. If there's a policy with no requirements, the **accessPackageAssignmentRequestRequirements** has `false` and `null` values. If there are no policies where the user is an **allowedRequestor**, an empty collection is returned instead.
## Examples
If successful, this method returns a `200 OK` response code and an [accessPackag
#### Request
+The following example shows a request.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/a
#### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
} ] }
-```
+```
### Example 2: Get policy requirements for a given user scope #### Request
+The following example shows a request.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
}--> ```http
-POST /identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11-b207-c8d9d21f4e9a/getApplicablePolicyRequirements
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11-b207-c8d9d21f4e9a/getApplicablePolicyRequirements
{ "subject": {
POST /identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
POST /identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [PowerShell](#tab/powershell) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Python](#tab/python)
POST /identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11
#### Response
+The following example shows the response.
+ <!-- { "blockType": "response", "truncated": true,
Content-Type: application/json
#### Request
+The following example shows a request.
+ <!-- { "blockType": "ignored" } --> ```http POST /identityGovernance/entitlementManagement/accessPackages(ΓÇÿb15419bb-5ffc-ea11-b207-c8d9d21f4e9aΓÇÖ)/getApplicablePolicyRequirements ``` - #### Response
-Here is an example of the response if this is the first time credentials are requested and the requestor has not yet scanned the QR code or clicked the URL.
+The following example shows the response if it is the first time credentials are requested and the requestor didn't scanned the QR code or clicked the URL.
```http HTTP/1.1 200 OK
Content-Type: application/json
} ```
-If the requestor has scanned the QR code or clicked the URL, the verifiableCredentialRequirementStatus will be in the following format.
+If the requestor has scanned the QR code or clicked the URL, the verifiableCredentialRequirementStatus property is in the following format.
```json "verifiableCredentialRequirementStatus": {
If the requestor has scanned the QR code or clicked the URL, the verifiableCrede
} ```
-If the requestor has presented valid credential, the verifiableCredentialRequirementStatus will be in the following format.
+If the requestor presented valid credential, the verifiableCredentialRequirementStatus property is in the following format.
```json "verifiableCredentialRequirementStatus": {
v1.0 Accesspackage List Accesspackageresourcerolescopes https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-list-accesspackageresourcerolescopes.md
Title: "List accessPackageResourceRoleScopes"
description: "Retrieve a list of accesspackageresourcerolescope objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve an access package with a list of [accessPackageResourceRoleScope](../resources/accesspackageresourcerolescope.md) objects. These objects represent the resource roles that an access package assigns to each subject. Each object links to an [accessPackageResourceRole](../resources/accesspackageresourcerole.md) and an [accessPackageResourceScope](../resources/accesspackageresourcescope.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_list_accesspackageresourcerolescopes" } -->
## HTTP request
This method supports the `$select`, `$filter`, and `$expand` OData query paramet
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [accessPackag
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage List Accesspackagesincompatiblewith https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-list-accesspackagesincompatiblewith.md
Title: "List accessPackagesIncompatibleWith"
-description: "Retrieve a list of accesspackages which have indicated that their access rights are incompatible with a specific access package."
+description: "Retrieve a list of access packages that indicate their access rights are incompatible with a specific access package."
ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of the [accessPackage](../resources/accesspackage.md) objects that have marked a specified [accessPackage](../resources/accesspackage.md) as incompatible.
+Retrieve a list of the [accessPackage](../resources/accesspackage.md) objects marked a specified [accessPackage](../resources/accesspackage.md) as incompatible.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_list_accesspackagesincompatiblewith" } -->
## HTTP request
This method supports the OData query parameters for server-side paging through a
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage List Incompatibleaccesspackages https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-list-incompatibleaccesspackages.md
Title: "List incompatibleAccessPackages"
-description: "Retrieve a list of accesspackages whose access rights are incompatible with a specific access package."
+description: "Retrieve a list of access packages whose access rights are incompatible with a specific access package."
ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of the [accessPackage](../resources/accesspackage.md) objects that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Retrieve a list of the [accessPackage](../resources/accesspackage.md) objects marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_list_incompatibleaccesspackages" } -->
## HTTP request
This method supports the OData query parameters for server-side paging through a
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage List Incompatiblegroups https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-list-incompatiblegroups.md
Title: "List incompatibleGroups"
description: "Retrieve a list of groups whose access rights are incompatible with a specific access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of the [group](../resources/group.md) objects that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Retrieve a list of the [group](../resources/group.md) objects marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_list_incompatiblegroups" } -->
## HTTP request
This method supports the OData query parameters for server-side paging through a
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage Movetocatalog https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-movetocatalog.md
Title: "accessPackage: moveToCatalog"
-description: "Allows callers to move an access package from one catalog to the another."
+description: "Allows callers to move an access package from one catalog to the other."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), this action moves the [accessPackage](../resources/accesspackage.md) to a specified target [accessPackageCatalog](../resources/accesspackagecatalog.md). The resources in the access package must be present in the target catalog.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), this action moves the [accessPackage](../resources/accesspackage.md) to a specified target [accessPackageCatalog](../resources/accesspackagecatalog.md). The resources in the access package must be present in the target catalog.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)| EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackage_movetocatalog" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}/
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
The following table shows the parameters that can be used with this action.
|Parameter|Type|Description| |:|:|:|
-|catalogId|String|ID of the catalog to which the access package will be moved.|
+|catalogId|String|ID of the catalog to which the access package is moved.|
If successful, this action returns a `200 OK` response code.
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-Type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following is an example of the response.
``` http HTTP/1.1 200 OK ```-
v1.0 Accesspackage Post Accesspackageresourcerolescopes https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-post-accesspackageresourcerolescopes.md
Title: "Create accessPackageResourceRoleScope"
description: "Create a new accessPackageResourceRoleScope for adding a resource role to an access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Create a new [accessPackageResourceRoleScope](../resources/accesspackageresourcerolescope.md) for adding a resource role to an access package. The access package resource, for a group, an app, or a SharePoint Online site, must already exist in the access package catalog, and the **originId** for the resource role retrieved from the [list of the resource roles](accesspackagecatalog-list-accesspackageresourceroles.md). Once you add the resource role scope to the access package, the user will receive this resource role through any current and future access package assignments. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_post_accesspackageresourcerolescopes" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackage
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
If successful, this method returns a 200-series response code and a new [accessP
#### Request
-The following is an example of the request. Prior to this request, the access package resource `1d08498d-72a1-403f-8511-6b1f875746a0` for the group `b31fe1f1-3651-488f-bd9a-1711887fd4ca` must already have been added to the access package catalog containing this access package. The resource could have been added to the catalog by [creating an access package resource request](entitlementmanagement-post-accesspackageresourcerequests.md).
+The following example shows a request. Previous to this request, the access package resource `1d08498d-72a1-403f-8511-6b1f875746a0` for the group `b31fe1f1-3651-488f-bd9a-1711887fd4ca` must already have been added to the access package catalog containing this access package. The resource could have been added to the catalog by [creating an access package resource request](entitlementmanagement-post-accesspackageresourcerequests.md).
# [HTTP](#tab/http) <!-- {
Content-type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
#### Request
-The following is an example of the request for a non-root scope resource. The access package resource for the site must already have been added to the access package catalog containing this access package.
+The following example shows a request for a non-root scope resource. The access package resource for the site must already have been added to the access package catalog containing this access package.
-The request contains an [accessPackageResourceRole](../resources/accesspackageresourcerole.md) object, which can be obtained from an earlier request to [list access package resource roles of a resource in a catalog](accesspackagecatalog-list-accesspackageresourceroles.md). Each type of resource defines the format of the originId field in a resource role. For a SharePoint Online site, the originId will be the sequence number of the role in the site.
+The request contains an [accessPackageResourceRole](../resources/accesspackageresourcerole.md) object, which can be obtained from an earlier request to [list access package resource roles of a resource in a catalog](accesspackagecatalog-list-accesspackageresourceroles.md). Each type of resource defines the format of the originId field in a resource role. For a SharePoint Online site, the originId is the sequence number of the role in the site.
If the [accessPackageResourceScope](../resources/accesspackageresourcescope.md) object obtained from an earlier request to [list access package resources](accesspackagecatalog-list-accesspackageresources.md) has the resource as a root scope (**isRootScope** set to `true`), include the **isRootScope** property in the **accessPackageResourceScope** object of the request.
Content-type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackage Post Incompatibleaccesspackage https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-post-incompatibleaccesspackage.md
Title: "Add accessPackage to incompatibleAccessPackages"
description: "Add a link to indicate an access package is incompatible with a specified access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Add an [accessPackage](../resources/accesspackage.md) to the list of access packages that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Add an [accessPackage](../resources/accesspackage.md) to the list of access packages marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_post_incompatibleaccesspackage" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleA
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-In the request body, supply a JSON representation of a structure with the OData id of the URI of an [accessPackage](../resources/accesspackage.md) object.
+In the request body, supply a JSON representation of a structure with the OData ID of the URI of an [accessPackage](../resources/accesspackage.md) object.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response"
v1.0 Accesspackage Post Incompatiblegroup https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-post-incompatiblegroup.md
Title: "Add group to incompatibleGroups"
description: "Add a link to indicate a group is incompatible with a specified access package." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Add a [group](../resources/group.md) to the list of groups that have been marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+Add a [group](../resources/group.md) to the list of groups marked as incompatible on an [accessPackage](../resources/accesspackage.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_post_incompatiblegroup" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackages/{id}/incompatibleG
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-In the request body, supply a JSON representation of a structure with the OData id of the URI of a [group](../resources/group.md) object.
+In the request body, supply a JSON representation of a structure with the OData ID of the URI of a [group](../resources/group.md) object.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-type: application/json
### Response
-The following is an example of the response.
-
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Accesspackage Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackage-update.md
Title: "Update accessPackage"
description: "Update the properties of an accessPackage object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update an existing [accessPackage](../resources/accesspackage.md) object to change one or more of its properties, such as the display name or description. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackage_update" } -->
## HTTP request <!-- {
PATCH /identityGovernance/entitlementManagement/accessPackages/{accessPackageId}
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Accesspackageassignment Additionalaccess https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignment-additionalaccess.md
Title: "accessPackageAssignment: additionalAccess"
description: "Retrieve a list of accessPackageAssignment objects indicating potential separation of duties conflicts or access to incompatible access packages." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a collection of [accessPackageAssignment](../resources/accesspackageassignment.md) objects that indicate a target user has an assignment to a specified access package and also an assignment to another, potentially incompatible, access package. This can be used to prepare to configure the incompatible access packages for a specific access package.
+In [Microsoft Entra Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a collection of [accessPackageAssignment](../resources/accesspackageassignment.md) objects that indicate a target user has an assignment to a specified access package and also an assignment to another, potentially incompatible, access package. It can be used to prepare to configure the incompatible access packages for a specific access package.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackageassignment_additionalaccess" } -->
## HTTP request
GET /identityGovernance/entitlementManagement/accessPackageAssignments/additiona
``` ## Function parameters
-The following table shows the parameters that must be supplied with this function. The two access package IDs must be distinct.
+The following table shows the parameters that must be supplied with this function. The two access package IDs must be distinct.
|Parameter|Type|Description| |:|:|:|
This method supports the `$select`, `$filter`, and `$expand` OData query paramet
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and a collection of [accessPackageAssignment](../resources/accesspackageassignment.md) objects in the response body.
-When a result set spans multiple pages, Microsoft Graph returns that page with an `@odata.nextLink` property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the `@odata.nextLink` URL in each response, until all the results are returned. For more information, see [paging Microsoft Graph data in your app](/graph/paging).
+When a result set spans multiple pages, Microsoft Graph returns that page with an `@odata.nextLink` property in the response that contains a URL to the next page of results. If that property is present, continue making more requests with the `@odata.nextLink` URL in each response, until all the results are returned. For more information, see [paging Microsoft Graph data in your app](/graph/paging).
## Examples
The following example gets the access package assignments for users who have ass
### Request
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
[!INCLUDE [sample-code](../includes/snippets/php/accesspackageassignment-additionalaccess-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-# [PowerShell](#tab/powershell)
- # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accesspackageassignment-additionalaccess-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
} ```-
v1.0 Accesspackageassignment Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignment-filterbycurrentuser.md
Title: "accessPackageAssignment: filterByCurrentUser"
description: "Retrieve a list of accesspackageassignment objects filtered on the signed-in user." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects filtered on the signed-in user.
+In [Microsoft Entra Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects filtered on the signed-in user.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackageassignment_filterbycurrentuser" } -->
## HTTP request
The following table shows the parameters that can be used with this function.
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and an [accessPackageAssignment](../resources/accesspackageassignment.md) collection in the response body.
-When a result set spans multiple pages, Microsoft Graph returns that page with an `@odata.nextLink` property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the `@odata.nextLink` URL in each response, until all the results are returned. For more information, see [paging Microsoft Graph data in your app](/graph/paging).
+When a result set spans multiple pages, Microsoft Graph returns that page with an `@odata.nextLink` property in the response that contains a URL to the next page of results. If that property is present, continue making more requests with the `@odata.nextLink` URL in each response, until all the results are returned. For more information, see [paging Microsoft Graph data in your app](/graph/paging).
## Examples
The following example gets the status of access package assignments targeted for
### Request
+The following example shows a request.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
[!INCLUDE [sample-code](../includes/snippets/php/accesspackageassignment-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accesspackageassignment-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
} ```-
v1.0 Accesspackageassignment Reprocess https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignment-reprocess.md
Title: "accessPackageAssignment: reprocess"
description: "Reprocess accesspackageassignment objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), callers can automatically reevaluate and enforce an [accessPackageAssignment](../resources/accesspackageassignment.md) object of a userΓÇÖs assignments for a specific access package. The **assignmentState** of the access package must be `Delivered` for the administrator to reprocess the user's assignment. Only admins with the Access Package Assignment Manager role, or higher, in Azure AD entitlement management can perform this action.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), callers can automatically reevaluate and enforce an [accessPackageAssignment](../resources/accesspackageassignment.md) object of a userΓÇÖs assignments for a specific access package. The **assignmentState** of the access package must be `Delivered` for the administrator to reprocess the user's assignment. Only admins with the Access Package Assignment Manager role, or higher, in Microsoft Entra entitlement management can perform this action.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignment_reprocess" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackageAssignments/{id}/rep
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `202 Accepted` response code and reevaluates and enforces the user's assignments of the [accessPackageAssignment](../resources/accesspackageassignment.md) object, meaning the status of the access package will be changed to Delivered. If the assignment doesn't exist, this method will return `404 Not Found` or if the **id** isn't valid, this method returns a `400 Bad Request` response code.
+If successful, this method returns a `202 Accepted` response code and reevaluates and enforces the user's assignments of the [accessPackageAssignment](../resources/accesspackageassignment.md) object, meaning the status of the access package changes to delivered. If the assignment doesn't exist, this method returns`404 Not Found` or if the **id** isn't valid, this method returns a `400 Bad Request` response code.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
<!-- { "blockType": "ignored",
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- {
v1.0 Accesspackageassignmentpolicy Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-delete.md
Title: "Delete accessPackageAssignmentPolicy"
description: "Delete an accessPackageAssignmentPolicy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), delete an [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md).
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), delete an [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentpolicy_delete" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
| Name | Description | |:--|:--|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a 204 No Content response code. It does not return anything in the response body.
+If successful, this method returns a 204 No Content response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
HTTP/1.1 204 No Content
"section": "documentation", "tocPath": "" }-->--
v1.0 Accesspackageassignmentpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-get.md
Title: "Get accessPackageAssignmentPolicy"
description: "Retrieve the properties and relationships of an accessPackageAassignmentPolicy object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), retrieve the properties and relationships of an
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), retrieve the properties and relationships of an
[accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentpolicy_get" } -->
## HTTP request
This method supports the `$select` OData query parameter to help customize the r
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
#### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
#### Request
-The following is an example of a request to retrieve the collection of custom extension handlers that are defined for a policy and their associated custom workflow extension.
+The following example shows a request to retrieve the collection of custom extension handlers that are defined for a policy and their associated custom workflow extension.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
#### Request
-The following is an example of a request to retrieve the collection of custom extension stage settings that are defined for a policy and their associated access package custom workflow extension.
+The following example shows a request to retrieve the collection of custom extension stage settings that are defined for a policy and their associated access package custom workflow extension.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
"section": "documentation", "tocPath": "" }-->--
v1.0 Accesspackageassignmentpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-update.md
Title: "Update accessPackageAssignmentPolicy"
description: "Update the properties of an accessPackageAssignmentPolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update an existing [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object to change one or more of its properties, such as the display name or description. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentpolicy_update" } -->
## HTTP request <!-- {
PUT /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/{a
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
The following table shows the properties that are required when you update an [a
|displayName|String|The display name of the policy. Required.| |description|String|The description of the policy. Required.| |canExtend|Boolean|Indicates whether a user can extend the access package assignment duration after approval. Required.|
-|durationInDays|Int32|The number of days in which assignments from this policy last until they are expired. Required.|
+|durationInDays|Int32|The number of days in which assignments from this policy last until they're expired. Required.|
|expirationDateTime|DateTimeOffset|The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Required.|
-|requestorSettings|[requestorSettings](../resources/requestorsettings.md)|Who can request this access package from this policy. Required.|
+|requestorSettings|[requestorSettings](../resources/requestorsettings.md)|Users eligible to request this access package from this policy. Required.|
|requestApprovalSettings|[approvalSettings](../resources/approvalsettings.md)|Who must approve requests for access package in this policy. Required.|
-|accessReviewSettings|[assignmentReviewSettings](../resources/assignmentreviewsettings.md)|Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required. Required.|
+|accessReviewSettings|[assignmentReviewSettings](../resources/assignmentreviewsettings.md)|Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews aren't required. Required.|
## Response
If successful, this method returns a `200 OK` response code and an updated [acce
### Example 1: Update the details of a policy #### Request
-In this policy update, one of the options for the multiple choice question was removed. Future requestors will no longer have the removed option available to them.
+
+The following example shows the request.
+In this policy update, one of the options for the multiple choice question was removed. Future requestors no longer have the removed option available to them.
# [HTTP](#tab/http)
Content-Type: application/json
#### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
To remove the verifiable credentials requirement from a policy, assign an empty
#### Request
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-Type: application/json
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
Content-Type: application/json
#### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
To remove the collection of **customExtensionStageSettings** and their associate
#### Request -
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
Content-Type: application/json
#### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackageassignmentrequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-cancel.md
Title: "accessPackageAssignmentRequest: cancel"
-description: "Cancel accessPackageAssignmentRequest objects that are in a cancellable state."
+description: "Cancel accessPackageAssignmentRequest objects that are in a cancelable state."
ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), cancel [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects that are in a cancellable state: `accepted`, `pendingApproval`, `pendingNotBefore`, `pendingApprovalEscalated`.
+In [Microsoft Entra Entitlement Management](../resources/entitlementmanagement-overview.md), cancel [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects that are in a cancelable state: `accepted`, `pendingApproval`, `pendingNotBefore`, `pendingApprovalEscalated`.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_cancel" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ``` http
+POST /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}/cancel
POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/cancel ``` ## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body In the request body, supply a JSON representation of an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object.
For a non-administrator user to cancel their own request, the request must conta
## Response
-If successful, this method returns a `200 OK` response code. It does not return anything in the response body.
+If successful, this method returns a `200 OK` response code. It doesn't return anything in the response body.
## Examples ### Request
+The following example shows a request.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/a
[!INCLUDE [sample-code](../includes/snippets/go/accesspackageassignmentrequest-cancel-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [Java](#tab/java)
+ # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/accesspackageassignmentrequest-cancel-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/a
[!INCLUDE [sample-code](../includes/snippets/php/accesspackageassignmentrequest-cancel-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accesspackageassignmentrequest-cancel-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/a
### Response
-The following is an example of the response.
+
+The following example shows the response.
<!-- { "blockType": "response",
The following is an example of the response.
```http HTTP/1.1 200 Status OK ```-
v1.0 Accesspackageassignmentrequest Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-delete.md
Title: "Delete accessPackageAssignmentRequest"
description: "Delete accessPackageAssignmentRequest." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Delete an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object.
-This request can be made to remove a denied or completed request. You cannot delete an access package assignment request if it has any **accessPackageAssignment** objects.
+This request can be made to remove a denied or completed request. You can't delete an access package assignment request if it has any **accessPackageAssignment** objects.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_delete" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ```http
+DELETE /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
DELETE /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id} ```
DELETE /identityGovernance/entitlementManagement/accessPackageAssignmentRequests
| Name | Description | |:--|:--|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Accesspackageassignmentrequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-filterbycurrentuser.md
Title: "accessPackageAssignmentRequest: filterByCurrentUser"
description: "Retrieve a list of accesspackageassignmentrequest objects filtered on the signed-in user." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects filtered on the signed-in user.
+In [Microsoft Entra Entitlement Management](../resources/entitlementmanagement-overview.md), retrieve a list of [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects filtered on the signed-in user.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_filterbycurrentuser" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ``` http
+GET /identityGovernance/entitlementManagement/assignmentRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/filterByCurrentUser(on='parameterValue') ```
The following table shows the parameters that can be used with this function.
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
[!INCLUDE [sample-code](../includes/snippets/php/accesspackageassignmentrequest-filterbycurrentuser-ontarget-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accesspackageassignmentrequest-filterbycurrentuser-ontarget-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response+
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
] } ```-
v1.0 Accesspackageassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-get.md
Title: "Get accessPackageAssignmentRequest"
description: "Retrieve the properties and relationships of an accessPackageAssignmentRequest object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), retrieve the properties and relationships of an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), retrieve the properties and relationships of an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_get" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ```http
+GET /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}
GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id} ```
This method supports the `$expand` OData query parameter to expand the relations
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
"section": "documentation", "tocPath": "" }-->--
v1.0 Accesspackageassignmentrequest Reprocess https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-reprocess.md
Title: "accessPackageAssignmentRequest: reprocess"
description: "Reprocess accessPackageAssignmentRequest objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), callers can automatically retry a user's request for access to an access package. It is performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestState** is in a `DeliveryFailed` or `PartiallyDelivered` state.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), callers can automatically retry a user's request for access to an access package. It's performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestState** is in a `DeliveryFailed` or `PartiallyDelivered` state.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_reprocess" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ```http
+POST /identityGovernance/entitlementManagement/assignmentRequests/{id}/reprocess
POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/reprocess ```
POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `202 Accepted` response code and retries the request. If the [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object doesn't exist, this method will return `404 Not Found` or if the **id** isn't valid, this method returns a `400 Bad Request` response code.
+If successful, this method returns a `202 Accepted` response code and retries the request. If the [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object doesn't exist, this method returns `404 Not Found` or if the **id** isn't valid, this method returns a `400 Bad Request` response code.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
<!-- { "blockType": "ignored",
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- {
v1.0 Accesspackageassignmentrequest Resume https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequest-resume.md
Title: "accessPackageAssignmentRequest: resume"
description: "Resume accessPackageAssignmentRequest objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It is performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestStatus** is in a `WaitingForCallback` state.
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It is performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestStatus** is in a `WaitingForCallback` state.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_resume" } -->
## HTTP request
+> [!NOTE]
+> The `/accessPackageAssignmentRequests` path will be retired soon. Use the `/assignmentRequests` path instead.
+ <!-- { "blockType": "ignored" } --> ``` http
+POST /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}/resume
POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{accessPackageAssignmentRequestId}/resume ``` ## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this action returns a `204 No Content` response code.
### Example 1: Resume an access package assignment request #### Request
-The following is an example of a call to resume an access package assignment request that's waiting for a callback.
+
+The following example shows a request of a call to resume an access package assignment request that's waiting for a callback.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
#### Response
-The following is an example of the response
+
+The following example shows the response.
<!-- { "blockType": "response", "truncated": true
HTTP/1.1 204 No Content
### Example 2: Resume and deny an access package assignment request #### Request
-The following is an example to resume the processing of an access package assignment request by denying the request that's waiting for a callback. A request cannot be denied at the `assignmentRequestCreated` stage of the callout.
+
+The following example shows a request to resume the processing of an access package assignment request by denying the request that's waiting for a callback. A request cannot be denied at the `assignmentRequestCreated` stage of the callout.
<!-- { "blockType": "request" }
Content-Type: application/json
### Response
-The following is an example of the response
+
+The following example shows the response.
<!-- { "blockType": "response", "truncated": true
The following is an example of the response
``` http HTTP/1.1 204 No Content ```-
v1.0 Accesspackageassignmentrequestworkflowextension Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequestworkflowextension-delete.md
Title: "Delete accessPackageAssignmentRequestWorkflowExtension"
description: "Delete an accessPackageAssignmentRequestWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Delete an [accessPackageAssignmentRequestWorkflowExtension](../resources/accessp
2. Use the access package catalog ID and retrieve the ID of the **accessPackageCustomWorkflowExtension** object that you want to delete by running the [List accessPackageCustomWorkflowExtensions](accesspackagecatalog-list-accesspackagecustomworkflowextensions.md) operation. 3. Call the [Update accessPackageAssignmentPolicy](accesspackageassignmentpolicy-update.md) operation to remove the custom workflow extension object from the policy. For an example, see [Example 3: Remove the customExtensionStageSettings from a policy](accesspackageassignmentpolicy-update.md#example-3-remove-the-customextensionstagesettings-from-a-policy). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)| EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application| EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequestworkflowextension_delete" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogI
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `204 No Content` response code.
## Examples ### Request
-The following is an example of a request.
+
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
The following is an example of a request.
} --> ``` http
-DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/E3D4CE35-B16A-4E19-ADF2-616B64D336DC
+DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/E3D4CE35-B16A-4E19-ADF2-616B64D336DC
``` # [C#](#tab/csharp)
DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-
### Response
-The following is an example of the response
+
+The following example shows the response.
<!-- { "blockType": "response", "truncated": true
v1.0 Accesspackageassignmentrequestworkflowextension Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequestworkflowextension-get.md
Title: "Get accessPackageAssignmentRequestWorkflowExtension"
description: "Read the properties and relationships of an accessPackageAssignmentRequestWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [accessPackageAssignmentRequestWorkflowExtension](../resources/accesspackageassignmentrequestworkflowextension.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequestworkflowextension_get" } -->
## HTTP request
This method supports the `$select` OData query parameter to help customize the r
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [accessPackag
## Examples ### Request
-The following is an example of a request.
+
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response
+
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackageassignmentrequestworkflowextension Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentrequestworkflowextension-update.md
Title: "Update accessPackageAssignmentRequestWorkflowExtension"
description: "Update the properties of an accessPackageAssignmentRequestWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of an [accessPackageAssignmentRequestWorkflowExtension](../resources/accesspackageassignmentrequestworkflowextension.md) object. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentrequestworkflowextension_update" } -->
## HTTP request
PUT /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [acce
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
} ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/update-accesspackageassignmentrequestworkflowextension-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-Type: application/json
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackageassignmentresourcerole Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentresourcerole-get.md
Title: "Get accessPackageAssignmentResourceRole"
description: "Retrieve the properties and relationships of an accessPackageAssignmentResourceRole object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties and relationships of an [accessPackageAssignmentResourceRole](../resources/accesspackageassignmentresourcerole.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentresourcerole_get" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
| Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackageassignmentworkflowextension Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentworkflowextension-delete.md
Title: "Delete accessPackageAssignmentWorkflowExtension"
description: "Delete an accessPackageAssignmentWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Delete an [accessPackageAssignmentWorkflowExtension](../resources/accesspackagea
2. Use the access package catalog ID and retrieve the ID of the **accessPackageCustomWorkflowExtension** object that you want to delete by running the [List accessPackageCustomWorkflowExtensions](accesspackagecatalog-list-accesspackagecustomworkflowextensions.md) operation. 3. Call the [Update accessPackageAssignmentPolicy](accesspackageassignmentpolicy-update.md) operation to remove the custom workflow extension object from the policy. For an example, see [Example 3: Remove the customExtensionStageSettings from a policy](accesspackageassignmentpolicy-update.md#example-3-remove-the-customextensionstagesettings-from-a-policy). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)| EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application| EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentworkflowextension_delete" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogI
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `204 No Content` response code.
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
The following is an example of a request.
} --> ``` http
-DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/5FD6D8D5-E8F1-4B54-A1E6-1D0FE0B6E6EC
+DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/5FD6D8D5-E8F1-4B54-A1E6-1D0FE0B6E6EC
``` # [C#](#tab/csharp)
DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackageassignmentworkflowextension Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentworkflowextension-get.md
Title: "Get accessPackageAssignmentWorkflowExtension"
description: "Read the properties and relationships of an accessPackageAssignmentWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [accessPackageAssignmentWorkflowExtension](../resources/accesspackageassignmentworkflowextension.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentworkflowextension_get" } -->
## HTTP request
This method supports the `$select` OData query parameter to help customize the r
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [accessPackag
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackageassignmentworkflowextension Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageassignmentworkflowextension-update.md
Title: "Update accessPackageAssignmentWorkflowExtension"
description: "Update the properties of an accessPackageAssignmentWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of an [accessPackageAssignmentWorkflowExtension](../resources/accesspackageassignmentworkflowextension.md) object. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackageassignmentworkflowextension_update" } -->
## HTTP request
PUT /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [acce
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
} ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/update-accesspackageassignmentworkflowextension-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-Type: application/json
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Accesspackagecatalog Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-delete.md
Title: "Delete accessPackageCatalog"
description: "Delete accessPackageCatalog." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Delete an [accessPackageCatalog](../resources/accesspackagecatalog.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_delete" } -->
## HTTP request
DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{id}
| Name | Description | |:--|:--|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a 200-series response code. It does not return anything in the response body.
+If successful, this method returns a 200-series response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Accesspackagecatalog Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-get.md
Title: "Get accessPackageCatalog"
description: "Retrieve the properties and relationships of accesspackagecatalog object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties and relationships of an [accessPackageCatalog](../resources/accesspackagecatalog.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_get" } -->
## HTTP request
This method supports the `$select` and `$expand` OData query parameters to help
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackagecatalog List Accesspackagecustomworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-list-accesspackagecustomworkflowextensions.md
Title: "List accessPackagecustomWorkflowExtensions"
description: "Get a list of the accessPackageCustomWorkflowExtension objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the [accessPackageAssignmentRequestWorkflowExtension](../resources/accessPackageAssignmentRequestWorkflowExtension.md) and [accessPackageAssignmentWorkflowExtension](../resources/accessPackageAssignmentWorkflowExtension.md) objects and their properties. The resulting list includes all the **customAccessPackageWorkflowExtension** objects for the catalog that the caller has access to read. Each object includes an `@odata.type` property that indicates whether the object is an **accessPackageAssignmentRequestWorkflowExtension** or an **accessPackageAssignmentWorkflowExtension**. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_list_accesspackagecustomworkflowextensions" } -->
## HTTP request
This method supports the `$select` and `$filter` OData query parameters to help
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
} --> ``` http
-GET /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/accessPackageCustomWorkflowExtensions
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/accessPackageCustomWorkflowExtensions
``` # [C#](#tab/csharp)
v1.0 Accesspackagecatalog List Accesspackageresourceroles https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-list-accesspackageresourceroles.md
Title: "List accessPackageResourceRoles"
description: "Retrieve a list of accessPackageResourceRole objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve a list of [accessPackageResourceRole](../resources/accesspackageresourcerole.md) objects of an [accessPackageResource](../resources/accesspackageresource.md) in an [accessPackageCatalog](../resources/accesspackagecatalog.md). The resource should have been added to the catalog by [creating an accessPackageResourceRequest](entitlementmanagement-post-accesspackageresourcerequests.md). This list of roles can then be used by the caller to select a role, which is needed when subsequently [creating an accessPackageResourceRoleScope](accesspackage-post-accesspackageresourcerolescopes.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_list_accesspackageresourceroles" } -->
## HTTP request
This method uses OData query parameters to construct the response. For general i
| Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
#### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
#### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
#### Response
-The following is an example of the response. The **displayName** is the same as shown in the SharePoint Online view of a site, and the **originId** is the underlying identifier established by SharePoint Online for the role.
+The following example shows the response. The **displayName** is the same as shown in the SharePoint Online view of a site, and the **originId** is the underlying identifier established by SharePoint Online for the role.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackagecatalog List Accesspackageresources https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-list-accesspackageresources.md
Title: "List accessPackageResources"
description: "Retrieve a list of accesspackageresource objects." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve a list of [accessPackageResource](../resources/accesspackageresource.md) objects in an [accessPackageCatalog](../resources/accesspackagecatalog.md). To request to add or remove an [accessPackageResource](../resources/accesspackageresource.md), use [create accessPackageResourceRequest](entitlementmanagement-post-accesspackageresourcerequests.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_list_accesspackageresources" } -->
## HTTP request
This method supports OData query parameters to help customize the response. For
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Accesspackagecatalog List Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md
Title: "List customAccessPackageWorkflowExtensions"
description: "Get a list of the customAccessPackageWorkflowExtension objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties. The resulting list includes all the **customAccessPackageWorkflowExtension** objects for the catalog that the caller has access to read. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_list_customaccesspackageworkflowextensions" } -->
## HTTP request
This method supports the `$select` and `$filter` OData query parameters to help
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
} --> ``` http
-GET /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
``` # [C#](#tab/csharp)
v1.0 Accesspackagecatalog Post Accesspackagecustomworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-post-accesspackagecustomworkflowextensions.md
Title: "Create accessPackageCustomWorkflowExtension"
description: "Create a new accessPackageCustomWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Create a new [accessPackageAssignmentRequestWorkflowExtension](../resources/acce
You must explicitly provide an `@odata.type` property that indicates whether the object is an **accessPackageAssignmentRequestWorkflowExtension** or an **accessPackageAssignmentWorkflowExtension**. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_post_accesspackagecustomworkflowextensions" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
Content-Type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/create-accesspackageassignmentrequestworkflowextension-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [Java](#tab/java)
+ # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/create-accesspackageassignmentrequestworkflowextension-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-Type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/create-accesspackageassignmentworkflowextension-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [Java](#tab/java)
+ # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/create-accesspackageassignmentworkflowextension-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accesspackagecatalog Post Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md
Title: "Create customAccessPackageWorkflowExtensions"
description: "Create a new customAccessPackageWorkflowExtension object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object and add it to an existing [accessPackageCatalog](../resources/accesspackagecatalog.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_post_customaccesspackageworkflowextensions" } -->
## HTTP request
POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Accesspackagecatalog Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagecatalog-update.md
Title: "Update accessPackageCatalog"
description: "Update the properties of an accessPackageCatalog object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update an existing [accessPackageCatalog](../resources/accesspackagecatalog.md) object to change one or more of its properties, such as the display name or description. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagecatalog_update" } -->
## HTTP request <!-- {
PATCH /identityGovernance/entitlementManagement/accessPackageCatalogs/{accessPac
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Accesspackageresource Refresh https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageresource-refresh.md
+
+ Title: "accessPackageResource: refresh"
+description: "Refresh an accessPackageResource object from an origin system."
+
+ms.localizationpriority: medium
+++
+# accessPackageResource: refresh
+Namespace: microsoft.graph
++
+In [Azure AD entitlement management](../resources/entitlementmanagement-overview.md), refresh the [accessPackageResource](../resources/accesspackageresource.md) object to fetch the latest details for **displayName**, **description**, and **resourceType** from the origin system. For the `AadApplication` originSystem, this operation also updates the **displayName** and **description** for the [accessPackageResourceRole](../resources/accesspackageresourcerole.md).
++++
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "accesspackageresource_refresh" } -->
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{accessPackageCatalogId}/accessPackageResources/{accessPackageResourceId}/refresh
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and no object in the response body.
++
+## Examples
+
+### Request
+The following example shows a request.
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "accesspackageresourcethis.refresh"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/16b6a9de-f519-4bd2-86cb-793808f70230/accessPackageResources/b078b6f9-15c1-423b-864f-994ccf8d6fbf/refresh
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [Python](#tab/python)
+++
+### Response
+
+The following example shows the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+```
v1.0 Accesspackageresourceenvironment Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackageresourceenvironment-get.md
Title: "Get accessPackageResourceEnvironment"
description: "Read the properties and relationships of an accessPackageResourceEnvironment object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accesspackageresourceenvironment_get" } -->
## HTTP request
This method does not currently support [OData query parameters](/graph/query-par
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accesspackagesubject Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagesubject-get.md
Title: "Get accessPackageSubject"
-description: "Get the properties of an accessPackageSubject object."
+description: "Gets the properties of an accessPackageSubject object."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get an existing [accessPackageSubject](../resources/accesspackagesubject.md) object properties.
+Get the properties of an existing [accessPackageSubject](../resources/accesspackagesubject.md) object.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagesubject_get" } -->
## HTTP request <!-- {
GET /identityGovernance/entitlementManagement/subjects(objectId='{objectIdOfUser
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accesspackagesubject"
If successful, this method returns a `200 OK` response code and the requested [a
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/subjects(objectId='{objectIdOfUser}') ```
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++ ### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
"objectId": "a382de66-b7bb-4c30-82b7-306c6ae6a4ae", "altSecId": null, "displayName": "Accessibility Test",
- "principalName": "accessibility@contosodeb.onmicrosoft.com",
- "email": "accessibility@contosodeb.onmicrosoft.com",
+ "principalName": "accessibility@contoso.com",
+ "email": "accessibility@contoso.com",
"onPremisesSecurityIdentifier": null, "type": "User", "subjectLifecycle": "governed"
Content-type: application/json
"suppressions": [ ] }>
+-->
v1.0 Accesspackagesubject Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accesspackagesubject-update.md
Title: "Update accessPackageSubject"
description: "Update the properties of an accessPackageSubject object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update an existing [accessPackageSubject](../resources/accesspackagesubject.md) object to change the subject lifecycle. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | EntitlementManagement.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accesspackagesubject_update" } -->
## HTTP request <!-- {
PATCH /identityGovernance/entitlementManagement/subjects(objectId='{objectIdOfUs
Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `204 No Content` response code.
### Request
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accesspackagesubject"
Content-Type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++ ### Response <!-- {
v1.0 Accessreview Addreviewer https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-addreviewer.md
Title: "Add accessReview reviewer (deprecated)"
-description: "In the Azure AD access reviews feature, update an existing accessReview object to add another user as a reviewer. This operation is only permitted for an access review that is not yet completed, and only for an access review where the reviewers are explicitly specified. This operation is not permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers. "
+description: "In the Microsoft Entra access reviews feature, update an existing accessReview object to add another user as a reviewer. This operation is only permitted for an access review that isn't yet completed, and only for an access review where the reviewers are explicitly specified. This operation isn't permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers. "
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to add another user as a reviewer. This operation is only permitted for an access review that is not yet completed, and only for an access review where the reviewers are explicitly specified. This operation is not permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to add another user as a reviewer. This operation is only permitted for an access review that isn't yet completed, and only for an access review where the reviewers are explicitly specified. This operation isn't permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_addreviewer" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
The following table shows the properties that can be supplied when you update an
## Response
-If successful, this method returns a `201 Created` response code .
+If successful, this method returns a `201 Created` response code.
## Example
-This is an example of updating a one-time (not reoccurring) access review with an additional reviewer.
+This is an example of updating a one-time (not reoccurring) access review with another reviewer.
##### Request In the request body, supply a JSON representation of the id of the user object.
HTTP/1.1 201 Created
] } -->--
v1.0 Accessreview Apply https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-apply.md
Title: "Apply accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, apply the decisions of a completed accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. "
+description: "In the Microsoft Entra access reviews feature, apply the decisions of a completed accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. "
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, apply the decisions of a completed [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, apply the decisions of a completed [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review.
-After an access review is finished, either because it reached the end date or an administrator stopped it manually, and auto-apply wasn't configured for the review, you can call Apply to apply the changes. Until apply occurs, the decisions to remove access rights do not appear on the source resource, the users for instance retain their group memberships. By calling apply, the outcome of the review is implemented by updating the group or application. If a user's access was denied in the review, when an administrator calls this API, Azure AD removes their membership or application assignment.
+After an access review is finished, either because it reached the end date or an administrator stopped it manually, and auto-apply wasn't configured for the review, you can call Apply to apply the changes. Until apply occurs, the decisions to remove access rights do not appear on the source resource, the users for instance retain their group memberships. By calling apply, the outcome of the review is implemented by updating the group or application. If a user's access was denied in the review, when an administrator calls this API, Microsoft Entra ID removes their membership or application assignment.
After an access review is finished, and auto-apply was configured, then the status of the review will change from Completed through intermediate states and finally will change to state Applied. You should expect to see denied users, if any, being removed from the resource group membership or app assignment in a few minutes. A configured auto applying review, or selecting Apply doesn't have an effect on a group that originates in an on-premises directory or a dynamic group. If you want to change a group that originates on-premises, download the results and apply those changes to the representation of the group in that directory. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_apply" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
POST /accessReviews/{reviewId}/applyDecisions
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Example ### Request
HTTP/1.1 204 No Content
} -->
-## See also
+## Related content
- [How to complete an access review](/azure/active-directory/active-directory-azure-ad-controls-complete-access-review)
v1.0 Accessreview Create https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-create.md
Title: "Create accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, create a new accessReview object."
+description: "In the Microsoft Entra access reviews feature, create a new accessReview object."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, create a new [accessReview](../resources/accessreview.md) object.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, create a new [accessReview](../resources/accessreview.md) object.
Before making this request, the caller must have previously [retrieved the list of business flow templates](businessflowtemplate-list.md), to have the value of **businessFlowTemplateId** to include in the request. After making this request, the caller should [create a programControl](programcontrol-create.md), to link the access review to a program. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_create" } -->
The caller should also have ProgramControl.ReadWrite.All permission, so that after creating an access review, the caller can create a [programControl](../resources/programcontrol.md). In addition, the signed in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviews-root.md).
POST /accessReviews
## Request headers | Name | Description | |:-|:|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | ## Request body
Content-type: application/json
] } -->--
v1.0 Accessreview Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-delete.md
Title: "Delete accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, delete an accessReview object."
+description: "In the Microsoft Entra access reviews feature, delete an accessReview object."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, delete an [accessReview](../resources/accessreview.md) object.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, delete an [accessReview](../resources/accessreview.md) object.
++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_delete" } -->
The caller should also have ProgramControl.ReadWrite.All permission, so that it can delete a [programControl](../resources/programcontrol.md).
DELETE /accessReviews/{reviewId}
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
HTTP/1.1 204 No Content
] } -->--
v1.0 Accessreview Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-get.md
Title: "Get accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, retrieve an accessReview object."
+description: "In the Microsoft Entra access reviews feature, retrieve an accessReview object."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, retrieve an [accessReview](../resources/accessreview.md) object.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, retrieve an [accessReview](../resources/accessreview.md) object.
To retrieve the reviewers of the access review, use the [list accessReview reviewers](accessreview-listreviewers.md) API. To retrieve the decisions of the access review, use the [list accessReview decisions](accessreview-listdecisions.md) API, or the [list my accessReview decisions](accessreview-listmydecisions.md) API. If this is a recurring access review, no decisions will be associated with the recurring access review series. Instead, use the `instances` relationship of that series to retrieve an [accessReview](../resources/accessreview.md) collection of the past, current, and future instances of the access review. Each past and current instance will have decisions. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_get" } -->
In order to call this API, the signed in user must also be in a directory role that permits them to read an access review, or the user can be assigned as a reviewer on the access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviews-root.md).
GET /accessReviews/{reviewId}
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and an [accessReview](../resources/accessreview.md) object in the response body.
Content-type: application/json
} ```
-## See also
+## Related content
- [Create accessReview](accessreview-create.md) - [List accessReviews](accessreview-list.md)
Content-type: application/json
] } -->--
v1.0 Accessreview List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-list.md
Title: "List accessReviews (deprecated)"
description: "Retrieve accessReview objects for a businessFlowTemplate." ms.localizationpriority: medium + doc_type: apiPageType
If many access reviews match the filter, to improve efficiency and avoid timeout
The **accessReview** objects returned by this API will not include nested structure properties such as **settings**, or relationships. To retrieve an access review settings or relationships, use the [get accessReview](accessreview-get.md) API. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_list" } -->
The signed in user must also be in a directory role that permits them to read an access review.
Content-type: application/json
} ```
-## See also
+## Related content
- [Get accessReview](accessreview-get.md)
v1.0 Accessreview Listdecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-listdecisions.md
Title: "List accessReview decisions (deprecated)"
-description: "In the Azure AD access reviews feature, retrieve the decisions of an accessReview object."
+description: "In the Microsoft Entra access reviews feature, retrieve the decisions of an accessReview object."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, retrieve the decisions of an [accessReview](../resources/accessreview.md) object.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, retrieve the decisions of an [accessReview](../resources/accessreview.md) object.
Note that a recurring access review will not have a **decisions** relationship. Instead, the caller must navigate the **instance** relationship to find an [accessReview](../resources/accessreview.md) object for a current or past instance of the access review. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_listdecisions" } -->
The signed in user must also be in a directory role that permits them to read an access review.
Content-type: application/json
} ```
-## See also
+## Related content
| Method | Return Type |Description| |:|:--|:-|
Content-type: application/json
] } -->--
v1.0 Accessreview Listmydecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-listmydecisions.md
Title: "List my accessReview decisions (deprecated)"
-description: "In the Azure AD access reviews feature, retrieve the decisions of an accessReview object for the calling user as reviewer."
+description: "In the Microsoft Entra access reviews feature, retrieve the decisions of an accessReview object for the calling user as reviewer."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, retrieve the decisions of an [accessReview](../resources/accessreview.md) object for the calling user as reviewer.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, retrieve the decisions of an [accessReview](../resources/accessreview.md) object for the calling user as reviewer.
++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "accessreview_listmydecisions" } -->
The signed in user must also be permitted to read this particular access review.
Content-type: application/json
} ```
-## See also
+## Related content
| Method | Return Type |Description| |:|:--|:-|
Content-type: application/json
] } -->--
v1.0 Accessreview Listreviewers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-listreviewers.md
Title: "List accessReview reviewers (deprecated)"
-description: "In the Azure AD access reviews feature, retrieve the reviewers of an accessReview object."
+description: "In the Microsoft Entra access reviews feature, retrieve the reviewers of an accessReview object."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, retrieve the reviewers of an [accessReview](../resources/accessreview.md) object.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, retrieve the reviewers of an [accessReview](../resources/accessreview.md) object.
++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_listreviewers" } -->
The signed in user must also be in a directory role that permits them to read an access review.
Content-type: application/json
} ```
-## See also
+## Related content
| Method | Return Type |Description| |:|:--|:-|
Content-type: application/json
] } -->--
v1.0 Accessreview Removereviewer https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-removereviewer.md
Title: "Remove accessReview reviewer (deprecated)"
description: "Remove an access review reviewer." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to remove a user as a reviewer. This operation is only permitted for an access review that is not yet completed, and only for an access review where the reviewers are explicitly specified. This operation is not permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to remove a user as a reviewer. This operation is only permitted for an access review that isn't yet completed, and only for an access review where the reviewers are explicitly specified. This operation isn't permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_removereviewer" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
This is an example of updating a one-time (not reoccurring) access review to rem
##### Request
-In the request URL, supply the id of the accessReview object and then the id of the user object.
+In the request URL, supply the ID of the accessReview object and then the ID of the user object.
# [HTTP](#tab/http)
HTTP/1.1 204 No content
] } -->--
v1.0 Accessreview Reset https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-reset.md
Title: "Reset accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, reset the decisions of a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. Previous decisions are no longer recorded, but reviewers can continue to update decisions."
+description: "In the Microsoft Entra access reviews feature, reset the decisions of a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. Previous decisions are no longer recorded, but reviewers can continue to update decisions."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, reset the decisions of a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review. Previous decisions are no longer recorded, but reviewers can continue to update decisions.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, reset the decisions of a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review. Previous decisions are no longer recorded, but reviewers can continue to update decisions.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_reset" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
POST /accessReviews/{reviewId}/resetDecisions
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
HTTP/1.1 204 No Content
] } -->--
v1.0 Accessreview Sendreminder https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-sendreminder.md
Title: "SendReminder accessReview"
-description: "In the Azure AD access reviews feature, send a reminder to the reviewers of a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. "
+description: "In the Microsoft Entra access reviews feature, send a reminder to the reviewers of a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. "
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, send a reminder to the reviewers of a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, send a reminder to the reviewers of a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_sendreminder" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
POST /accessReviews/{reviewId}/sendReminder
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
HTTP/1.1 204 No Content
] } -->--
v1.0 Accessreview Stop https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-stop.md
Title: "Stop accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, stop a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. (To prevent a recurring access review from starting future instances, update it to change its scheduled end date). After the access review stops, reviewers can no longer give input, and the access review decisions can be applied."
+description: "In the Microsoft Entra access reviews feature, stop a currently active accessReview. The target object can be either a one-time access review, or an instance of a recurring access review. (To prevent a recurring access review from starting future instances, update it to change its scheduled end date). After the access review stops, reviewers can no longer give input, and the access review decisions can be applied."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, stop a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review. (To prevent a recurring access review from starting future instances, [update it](accessreview-update.md) to change its scheduled end date). After the access review stops, reviewers can no longer give input, and the access review decisions can be applied.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, stop a currently active [accessReview](../resources/accessreview.md). The target object can be either a one-time access review, or an instance of a recurring access review. (To prevent a recurring access review from starting future instances, [update it](accessreview-update.md) to change its scheduled end date). After the access review stops, reviewers can no longer give input, and the access review decisions can be applied.
++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_stop" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
POST /accessReviews/{reviewId}/stop
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
HTTP/1.1 204 No Content
] } -->--
v1.0 Accessreview Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreview-update.md
Title: "Update accessReview (deprecated)"
-description: "In the Azure AD access reviews feature, update an existing accessReview object to change one or more of its properties."
+description: "In the Microsoft Entra access reviews feature, update an existing accessReview object to change one or more of its properties."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer](../../includes/accessreviews-disclaimer.md)]
-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to change one or more of its properties.
+In the Microsoft Entra [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to change one or more of its properties.
This API is not intended to change the reviewers or decisions of a review. To change the reviewers, use the [addReviewer](accessreview-addreviewer.md) or [removeReviewer](accessreview-removereviewer.md) APIs. To stop an already-started one-time review, or an already-started instance of a recurring review, early, use the [stop](accessreview-stop.md) API. To apply the decisions to the target group or app access rights, use the [apply](accessreview-apply.md) API. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AccessReview.ReadWrite.Membership |
+<!-- { "blockType": "permissions", "name": "accessreview_update" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
Content-type: application/json
] } -->--
v1.0 Accessreviewhistorydefinition Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewhistorydefinition-get.md
Title: "Get accessReviewHistoryDefinition"
description: "Retrieve an accessReviewHistoryDefinition object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object by its identifier. All of the properties of the access review history definition object are returned. If the definition is 30 days or older, a `404 Not Found` error is returned. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewhistorydefinition_get" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
This method supports the `$select` and `$expand` OData query parameters to help
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewhistorydefinition-list-instances.md
Title: "List instances (of an accessReviewHistoryDefinition)"
description: "Retrieve the instances of an access review history definition." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [instances](../resources/accessreviewhistoryinstance.md) of an [access review history definition](../resources/accessreviewhistorydefinition.md) created in the last 30 days. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewhistorydefinition_list_instances" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
GET /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDef
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewhistoryinstance Generatedownloaduri https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewhistoryinstance-generatedownloaduri.md
Title: "accessReviewHistoryInstance: generateDownloadUri"
description: "Generate a URI that can be used to retrieve review history data." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Generates a URI for an [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object the **status** for which is `done`. Each URI can be used to retrieve the instance's review history data. Each URI is valid for 24 hours and can be retrieved by fetching the **downloadUri** property from the [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewhistoryinstance_generatedownloaduri" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDe
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewinstance Acceptrecommendations https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-acceptrecommendations.md
Title: "accessReviewInstance: acceptRecommendations"
-description: "Allows the acceptance of recommendations on all decisions that have not been reviewed for an access review instance for which the calling user is a reviewer. "
+description: "Allows the acceptance of recommendations on all decisions that haven't been reviewed for an access review instance for which the calling user is a reviewer. "
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Allows the acceptance of recommendations on all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects that have not been reviewed for an [accessReviewInstance](../resources/accessreviewinstance.md) object for which the calling user is a reviewer. Recommendations are generated if **recommendationsEnabled** is `true` on the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. If there is not a recommendation on an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object no decision will be recorded.
+Allows the acceptance of recommendations on all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects that haven't been reviewed for an [accessReviewInstance](../resources/accessreviewinstance.md) object for which the calling user is a reviewer. Recommendations are generated if **recommendationsEnabled** is `true` on the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. If there isn't a recommendation on an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object no decision will be recorded.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-| Delegated (personal Microsoft account)| Not supported. |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_acceptrecommendations" } -->
The signed-in user must also be a reviewer on the accessReviewInstance.
POST /me/pendingAccessReviewInstances/{instance-id}/acceptRecommendations
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
v1.0 Accessreviewinstance Applydecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-applydecisions.md
Title: "accessReviewInstance: applyDecisions"
description: "Apply decisions on an accessReviewInstance." ms.localizationpriority: medium+ doc_type: apiPageType
Apply review decisions on an [accessReviewInstance](../resources/accessreviewins
The status of the accessReviewInstance must be `Completed` to call this method. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_applydecisions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{in
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this action returns a `204 No Content` response code.
v1.0 Accessreviewinstance Batchrecorddecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-batchrecorddecisions.md
Title: "accessReviewInstance: batchRecordDecisions"
description: "Enables reviewers to review all accessReviewInstanceDecisionItem objects in batches." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Enables reviewers to review all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in batches by using **principalId**, **resourceId**, or neither. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_batchrecorddecisions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /me/pendingAccessReviewInstances/{accessReviewInstanceId}/batchRecordDecisi
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Accessreviewinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-filterbycurrentuser.md
Title: "accessReviewInstance: filterByCurrentUser"
description: "Returns all accessReviewInstance objects for a given reviewer." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Returns all [accessReviewInstance](../resources/accessreviewinstance.md) objects on a given [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) where the calling user is a reviewer on one or more [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_filterbycurrentuser" } -->
## HTTP request
The default page size for this API is 100 **accessReviewInstance** objects. To i
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
[!INCLUDE [sample-code](../includes/snippets/php/accessreviewinstance-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accessreviewinstance-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewinstance Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-get.md
Title: "Get accessReviewInstance"
description: "Retrieve an accessReviewInstance object." ms.localizationpriority: medium + doc_type: apiPageType
Retrieve an [accessReviewInstance](../resources/accessreviewinstance.md) object
To retrieve the decisions on the instance, use [List accessReviewInstanceDecisionItem](accessreviewinstance-list-decisions.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_get" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
This method supports the `$select` OData query parameter to help customize the r
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and an [accessReviewInstance](../resources/accessreviewinstance.md) object in the response body.
Content-type: application/json
} ```
-## See also
+## Related content
- [Get accessReviewScheduleDefinition](accessreviewscheduledefinition-get.md) - [List accessReviewInstance](accessreviewscheduledefinition-list-instances.md)
v1.0 Accessreviewinstance List Contactedreviewers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-list-contactedreviewers.md
Title: "List contactedReviewers"
description: "Get the reviewers for an access review instance." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get the reviewers for an [access review instance](../resources/accessreviewinstance.md), irrespective of whether or not they have received a notification. The reviewers are represented by an [accessReviewReviewer](../resources/accessreviewreviewer.md) object. A list of zero or more objects are returned, including all of their nested properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_list_contactedreviewers" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
The default page size for this API is 100 **accessReviewReviewer** objects. To i
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewinstance List Decisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-list-decisions.md
Title: "List decisions"
description: "Get the accessReviewInstanceDecisionItem resources from the decisions navigation property." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects for a specific [accessReviewInstance](../resources/accessreviewinstance.md). A list of zero or more accessReviewInstanceDecisionItem objects are returned, including all of their nested properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_list_decisions" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
The default page size for this API is 100 **accessReviewInstance** objects. To i
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/decisions/
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [PowerShell](#tab/powershell) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Python](#tab/python)
v1.0 Accessreviewinstance List Stages https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-list-stages.md
Title: "List stages"
description: "Retrieve the stages in a multi-stage access review instance." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the stages in a multi-stage access review instance. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_list_stages" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
This method supports the `$select`, `$orderby`, and `$filter` (`eq` only) OData
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewinstance Pendingaccessreviewinstances https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-pendingaccessreviewinstances.md
Title: "accessReviewInstance: pendingAccessReviewInstances"
description: "Retrieve accessReviewInstance objects pending approval by calling user." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewInstance](../resources/accessreviewinstance.md) objects pending approval by the calling user. A list of zero or more accessReviewInstance objects are returned, of which the calling user is an assigned reviewer. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_pendingaccessreviewinstances" } -->
The signed-in user only sees instances of which they are assigned reviewer in the accessReviewScheduleDefinition of the instance.
Content-type: application/json
} ```
-## See also
+## Related content
- [Get accessReviewInstance](accessreviewinstance-get.md) - [Get accessReviewInstanceDecisionItems pending approval](accessreviewinstancedecisionitem-listpendingapproval.md)
v1.0 Accessreviewinstance Resetdecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-resetdecisions.md
Title: "accessReviewInstance: resetDecisions"
description: "Resets all accessReviewInstanceDecisionItem objects on an accessReviewInstance to `notReviewed`." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Resets decisions of all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on an [accessReviewInstance](../resources/accessreviewinstance.md) to `notReviewed`. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_resetdecisions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefiniti
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewinstance Sendreminder https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-sendreminder.md
Title: "accessReviewInstance: sendReminder"
description: "Sends a reminder to the reviewers of a currently active accessReviewInstance." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Send a reminder to the reviewers of a currently active [accessReviewInstance](../resources/accessreviewinstance.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_sendreminder" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions/{definitionId}/instances/{ins
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
v1.0 Accessreviewinstance Stop https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-stop.md
Title: "Stop accessReviewInstance"
description: "Stop a currently active accessReviewInstance." ms.localizationpriority: medium + doc_type: apiPageType
Stop a currently active [accessReviewInstance](../resources/accessreviewinstance
Stopping an instance will not effect future instances. To prevent a recurring access review from starting future instances, [update the schedule definition](accessreviewscheduledefinition-update.md) to change its scheduled end date. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_stop" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{in
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
v1.0 Accessreviewinstance Stopapplydecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-stopapplydecisions.md
Title: "accessReviewInstance: stopApplyDecisions"
description: "Stop the apply decision action on when accessReviewInstance when the decision is in the process of being applied." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Stop the apply decision action on a [accessReviewInstance](../resources/accessreviewinstance.md) when the decision is in the process of being applied. You can stop the apply decision action only when the review is created with autoapply and autoreview settings, and the remediation option to disable and delete users. When you call this API on a current instance of a recurrence, it will not affect future instances. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)| Not supported. |
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_stopapplydecisions" } -->
## HTTP request
POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{i
None ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Examples
v1.0 Accessreviewinstance Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstance-update.md
Title: "Update accessReviewInstance"
description: "Update the properties of an accessReviewInstance object." ms.localizationpriority: medium+ doc_type: apiPageType
To update an **accessReviewInstance**, its **status** must be `InProgress`.
> Updating an **accessReviewInstance** will update only that instance. The parent **accessReviewScheduleDefinition** and any future **accessReviewInstance** objects won't change. To make updates that apply to all future instances, update the parent [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstance_update" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
PUT /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitio
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
Content-Type: application/json
} ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/update-accessreviewinstance-e1-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewinstancedecisionitem Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-filterbycurrentuser.md
Title: "accessReviewInstanceDecisionItem: filterByCurrentUser"
description: "Retrieve all decision items on an instance of an access review or a stage of an instance of a multi-stage access review, for which the calling user is the reviewer." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve all decision items on an instance of an access review or a stage of an instance of a multi-stage access review, for which the calling user is the reviewer. The decision items are presented by a [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on a given [accessReviewInstance](../resources/accessreviewinstance.md) or [accessReviewStage](../resources/accessReviewStage.md) for which the calling user is the reviewer. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstancedecisionitem_filterbycurrentuser" } -->
## HTTP request
The default page size for this API is 100 **accessReviewInstanceDecisionItem** o
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
[!INCLUDE [sample-code](../includes/snippets/php/accessreviewinstancedecisionitem-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accessreviewinstancedecisionitem-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
[!INCLUDE [sample-code](../includes/snippets/php/accessreviewinstancedecisionitem-filterbycurrentuser-2-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accessreviewinstancedecisionitem-filterbycurrentuser-2-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewinstancedecisionitem Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-get.md
Title: "Get accessReviewInstanceDecisionItem"
description: "Read the properties and relationships of an accessReviewInstanceDecisionItem object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewinstancedecisionitem_get" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
This method supports the `$select` OData query parameter to help customize the r
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewinstancedecisionitem Listpendingapproval https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-listpendingapproval.md
Title: "List accessReviewInstanceDecisionItem pending approval"
description: "Retrieve accessReviewInstanceDecisionItem objects pending approval by the calling user." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewInstanceDecisionItem](../resources/accessreviewinstance.md) objects for a specific [accessReviewInstance](../resources/accessreviewscheduledefinition.md) pending approval by the calling user. A list of zero or more accessReviewInstanceDecisionItem objects are returned, including all of their nested properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
+<!-- { "blockType": "permissions", "name": "accessreviewinstancedecisionitem_listpendingapproval" } -->
The signed-in user will also only see decisions of which they are assigned reviewer in that decision's instance's accessReviewScheduleDefinition.
Content-type: application/json
} ```
-## See also
+## Related content
- [Get accessReviewScheduleDefinition](accessreviewscheduledefinition-get.md) - [Get accessReviewInstance](accessreviewinstance-get.md)
v1.0 Accessreviewinstancedecisionitem Recordalldecisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-recordalldecisions.md
Title: "accessReviewInstanceDecisionItem: recordAllDecisions"
description: "Record the decisions for an accessReviewInstanceDecisionItem object." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
As a reviewer of an access review, record a decision for an [accessReviewInstanceDecisionItem](../resources/accessReviewInstanceDecisionItem.md) that is assigned to you and that matches the principal or resource IDs specified. If no IDs are specified, the decisions will apply to every **accessReviewInstanceDecisionItem** for which you are the reviewer. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewinstancedecisionitem_recordalldecisions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewe
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
Content-Type: application/json
} ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/accessreviewinstancedecisionitem-recordalldecisions-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewinstancedecisionitem Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-update.md
Title: "Update accessReviewInstanceDecisionItem"
description: "Update an existing accessReviewInstanceDecisionItem object for which the calling user is the reviewer." ms.localizationpriority: medium + doc_type: apiPageType
Update access decisions, known as [accessReviewInstanceDecisionItems](../resourc
>[!NOTE] >Any updates made to an **accessReviewInstanceDecisionItem** can only be made by calling users who are listed as reviewer for the parent [accessReviewInstance](../resources/accessreviewinstance.md). + ## Permissions
-One of the following permissions is required to call this API. Delegated permissions to personal Microsoft accounts are not supported. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
+<!-- { "blockType": "permissions", "name": "accessreviewinstancedecisionitem_update" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinit
## Request headers | Name | Description | |:-|:|
-| Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | ## Request body
v1.0 Accessreviewpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewpolicy-get.md
Title: "Get accessReviewPolicy"
description: "Read the properties and relationships of an accessReviewPolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.AccessReview|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Policy.Read.All, Policy.ReadWrite.AccessReview|
+<!-- { "blockType": "permissions", "name": "accessreviewpolicy_get" } -->
## HTTP request
GET /identityGovernance/accessReviews/policy
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewpolicy-update.md
Title: "Update accessReviewPolicy"
description: "Update the properties of an accessReviewPolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Policy.ReadWrite.AccessReview|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Policy.ReadWrite.AccessReview|
+<!-- { "blockType": "permissions", "name": "accessreviewpolicy_update" } -->
## HTTP request
PATCH /identityGovernance/accessReviews/policy
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Accessreviewscheduledefinition Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewscheduledefinition-delete.md
Title: "Delete accessReviewScheduleDefinition"
description: "Delete an accessReviewScheduleDefinition object." ms.localizationpriority: medium + doc_type: apiPageType
Delete an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefi
[!INCLUDE [GDPR-related-guidance](../../includes/accessreviews-gdpr-delete-intro-sentence.md)] + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewscheduledefinition_delete" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
DELETE /identityGovernance/accessReviews/definitions/{review-id}
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204, No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204, No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
v1.0 Accessreviewscheduledefinition Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewscheduledefinition-filterbycurrentuser.md
Title: "accessReviewScheduleDefinition: filterByCurrentUser"
description: "Returns accessReviewScheduleDefinition objects where the calling user is the reviewer." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Returns [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects where the calling user is a reviewer on one or more [accessReviewInstance](../resources/accessreviewinstance.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewscheduledefinition_filterbycurrentuser" } -->
## HTTP request
The default page size for this API is 100 **accessReviewScheduleDefinition** obj
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
[!INCLUDE [sample-code](../includes/snippets/php/accessreviewscheduledefinition-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accessreviewscheduledefinition-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewscheduledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewscheduledefinition-get.md
Title: "Get accessReviewScheduleDefinition"
description: "Retrieve an accessReviewScheduleDefinition object." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object by ID. This returns all properties of the scheduled access review series except for the associated accessReviewInstances. Each accessReviewScheduleDefinition has at least one instance. An instance represents a review for a specific resource (such as a particular group's members), during one occurrence (e.g., March 2021) of a recurring review.
+Retrieve an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object by ID. This returns all properties of the scheduled access review series except for the associated accessReviewInstances. Each accessReviewScheduleDefinition has at least one instance. An instance represents a review for a specific resource (such as a particular group's members), during one occurrence (for example, March 2021) of a recurring review.
To retrieve the instances of the access review series, use the [list accessReviewInstance](accessreviewscheduledefinition-list-instances.md) API. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewscheduledefinition_get" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
-The calling user can also read access reviews whether they are assigned as a reviewer.
+The calling user can also read access reviews whether they're assigned as a reviewer.
## HTTP request <!-- { "blockType": "ignored" } -->
This method supports `$select` OData query parameters to help customize the resp
None. ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
Content-type: application/json
} ```
-## See also
+## Related content
- [Create accessReviewScheduleDefinition](accessreviewset-post-definitions.md) - [List accessReviewScheduleDefinition](accessreviewset-list-definitions.md)
v1.0 Accessreviewscheduledefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewscheduledefinition-list-instances.md
Title: "List instances"
description: "Retrieve accessReviewInstance objects." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewInstance](../resources/accessreviewinstance.md) objects for a specific [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md). A list of zero or more **accessReviewInstance** objects are returned, including all of their nested properties. Returned objects do not include associated accessReviewInstanceDecisionItems. To retrieve the decisions on the instance, use [List accessReviewInstanceDecisionItem](accessreviewinstance-list-decisions.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewscheduledefinition_list_instances" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
Content-type: application/json
} ```
-## See also
+## Related content
- [List accessReviewScheduleDefinition](accessreviewset-list-definitions.md) - [Get accessReviewInstance](accessreviewinstance-get.md)
v1.0 Accessreviewscheduledefinition Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewscheduledefinition-update.md
Title: "Update accessReviewScheduleDefinition"
description: "Update an existing accessReviewScheduleDefinition object to change one or more of its properties." ms.localizationpriority: medium + doc_type: apiPageType
Update an existing [accessReviewScheduleDefinition](../resources/accessreviewsch
>Any updates made to an accessReviewScheduleDefinition only apply to future instances. Currently running instances cannot be updated. >Additionally, this API is not intended to update properties, including decisions, on the accessReviewInstance level. See [accessReviewInstance](../resources/accessreviewinstance.md) for more information on instances. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewscheduledefinition_update" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
PUT /identityGovernance/accessReviews/definitions/{review-id}
## Request headers | Name | Description | |:-|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | ## Request body
Content-type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+ # [Java](#tab/java) [!INCLUDE [sample-code](../includes/snippets/jav)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/javascript/update-accessreviewscheduledefinition-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+ ### Response
v1.0 Accessreviewset List Definitions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewset-list-definitions.md
Title: "List definitions"
description: "Retrieve accessReviewScheduleDefinition objects." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects. A list of zero or more accessReviewScheduleDefinition objects are returned, including all of their nested properties, for each access review series created. This does not include the associated accessReviewInstance objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewset_list_definitions" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
Content-type: application/json
```
-## See also
+## Related content
- [Get accessReviewScheduleDefinition](accessreviewscheduledefinition-get.md)
v1.0 Accessreviewset List Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewset-list-historydefinitions.md
Title: "List historyDefinitions"
description: "Get a list of the accessReviewHistoryDefinition objects." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) objects created in the last 30 days, including all nested properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewset_list_historydefinitions" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
The default page size for this API is 100 **accessReviewHistoryDefinitions** obj
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewset Post Definitions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewset-post-definitions.md
Title: "Create definitions"
description: "Create a new accessReviewScheduleDefinition object." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Create a new [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewset_post_definitions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions
## Request headers | Name | Description | |:-|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | ## Request body
The following table shows the properties accepted to create an accessReview.
| descriptionForAdmins | String | Context of the review provided to admins. Required. | descriptionForReviewers | String | Context of the review provided to reviewers in email notifications. Email notifications support up to 256 characters. Required. | | displayName | String | Name of access review series. Required.|
-| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as `reviewers` and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal. <br/><br/>**NOTE:** The value of this property will be ignored if fallback reviewers are assigned through the **stageSettings** property.|
+| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as `reviewers` and a principal under review does not have a manager in Microsoft Entra ID, the fallback reviewers are asked to review that principal. <br/><br/>**NOTE:** The value of this property will be ignored if fallback reviewers are assigned through the **stageSettings** property.|
| instanceEnumerationScope | [accessReviewScope](../resources/accessreviewscope.md) | In the case of an all groups review, this determines the scope of which groups will be reviewed. See [accessReviewScope](../resources/accessreviewscope.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept).| | reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept). <br/><br/>**NOTE:** The value of this property will be ignored if reviewers are assigned through the **stageSettings** property. | | scope | [accessReviewScope](../resources/accessreviewscope.md) | Defines the entities whose access is reviewed. See [accessReviewScope](../resources/accessreviewscope.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept). Required.|
v1.0 Accessreviewset Post Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewset-post-historydefinitions.md
Title: "Create historyDefinitions"
description: "Create a new accessReviewHistoryDefinition object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewset_post_historydefinitions" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/historyDefinitions
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
The following table shows the required properties used to create an [accessRevie
|Property|Type|Description| |:|:|:| |displayName | String | Name for the access review history data collection. Required. |
-|reviewHistoryPeriodStartDateTime | DateTimeOffset | A timestamp. Reviews starting on or after this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
-|reviewHistoryPeriodEndDateTime | DateTimeOffset | A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|reviewHistoryPeriodStartDateTime | DateTimeOffset | A timestamp. Reviews starting on or after this date are in the fetched history data. Only required if **scheduleSettings** isn't defined. |
+|reviewHistoryPeriodEndDateTime | DateTimeOffset | A timestamp. Reviews starting on or before this date are included in the fetched history data. Only required if **scheduleSettings** isn't defined. |
|scopes|[accessReviewQueryScope](../resources/accessreviewqueryscope.md) collection| Used to filter which reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required. <br> For more, see [Supported scope queries for accessReviewHistoryDefinition](#supported-scope-queries-for-accessreviewhistorydefinition). |
-| scheduleSettings |[accessReviewHistoryScheduleSettings](../resources/accessReviewHistoryScheduleSettings.md)| **Not supported yet.** The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined. |
+| scheduleSettings |[accessReviewHistoryScheduleSettings](../resources/accessReviewHistoryScheduleSettings.md)| **Not supported yet.** The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** aren't defined. |
### Supported scope queries for accessReviewHistoryDefinition
v1.0 Accessreviewstage Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewstage-filterbycurrentuser.md
Title: "accessReviewStage: filterByCurrentUser"
description: "Return all accessReviewStage objects for a given reviewer." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Return all [accessReviewStage](../resources/accessReviewStage.md) objects on a given [accessReviewInstance](../resources/accessreviewinstance.md) where the calling user is a reviewer on one or more [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewstage_filterbycurrentuser" } -->
## HTTP request
This function also supports the `$select`, `$filter`, `$orderby`, `$skip` and `$
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
[!INCLUDE [sample-code](../includes/snippets/php/accessreviewstage-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/accessreviewstage-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Accessreviewstage Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewstage-get.md
Title: "Get accessReviewStage"
description: "Read the properties and relationships of an accessReviewStage object." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the properties and relationships of an [accessReviewStage](../resources/accessreviewstage.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.Read.All, AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewstage_get" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
This method supports the `$select` OData query parameter to help customize the r
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewstage List Decisions https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewstage-list-decisions.md
Title: "List decisions (from a multi-stage access review)"
description: "Get the decisions from a stage in a multi-stage access review." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get the decisions from a stage in a multi-stage access review. The decisions in an [accessReviewStage](../resources/accessReviewStage.md) object are represented by an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "accessreviewstage_list_decisions" } -->
[!INCLUDE [rbac-access-reviews-apis-read](../includes/rbac-for-apis/rbac-access-reviews-apis-read.md)]
The default page size for this API is 100 **accessReviewStage** objects. To impr
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewstage Stop https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewstage-stop.md
Title: "accessReviewStage: stop"
description: "Stop an access review stage that's in progress." ms.localizationpriority: medium + doc_type: apiPageType
Stop an [access review stage](../resources/accessReviewStage.md) that is `inProg
The [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects will always reflect the last decisions recorded across all stages at that given time, regardless of the status of the stages. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewstage_stop" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefiniti
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Accessreviewstage Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/accessreviewstage-update.md
Title: "Update accessReviewStage"
description: "Update the properties of an accessReviewStage object." ms.localizationpriority: medium+ doc_type: apiPageType
To update an **accessReviewStage**, its **status** must be `NotStarted`, `Initia
> > Updating an **accessReviewStage** will update only that stage. The parent **accessReviewInstance** and any future **accessReviewStage** objects won't change. To make updates that apply to all future instances and stages, update the parent [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "accessreviewstage_update" } -->
[!INCLUDE [rbac-access-reviews-apis-write](../includes/rbac-for-apis/rbac-access-reviews-apis-write.md)]
PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinit
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Activities List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activities-list.md
Title: List activities
description: "List the recent activities that took place on an item or under a hierarchy." ms.localizationpriority: medium doc_type: apiPageType+ # List activities (preview)
List the recent [activities](../resources/itemactivity.md) that took place on an
[activities]: ../resources/itemactivity.md + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged)
-|:--|:-
-|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
-|Delegated (personal Microsoft account) | Not supported.
-|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
+<!-- { "blockType": "permissions", "name": "activities_list" } -->
## HTTP request
v1.0 Activitybasedtimeoutpolicy Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitybasedtimeoutpolicy-delete.md
Title: "Delete activityBasedTimeoutPolicy"
description: "Delete activityBasedTimeoutPolicy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Delete an [activityBasedTimeoutPolicy](../resources/activitybasedtimeoutpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "activitybasedtimeoutpolicy_delete" } -->
## HTTP request
DELETE /policies/activityBasedTimeoutPolicies/{id}
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies/{i
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Activitybasedtimeoutpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitybasedtimeoutpolicy-get.md
Title: "Get activityBasedTimeoutPolicy"
description: "Get the properties of an activityBasedTimeoutPolicy object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Get the properties of an [activityBasedTimeoutPolicy](../resources/activitybasedtimeoutpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "activitybasedtimeoutpolicy_get" } -->
## HTTP request
This method supports the `$select` OData query parameters to help customize the
| Name |Description| |:-|:-|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Activitybasedtimeoutpolicy List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitybasedtimeoutpolicy-list.md
Title: "List activityBasedTimeoutPolicies"
description: "Get a list of activityBasedTimeoutPolicy objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Get a list of [activityBasedTimeoutPolicy](../resources/activitybasedtimeoutpolicy.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "activitybasedtimeoutpolicy_list" } -->
## HTTP request
This method supports the `$filter`, `$select` and `$top` OData query parameters
| Name |Description| |:-|:-|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Activitybasedtimeoutpolicy Post Activitybasedtimeoutpolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitybasedtimeoutpolicy-post-activitybasedtimeoutpolicies.md
Title: "Create activityBasedTimeoutPolicy"
description: "Create a new activityBasedTimeoutPolicy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Create a new [activityBasedTimeoutPolicy](../resources/activitybasedtimeoutpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "activitybasedtimeoutpolicy_post_activitybasedtimeoutpolicies" } -->
## HTTP request
POST policies/activityBasedTimeoutPolicies
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json | ## Request body
If successful, this method returns a `201 Created` response code and a new [acti
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Activitybasedtimeoutpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitybasedtimeoutpolicy-update.md
Title: "Update activitybasedtimeoutpolicy"
description: "Update the properties of an activityBasedTimeoutPolicy object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Update the properties of an [activityBasedTimeoutPolicy](../resources/activitybasedtimeoutpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "activitybasedtimeoutpolicy_update" } -->
## HTTP request
PATCH /policies/activityBasedTimeoutPolicies/{id}
| Name | Description| |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json | ## Request body
In the request body, supply the values for relevant fields that should be update
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Activitystatistics List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/activitystatistics-list.md
Title: "List activityStatistics"
description: "Get a collection of activityStatistics objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Get a collection of [activityStatistics](../resources/activitystatistics.md) for a user, for the last complete week. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Analytics.Read |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "activitystatistics_list" } -->
## HTTP request
This method does not support optional query parameters to customize the response
| Name |Description| |:-|:-|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of a request of all related activity statistics for the signed-in user.
+The following example shows a request of all related activity statistics for the signed-in user.
# [HTTP](#tab/http) <!-- {
v1.0 Addlargegalleryviewoperation Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/addlargegalleryviewoperation-get.md
Title: "Get addLargeGalleryViewOperation"
description: "Get the status of an operation that adds the large gallery view to a call." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get the status of an [operation](../resources/addlargegalleryviewoperation.md) that adds the large gallery view to a call. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :-- | :-- |
-| Delegated (work or school account) | Not supported. |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | None. |
+<!-- { "blockType": "permissions", "name": "addlargegalleryviewoperation_get" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
GET /communications/calls/{callId}/operations/{id}
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [addLargeGall
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/communications/calls/57dab8b1-894c-409a-b24
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Adminappsandservices Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminappsandservices-get.md
Title: "Get adminAppsAndServices"
description: "Read the properties and relationships of a Microsoft Graph adminAppsAndServices object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of a [adminAppsAndServices](../resources/adminappsandservices.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-AppsAndServices.Read.All, OrgSettings-AppsAndServices.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-AppsAndServices.Read.All, OrgSettings-AppsAndServices.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminappsandservices_get" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a [adminAppsAndS
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/appsAndServices
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminappsandservices Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminappsandservices-update.md
Title: "Update adminAppsAndServices"
description: "Update the properties of a Microsoft Graph adminAppsAndServices object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of a [adminAppsAndServices](../resources/adminappsandservices.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-AppsAndServices.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-AppsAndServices.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminappsandservices_update" } -->
## HTTP request
PATCH /admin/appsAndServices
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [admi
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminconsentrequestpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminconsentrequestpolicy-get.md
Title: "Get adminConsentRequestPolicy"
description: "Read the properties and relationships of an adminConsentRequestPolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [adminConsentRequestPolicy](../resources/adminconsentrequestpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.ConsentRequest, Directory.Read.All, Directory.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Policy.Read.All, Policy.ReadWrite.ConsentRequest, Directory.Read.All, Directory.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminconsentrequestpolicy_get" } -->
-When calling on behalf of a user, the user needs to belong to one of the following directory roles. To learn more about directory roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference):
+When calling on behalf of a user, the user needs to belong to one of the following directory roles. To learn more about directory roles, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
+ Global Administrator + Global Reader + Cloud Application Administrator
This method supports the `$select` OData query parameter to help customize t
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Adminconsentrequestpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminconsentrequestpolicy-update.md
Title: "Update adminConsentRequestPolicy"
description: "Update the properties of an adminConsentRequestPolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of an [adminConsentRequestPolicy](../resources/adminconsentrequestpolicy.md) object. ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Policy.ReadWrite.ConsentRequest, Directory.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Policy.ReadWrite.ConsentRequest, Directory.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminconsentrequestpolicy_update" } -->
-When calling on behalf of a user, the user needs to belong to the [Global Administrator](/azure/active-directory/roles/permissions-reference) directory role.
+When calling on behalf of a user, the user needs to belong to the [Global Administrator](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) directory role.
## HTTP request
PUT /policies/adminConsentRequestPolicy
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
Content-Type: application/json
} ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/update-adminconsentrequestpolicy-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Admindynamics Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/admindynamics-get.md
Title: "Get adminDynamics"
description: "Read the properties and relationships of a Microsoft Graph adminDynamics object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of a [adminDynamics](../resources/admindynamics.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-DynamicsVoice.Read.All, OrgSettings-DynamicsVoice.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-DynamicsVoice.Read.All, OrgSettings-DynamicsVoice.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "admindynamics_get" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a [adminDynamics
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/dynamics
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Admindynamics Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/admindynamics-update.md
Title: "Update adminDynamics"
description: "Update the properties of a Microsoft Graph adminDynamics object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of a [adminDynamics](../resources/admindynamics.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-DynamicsVoice.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-DynamicsVoice.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "admindynamics_update" } -->
## HTTP request
PATCH /admin/dynamics
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [admi
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminforms Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminforms-get.md
Title: "Get adminForms"
description: "Read the properties and relationships of a Microsoft Graph adminForms object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of a [adminForms](../resources/adminforms.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-Forms.Read.All, OrgSettings-Forms.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-Forms.Read.All, OrgSettings-Forms.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminforms_get" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a [adminForms](.
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/forms
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminforms Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminforms-update.md
Title: "Update adminForms"
description: "Update the properties of a Microsoft Graph adminForms object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of a [adminForms](../resources/adminforms.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-Forms.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-Forms.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminforms_update" } -->
## HTTP request
PATCH /admin/forms
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [admi
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Administrativeunit Delete Members https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-delete-members.md
Title: "Remove a member"
description: "Use this API to remove a member (user, group, or device) from an administrative unit." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Use this API to remove a member (user, group, or device) from an administrative unit. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_delete_members" } -->
[!INCLUDE [rbac-admin-units-apis-write](../includes/rbac-for-apis/rbac-admin-units-apis-write.md)]
DELETE /administrativeUnits/{id}/members/{id}/$ref
``` > [!CAUTION]
-> If you don't append `/$ref` to the request and the calling app has permissions to manage the member object, the object will also be deleted from Azure Active Directory (Azure AD); otherwise, a `403 Forbidden` error is returned. You can restore specific objects through the [Restore deleted items API](directory-deleteditems-restore.md).
+> If you don't append `/$ref` to the request and the calling app has permissions to manage the member object, the object will also be deleted from Microsoft Entra ID; otherwise, a `403 Forbidden` error is returned. You can restore specific objects through the [Restore deleted items API](directory-deleteditems-restore.md).
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Example ### Request
-The following is an example of the request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.
+The following example shows a request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.
```msgraph-interactive DELETE https://graph.microsoft.com/beta/administrativeUnits/{id1}/members/{id2}/$ref ``` ### Response
-The following is an example of the response.
+The following example shows the response.
```http HTTP/1.1 204 No Content ```--
v1.0 Administrativeunit Delete Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-delete-scopedrolemembers.md
Title: "Remove a scopedRoleMember"
-description: "Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
+description: "Remove a Microsoft Entra role assignment with administrative unit scope."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
+Remove a Microsoft Entra role assignment with administrative unit scope.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.ReadWrite.Directory |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.ReadWrite.Directory |
+<!-- { "blockType": "permissions", "name": "administrativeunit_delete_scopedrolemembers" } -->
[!INCLUDE [rbac-admin-units-apis-write](../includes/rbac-for-apis/rbac-admin-units-apis-write.md)]
DELETE /administrativeUnits/{id}/scopedRoleMembers/{id}
## Request headers | Name | Description| |:|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id}/scopedRoleMembe
##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
HTTP/1.1 204 No Content
] } -->--
v1.0 Administrativeunit Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-delete.md
Title: "Delete administrativeUnit"
description: "Delete an administrativeUnit." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Delete an [administrativeUnit](../resources/administrativeunit.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_delete" } -->
[!INCLUDE [rbac-admin-units-apis-write](../includes/rbac-for-apis/rbac-admin-units-apis-write.md)]
DELETE /administrativeUnits/{id}
## Request headers | Name | Description| |:|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Example ### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id}
### Response
-Here is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Administrativeunit Delta https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-delta.md
Title: "administrativeUnit: delta"
description: "Get newly created, updated, or deleted administrative units without having to perform a full read of the entire resource collection." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Get newly created, updated, or deleted **administrativeUnits** without having to perform a full read of the entire resource collection. For details, see [Using delta query](/graph/delta-query-overview). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_delta" } -->
## HTTP request
This method supports the following OData query parameters to help customize the
## Request headers | Name | Description| |:|:-|
-| Authorization | Bearer &lt;token&gt;. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Administrativeunit Get Members https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-get-members.md
Title: "Get a member"
description: "Use this API to get a specific member (user, group, or device) in an administrative unit." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Use this API to get a specific member (user, group, or device) in an administrative unit. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_get_members" } -->
## HTTP request
GET /administrativeUnits/{id}/members/{id}
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a [user](../reso
## Example ### Request
-The following is an example of the request.
+The following example shows a request.
```msgraph-interactive GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/{id} ``` ### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. ```http
v1.0 Administrativeunit Get Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-get-scopedrolemembers.md
Title: "Get a scopedRoleMember"
-description: "Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
+description: "Get a Microsoft Entra role assignment with administrative unit scope."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
+Get a Microsoft Entra role assignment with administrative unit scope.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_get_scopedrolemembers" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
This method supports the [OData Query Parameters](/graph/query-parameters) to he
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and the requested [scopedRoleMembership](../resources/scopedrolemembership.md) object in the response body. ## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/scopedRoleMembers/
##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Administrativeunit Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-get.md
Title: "Get administrativeUnit"
description: "Retrieve the properties and relationships of an administrativeUnit object." ms.localizationpriority: medium+ doc_type: apiPageType
Retrieve the properties and relationships of an [administrativeUnit](../resource
Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can also use the `GET` operation to get custom properties and extension data in an **administrativeUnit** instance. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_get" } -->
[!INCLUDE [rbac-admin-units-apis-read](../includes/rbac-for-apis/rbac-admin-units-apis-read.md)]
This method supports the `$select` [OData query parameter](/graph/query-paramete
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
Content-type: application/json
} ```
-## See also
+## Related content
- [Add custom data to resources using extensions](/graph/extensibility-overview) - [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
v1.0 Administrativeunit List Members https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-list-members.md
Title: "List members"
description: "Use this API to get the members list (users, groups, and devices) in an administrative unit." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Use this API to get the members list (users, groups, and devices) in an administrative unit. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_list_members" } -->
> [!NOTE] > To view the members with a hidden membership in an administrative unit, the app must be granted the `Member.Read.Hidden` delegated or application permission.
GET /administrativeUnits/{id}/members
GET /administrativeUnits/{id}/members/$ref ``` ## Optional query parameters
-This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.
+This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.
`$search` is supported on the **displayName** and **description** properties only. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries). ## Request headers | Header |Value| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries). | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
-
+ ```http HTTP/1.1 200 OK Content-type: application/json
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/$ref
``` #### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
-
+ ```http HTTP/1.1 200 OK Content-type: application/json
Content-type: application/json
} ``` -
+<!-- {
+ "type": "#page.annotation",
+ "suppressions": [
+ "Error: /api/administrativeunit-list-members.md:
+ Failed to parse enumeration values for type microsoft.graph.list. Table requires a column header named one of the following: Member, Name, Value"
+ ]
+} -->
v1.0 Administrativeunit List Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-list-scopedrolemembers.md
Title: "List scopedRoleMembers"
-description: "List Azure Active Directory (Azure AD) role assignments with administrative unit scope."
+description: "List Microsoft Entra role assignments with administrative unit scope."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-List Azure Active Directory (Azure AD) role assignments with administrative unit scope.
+List Microsoft Entra role assignments with administrative unit scope.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_list_scopedrolemembers" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
This method supports the [OData Query Parameters](/graph/query-parameters) to he
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and collection of [scopedRoleMembership](../resources/scopedrolemembership.md) objects in the response body. ## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/scopedRoleMembers
##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Administrativeunit Post Members https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-post-members.md
Title: "Add a member"
description: "Use this API to add a member (user, group, or device) to an administrative unit." ms.localizationpriority: medium+ doc_type: apiPageType
Use this API to add a member (user, group, or device) to an administrative unit
**Note:** Currently, it's only possible to add one member at a time to an administrative unit.` + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). ### Permissions to add an existing user, group, or device
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | AdministrativeUnit.ReadWrite.All | |Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
-To add a user, group, or device to an administrative unit, the calling user must be assigned the *Privileged Role Administrator* [Azure AD role](/azure/active-directory/roles/permissions-reference).
+To add a user, group, or device to an administrative unit, the calling user must be assigned the *Privileged Role Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
### Permissions to create a new group
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Directory.ReadWrite.All | |Delegated (personal Microsoft account) | Not supported. | |Application | Directory.ReadWrite.All |
-To create a new group in an administrative unit, the calling user must be assigned the *Privileged Role Administrator* or *Groups Administrator* [Azure AD role](/azure/active-directory/roles/permissions-reference).
+To create a new group in an administrative unit, the calling user must be assigned the *Privileged Role Administrator* or *Groups Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
## HTTP request
POST /administrativeUnits/{id}/members
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | ### Adding an existing user or group
-In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added. If the administrative unit is a restricted management administrative unit (`isMemberManagementRestricted`=true), the group type must be an Azure AD security group. Only non-unified groups that are security enabled, not mail enabled, and not on-premises sync enabled are supported.
+In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added. If the administrative unit is a restricted management administrative unit (`isMemberManagementRestricted`=true), the group type must be a Microsoft Entra security group. Only non-unified groups that are security enabled, not mail enabled, and not on-premises sync enabled are supported.
### Creating a new group The following table shows the properties of the [group](../resources/group.md) resource to specify when you create a group in the administrative unit.
The following table shows the properties of the [group](../resources/group.md) r
|:|:--|:-| | displayName | string | The name to display in the address book for the group. Required. | | description | string | A description for the group. Optional. |
-| isAssignableToRole | Boolean | Set to **true** to enable the group to be assigned to an Azure AD role. Only Privileged Role Administrator and Global Administrator can set the value of this property. Optional. |
+| isAssignableToRole | Boolean | Set to **true** to enable the group to be assigned to a Microsoft Entra role. Only Privileged Role Administrator and Global Administrator can set the value of this property. Optional. |
| mailEnabled | boolean | Set to **true** for mail-enabled groups. Required. | | mailNickname | string | The mail alias for the group. These characters cannot be used in the mailNickName: `@()\[]";:.<>,SPACE`. Required. | | securityEnabled | boolean | Set to **true** for security-enabled groups, including Microsoft 365 groups. Required. |
The following table shows the properties of the [group](../resources/group.md) r
## Response
-If successful, adding an existing object (using `$ref`) returns `204 No Content` response code. It does not return anything in the response body.
+If successful, adding an existing object (using `$ref`) returns `204 No Content` response code. It doesn't return anything in the response body.
When creating a new group (without `$ref`), this method returns a `201 Created` response code and a [group](../resources/group.md) object in the response body. The response includes only the default properties of the group. You must supply the `"@odata.type" : "#microsoft.graph.group"` line in the request body to explicitly identify the new member as a group. A request body without the correct @odata.type returns a `400 Bad Request` error message.
When creating a new group (without `$ref`), this method returns a `201 Created`
The following will add an existing user or group to the administrative unit. #### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
In the request body, provide the `id` of the [user](../resources/user.md), [grou
#### Response
-The following is an example of the response.
-
+The following example shows the response.
+ <!-- { "blockType": "response", "truncated": true,
HTTP/1.1 204 No Content
The following example creates a new group in the administrative unit. You must supply the `"@odata.type" : "#microsoft.graph.group"` line in the request body to explicitly identify the new member as a group. A request body without the correct @odata.type returns a `400 Bad Request` error message. #### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
In the request body, provide the properties of the [group](../resources/group.md
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
Content-type: application/json
"preferredDataLocation": "CAN", "preferredLanguage": null, "proxyAddresses": [
- "SMTP:golfassist@contoso.onmicrosoft.com"
+ "SMTP:golfassist@contoso.com"
], "renewedDateTime": "2018-12-22T02:21:05Z", "resourceBehaviorOptions": [],
v1.0 Administrativeunit Post Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-post-scopedrolemembers.md
Title: "Add a scopedRoleMember"
-description: "Assign an Azure Active Directory (Azure AD) role with administrative unit scope."
+description: "Assign a Microsoft Entra role with administrative unit scope."
ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Assign an Azure Active Directory (Azure AD) role with administrative unit scope. For a list of roles that can be assigned with administrative unit scope, see [Assign Azure AD roles with administrative unit scope](/azure/active-directory/roles/admin-units-assign-roles).
+Assign a Microsoft Entra role with administrative unit scope. For a list of roles that can be assigned with administrative unit scope, see [Assign Microsoft Entra roles with administrative unit scope](/azure/active-directory/roles/admin-units-assign-roles).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.ReadWrite.Directory |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.ReadWrite.Directory |
+<!-- { "blockType": "permissions", "name": "administrativeunit_post_scopedrolemembers" } -->
[!INCLUDE [rbac-admin-units-apis-write](../includes/rbac-for-apis/rbac-admin-units-apis-write.md)]
POST /administrativeUnits/{id}/scopedRoleMembers
## Request headers | Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body In the request body, supply a JSON representation of [scopedRoleMembership](../resources/scopedrolemembership.md) object.
If successful, this method returns `201 Created` response code and [scopedRoleMe
## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
In the request body, supply a JSON representation of [scopedRoleMembership](../resources/scopedrolemembership.md) object. ##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Content-type: application/json
] } -->--
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/administrativeunit-update.md
Title: "Update administrativeunit"
description: "Update the properties of an administrativeUnit object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Update the properties of an [administrativeUnit](../resources/administrativeunit.md) object.++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | AdministrativeUnit.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "administrativeunit_update" } -->
-To update an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+To update an administrative unit, the calling principal must be assigned one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
* Privileged Role Administrator * Global Administrator
PATCH /directory/administrativeUnits/{id}
| Name |Description| |:-|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.
+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintains their previous values or be recalculated based on changes to other property values. For best performance, you shouldn't include existing values that haven't changed.
| Property | Type |Description| |:|:--|:-|
In the request body, supply the values for relevant fields that should be update
| membershipRule | String | Dynamic membership rule for the administrative unit. For more about the rules that you can use for dynamic administrative units and dynamic groups, see [Using attributes to create advanced rules](https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-groups-with-advanced-rules/).| | membershipRuleProcessingState | String | Used to control whether the dynamic membership rule is actively processed. Set to `On` when you want the dynamic membership rule to be active and `Paused` if you want to stop updating membership dynamically. | | membershipType | String | Membership type for the administrative unit. Can be `dynamic` or `assigned`. |
-| visibility | String | Visibility for the administrative unit. If not set, then the default is `public`. Can be set to `HiddenMembership`, which hides the membership from non-members. |
+| visibility | String | Visibility for the administrative unit. If not set, then the default is `public`. Can be set to `HiddenMembership`, which hides the membership from nonmembers. |
Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/update-administrativeunit-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [Java](#tab/java)
+ # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/update-administrativeunit-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-type: application/json
HTTP/1.1 204 No Content ```
-## See also
+## Related content
- [Add custom data to resources using extensions](/graph/extensibility-overview) - [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
HTTP/1.1 204 No Content
] } -->--
v1.0 Adminreportsettings Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminreportsettings-get.md
Title: "Get adminReportSettings"
description: "Get the tenant-level settings for Microsoft 365 reports." ms.localizationpriority: medium + doc_type: apiPageType
Get the tenant-level settings for Microsoft 365 reports.
> **Note:** For details about different report views and names, see [Microsoft 365 Reports in the admin center - Microsoft 365 Apps usage](/microsoft-365/admin/activity-reports/microsoft365-apps-usage). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:|
-| Delegated (work or school account) | ReportSettings.Read.All, ReportSettings.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | ReportSettings.Read.All, ReportSettings.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "adminreportsettings_get" } -->
-> **Note:** For delegated permissions to allow apps to get report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
+> **Note:** For delegated permissions to allow apps to get report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
## HTTP request
GET /admin/reportSettings
| Name | Description | | : | : |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [adminReportS
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/admin/reportSettings
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminreportsettings Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminreportsettings-update.md
Title: "Update adminReportSettings"
description: "Update tenant-level settings for Microsoft 365 reports." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Update tenant-level settings for Microsoft 365 reports. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|-||
-| Delegated (work or school account) | ReportSettings.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | ReportSettings.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "adminreportsettings_update" } -->
-> **Note:** For delegated permissions to allow apps to update report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
+> **Note:** For delegated permissions to allow apps to update report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
## HTTP request <!-- { "blockType": "ignored" } -->
PATCH /admin/reportSettings
| Name | Description | | : | :--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
If successful, this method returns a `204 No Content` response code.
## Examples
-The following is an example of a request that updates a tenant-level setting for Microsoft 365 reports.
+The following example shows a request that updates a tenant-level setting for Microsoft 365 reports.
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-length: 37
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response"
v1.0 Admintodo Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/admintodo-get.md
Title: "Get adminTodo"
description: "Read the properties and relationships of a Microsoft Graph adminTodo object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of a [adminTodo](../resources/admintodo.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|OrgSettings-Todo.Read.All, OrgSettings-Todo.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|OrgSettings-Todo.Read.All, OrgSettings-Todo.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "admintodo_get" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a [adminTodo](..
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/todo
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Admintodo Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/admintodo-update.md
Title: "Update adminTodo"
description: "Update the properties of a Microsoft Graph adminTodo object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of a [adminTodo](../resources/admintodo.md) object. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
PATCH /admin/todo
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `200 OK` response code and an updated [admi
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates List Deploymentaudiences https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-deploymentaudiences.md
Title: "List deploymentAudiences"
description: "Get a list of deploymentAudience objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of [deploymentAudience](../resources/windowsupdates-deploymentaudience.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_deploymentaudiences" } -->
+ ## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/windows/updates/deploymentAudiences
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates List Deployments https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-deployments.md
Title: "List deployments"
description: "Get a list of deployment objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of [deployment](../resources/windowsupdates-deployment.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_deployments" } -->
+ ## HTTP request
This method supports some of the [OData query parameters](/graph/query-parameter
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Adminwindowsupdates List Resourceconnections Operationalinsightsconnection https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-resourceconnections-operationalinsightsconnection.md
Title: "List operationalInsightsConnections"
description: "Get a list of the operationalInsightsConnection objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_resourceconnections_operationalinsightsconnection" } -->
+ ## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/m
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates List Resourceconnections https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-resourceconnections.md
Title: "List resourceConnections"
description: "Get a list of the resourceConnection objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the [resourceConnection](../resources/windowsupdates-resourceconnection.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_resourceconnections" } -->
+ ## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates List Updatableassets Azureaddevice https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-updatableassets-azureaddevice.md
Title: "List azureADDevice resources"
description: "Get a list of azureADDevice objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Get a list of [azureADDevice](../resources/windowsupdates-azureaddevice.md) obje
This operation filters on the fully qualified resource type, `microsoft.graph.windowsUpdates.azureADDevice`, which inherits from [updatableAsset](../resources/windowsupdates-updatableasset.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_updatableassets_azureaddevice" } -->
+ ## HTTP request
To use a query parameter on a property that is not inherited from [updatableAsse
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Adminwindowsupdates List Updatableassets Updatableassetgroup https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-updatableassets-updatableassetgroup.md
Title: "List updatableAssetGroup resources"
description: "Get a list of updatableAssetGroup objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Get a list of [updatableAssetGroup](../resources/windowsupdates-updatableassetgr
This operation filters on the fully qualified resource type, `microsoft.graph.windowsUpdates.updatableAssetGroup`, which inherits from [updatableAsset](../resources/windowsupdates-updatableasset.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_updatableassets_updatableassetgroup" } -->
+ ## HTTP request
This method supports some of the [OData query parameters](/graph/query-parameter
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Adminwindowsupdates List Updatableassets https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-updatableassets.md
Title: "List updatableAssets"
description: "Get a list of updatableAsset objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Listing updatable assets returns **updatableAsset** resources of the following d
Use [list azureADDevice resources](adminwindowsupdates-list-updatableassets-azureaddevice.md) or [list updatableAssetGroup resources](adminwindowsupdates-list-updatableassets-updatableassetgroup.md) to filter and get resources of only one of the derived types. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_updatableassets" } -->
+ ## HTTP request
To use a query parameter on a property that is not inherited from [updatableAsse
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Adminwindowsupdates List Updatepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-list-updatepolicies.md
Title: "List updatePolicies"
description: "Get a list of updatePolicy objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of [updatePolicy](../resources/windowsupdates-updatepolicy.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_list_updatepolicies" } -->
+ ## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/admin/windows/updates/updatePolicies
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates Post Deploymentaudiences https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-post-deploymentaudiences.md
Title: "Create deploymentAudience"
description: "Create a new deploymentAudience object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [deploymentAudience](../resources/windowsupdates-deploymentaudience.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_post_deploymentaudiences" } -->
+ ## HTTP request
POST /admin/windows/updates/deploymentAudiences
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `201 Created` response code and a [microsof
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-length: 4
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates Post Deployments https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-post-deployments.md
Title: "Create deployment"
description: "Create a new deployment object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [deployment](../resources/windowsupdates-deployment.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_post_deployments" } -->
+ ## HTTP request
POST /admin/windows/updates/deployments
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body In the request body, supply a JSON representation of the [deployment](../resources/windowsupdates-deployment.md) object.
-The following table shows the properties that are required when you create the [deployment](../resources/windowsupdates-deployment.md).
+The following table lists the properties that are required when you create the [deployment](../resources/windowsupdates-deployment.md).
|Property|Type|Description| |:|:|:|
v1.0 Adminwindowsupdates Post Resourceconnections Operationalinsightsconnection https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-post-resourceconnections-operationalinsightsconnection.md
Title: "Create operationalInsightsConnection"
description: "Create a new operationalInsightsConnection object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_post_resourceconnections_operationalinsightsconnection" } -->
+ ## HTTP request
POST /admin/windows/updates/resourceConnections
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
The following errors are possible:
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-length: 97
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Adminwindowsupdates Post Updatableassets Updatableassetgroup https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-post-updatableassets-updatableassetgroup.md
Title: "Create updatableAssetGroup"
description: "Create a new updatableAssetGroup object." ms.localizationpriority: medium+ doc_type: apiPageType
Create a new [updatableAssetGroup](../resources/windowsupdates-updatableassetgro
The **updatableAssetGroup** resource inherits from [updatableAsset](../resources/windowsupdates-updatableasset.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_post_updatableassets_updatableassetgroup" } -->
+ ## HTTP request
POST /admin/windows/updates/updatableAssets
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Adminwindowsupdates Post Updatepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/adminwindowsupdates-post-updatepolicies.md
Title: "Create updatePolicy"
description: "Create a new updatePolicy object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new [updatePolicy](../resources/windowsupdates-updatepolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|WindowsUpdates.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "adminwindowsupdates_post_updatepolicies" } -->
+ ## HTTP request
POST /admin/windows/updates/updatePolicies
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
If successful, this method returns a `201 Created` response code and an [microso
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-length: 835
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Agreement Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-delete.md
Title: "Delete agreement"
description: "Delete an agreement object." ms.localizationpriority: medium doc_type: apiPageType+
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Delete an [agreement](../resources/agreement.md) object.++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Agreement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_delete" } -->
[!INCLUDE [rbac-tou-apis](../includes/rbac-for-apis/rbac-tou-apis.md)]
DELETE /identityGovernance/termsOfUse/agreements/{id}
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ### Request
v1.0 Agreement Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-get.md
Title: "Get agreement"
description: "Retrieve the properties and relationships of an agreement object." ms.localizationpriority: medium doc_type: apiPageType+
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Retrieve the properties and relationships of an [agreement](../resources/agreement.md) object.++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Agreement.Read.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_get" } -->
[!INCLUDE [rbac-tou-apis](../includes/rbac-for-apis/rbac-tou-apis.md)]
This method supports the `$select` [OData query parameter](/graph/query-paramete
| Authorization | string | Bearer \{token\}. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and [agreement](../resources/agreement.md) object in the response body.
v1.0 Agreement List Acceptances https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-list-acceptances.md
Title: "List acceptances"
description: "Get the details about the acceptance records for a specific agreement." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get the details about the acceptance records for a specific agreement. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AgreementAcceptance.Read, AgreementAcceptance.Read.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_list_acceptances" } -->
## HTTP request
This method supports the `$select` and `$filter` OData query parameters to help
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Agreement List Files https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-list-files.md
Title: "List files (terms of use agreement files)"
description: "Retrieve all localized files related to an agreement." ms.localizationpriority: medium doc_type: apiPageType+
Namespace: microsoft.graph
Retrieve all files related to an agreement. This includes the default file and all localized files. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Agreement.Read.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_list_files" } -->
## HTTP request
This method supports some of the OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Agreement Post Files https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-post-files.md
Title: "Create agreementFileLocalization"
description: "Create a new localized agreement file." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Create a new localized agreement file. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Agreement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_post_files" } -->
## HTTP request
POST /agreements/{agreementsId}/files
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
v1.0 Agreement Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreement-update.md
Title: "Update agreement"
description: "Update the properties of an agreement object." ms.localizationpriority: medium doc_type: apiPageType+
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Update the properties of an [agreement](../resources/agreement.md) object.++ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Agreement.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "agreement_update" } -->
[!INCLUDE [rbac-tou-apis](../includes/rbac-for-apis/rbac-tou-apis.md)]
v1.0 Agreementfile Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreementfile-get.md
Title: "Get agreementFile"
description: "Retrieve the details of the default file for an agreement, including the language and version information. " ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the details of an agreement file, including the language and version information. The default file can have multiple versions, each with its own language, that can be retrieved by specifying the **Accept-Language** header. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Agreement.Read.All, Agreement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "agreementfile_get" } -->
## HTTP request
This method does not support any OData query parameters to help customize the re
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Agreementfile List Localizations https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/agreementfile-list-localizations.md
Title: "List agreementFileLocalizations"
description: "Get a list of the default and localized agreement files." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the default and localized agreement files. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|Agreement.Read.All, Agreement.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|Not supported.|
+<!-- { "blockType": "permissions", "name": "agreementfile_list_localizations" } -->
## HTTP request
This method does not support OData query parameters to help customize the respon
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/beta/agreements/94410bbf-3d3e-4683-8149-f034e55c
### Response
-The following is an example of the response
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Alert Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/alert-get.md
Title: "Get alert"
description: "Retrieve the properties and relationships of an alert object" ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the properties and relationships of an [alert](../resources/alert.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | SecurityEvents.Read.All, SecurityEvents.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | SecurityEvents.Read.All, SecurityEvents.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "alert_get" } -->
## HTTP request
GET /security/alerts/{id}
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an **alert** obj
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/security/alerts/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response", "truncated": false,
v1.0 Alert List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/alert-list.md
Title: "List alerts"
description: "Retrieve a list of alert objects." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve a list of [alert](../resources/alert.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | SecurityEvents.Read.All, SecurityEvents.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | SecurityEvents.Read.All, SecurityEvents.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "alert_list" } -->
## HTTP request
The following table lists the `$filter` keywords by each vendor name. Even thoug
| Microsoft Defender for Identity | Azure Advanced Threat Protection | | Azure Security Center | ASC | | Microsoft Defender for Cloud Apps | MCAS |
-| Azure Active Directory Identity Protection | IPC |
-| Azure Sentinel | Azure Sentinel |
+| Microsoft Entra ID Protection | IPC |
+| Microsoft Sentinel | Azure Sentinel |
| Microsoft Defender for Endpoint | Microsoft Defender ATP | | Office 365 | Not currently supported. |
To return an alternative property set, use the OData `$select` query parameter t
## Request body
-Do not supply a request body for this method. The request body will be ignored.
+Don't supply a request body for this method. The request body will be ignored.
## Response
If successful, this method returns a `200 OK` response code and collection of **
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/security/alerts
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
] } -->--
v1.0 Alert Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/alert-update.md
Title: "Update alert"
description: "Update an editable alert property within any integrated solution to keep alert status and assignments in sync across solutions." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Update an editable **alert** property within any integrated solution to keep alert status and assignments in sync across solutions. This method updates any solution that has a record of the referenced alert ID. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | SecurityEvents.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | SecurityEvents.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "alert_update" } -->
## HTTP request
If the optional request header is used, the method returns a `200 OK` response c
#### Request
-The following is an example of the request without the `Prefer` header.
+The following example shows a request without the `Prefer` header.
# [HTTP](#tab/http) <!-- {
v1.0 Alert Updatealerts https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/alert-updatealerts.md
Title: "alert: updateAlerts"
description: "Update multiple alerts in one request instead of multiple requests." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Update multiple alerts in one request instead of multiple requests. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-|Delegated (work or school account) | SecurityEvents.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | SecurityEvents.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "alert_updatealerts" } -->
## HTTP request
The following example shows how to call this API.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
> [!NOTE] > The response object shown here might be shortened for readability.
v1.0 Allowedvalue Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/allowedvalue-get.md
Title: "Get allowedValue"
description: "Read the properties and relationships of an allowedValue object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [allowedValue](../resources/allowedvalue.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.Read.All, CustomSecAttributeDefinition.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "allowedvalue_get" } -->
-The signed-in user must also be assigned one of the following [directory roles](/azure/active-directory/roles/permissions-reference):
+The signed-in user must also be assigned one of the following [directory roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
+ Attribute Definition Reader + Attribute Definition Administrator
This method supports the `$select` OData query parameter to help customize the r
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/directory/customSecurityAttributeDefinition
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Allowedvalue Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/allowedvalue-update.md
Title: "Update allowedValue"
description: "Update the properties of an allowedValue object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Update the properties of an [allowedValue](../resources/allowedvalue.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|CustomSecAttributeDefinition.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|CustomSecAttributeDefinition.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "allowedvalue_update" } -->
[!INCLUDE [rbac-customsecurityattibutes-apis-write](../includes/rbac-for-apis/rbac-customsecurityattibutes-apis-write.md)]
PATCH /directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefi
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body
Content-length: 80
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Appcatalogs List Teamsapps https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appcatalogs-list-teamsapps.md
Title: "List teamsApp"
-description: "List apps from the Microsoft Teams app catalog. "
+description: "List apps from the Microsoft Teams app catalog."
ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] List [apps](../resources/teamsapp.md) from the Microsoft Teams app catalog.
-This includes apps from the Microsoft Teams store, as well as apps from your organization's app catalog (the tenant app catalog). To get apps from your organization's app catalog only, specify `organization` as the **distributionMethod** in the request.
+It includes apps from the Microsoft Teams store, and apps from your organization's app catalog (the tenant app catalog). To get apps from your organization's app catalog only, specify `organization` as the **distributionMethod** in the request.
> [!NOTE] > In general, the **id** of a **teamsApp** resource is generated by the server. It is not the same as the **id** specified in a Teams app manifest, unless its **distributionMethod** is `store`. For other cases, the **id** provided by the developer as part of the Teams app manifest is stamped as the **externalId** in the **teamsApp** resource. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission Type | Permissions (from least to most privileged) |
-|:|:|
-| Delegated (work or school account) | AppCatalog.Submit, AppCatalog.Read.All, AppCatalog.ReadWrite.All, Directory.Read.All<sup>1</sup>, Directory.ReadWrite.All<sup>1</sup> |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | AppCatalog.Read.All, AppCatalog.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "appcatalogs_list_teamsapps" } -->
> **Note**:
-<br><sup>1</sup> These permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission and avoid using these permissions going forward.
+The Directory.Read.All and Directory.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission and avoid using these permissions going forward.
## HTTP request
GET /appCatalogs/teamsApps
This method supports the `$filter`, `$select`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.
-Using `$expand=AppDefinitions` will return more information about the state of the app, such as the **publishingState**, which reflects the app submission review status and returns whether an app has been approved, rejected, or remains under review.
+Using `$expand=AppDefinitions` returns more information about the state of the app, such as the **publishingState**, which reflects the app submission review status and returns whether an app is approved, rejected, or remains under review.
> **Note:** You can filter on any of the fields of the [teamsApp](../resources/teamsapp.md) object to shorten the list of results. You can use any of the following filter operations: Equal, not-equal, and, or, and not.
Using `$expand=AppDefinitions` will return more information about the state of t
| Header | Value | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
The following example lists all applications that are specific to your tenant.
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$filter=distributionM
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following example lists applications with a given ID.
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$filter=id eq 'b1c535
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following example lists applications that match the **id** specified in the
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$filter=externalId e
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-Type: application/json
### Example 4: List applications with a given ID, and return the submission review state
-The following example lists applications with a given ID, and expands **appDefinitions** to return the **publishingState**, which reflects the submission review state of the app. `Submitted` means the review is pending, `published` means the app was approved by the admin, and `rejected` means the app was rejected by the admin.
+The following example lists applications with a given ID, and expands **appDefinitions** to return the **publishingState**, which reflects the submission review state of the app. `Submitted` means the review is pending, `published` means the admin approved the app, and `rejected` means the the admin rejected the app.
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$filter=id eq '876df
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following example lists only those apps in the catalog that contain a bot.
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$expand=appDefinitio
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following example lists only those apps that can be installed in the persona
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$expand=appDefinitio
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
The following example lists the apps with a given ID and returns the resource-sp
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$filter=id+eq+'a5228
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-Type: application/json
} ```
-## See also
+### Example 8: List details of apps in the app catalog that contain dashboard cards
+
+The following example lists only apps in the app catalog that contain a dashboard card.
+
+#### Request
+
+The following example shows a request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_teamsapp_with_dashboardcards"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/appCatalogs/teamsApps?$expand=appDefinitions($expand=dashboardCards)&$filter=appDefinitions/any(a:a/dashboardCards/$count+ne+0)
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+
+The following example shows the response.
+
+<!-- {
+ "blockType": "response",
+ "@odata.type": "Collection(microsoft.graph.teamsApp)",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#appCatalogs/teamsApps(appDefinitions(dashboardCards()))",
+ "value": [
+ {
+ "id": "ff43cabf-9244-4260-a68e-5403ec648e96",
+ "externalId": "c8d1b752-2762-4e8c-9aba-3537d339e17a",
+ "displayName": "Dashboard Card App",
+ "distributionMethod": "organization",
+ "appDefinitions@odata.context": "https://graph.microsoft.com/beta/$metadata#appCatalogs/teamsApps('ff43cabf-9244-4260-a68e-5403ec648e96')/appDefinitions(dashboardCards())",
+ "appDefinitions": [
+ {
+ "id": "ZmY0M2NhYmYtOTI0NC00MjYwLWE2OGUtNTQwM2VjNjQ4ZTk2IyMxLjAuMCMjUHVibGlzaGVk",
+ "teamsAppId": "ff43cabf-9244-4260-a68e-5403ec648e96",
+ "azureADAppId": null,
+ "displayName": "Dashboard Card App",
+ "version": "1.0.0",
+ "requiredResourceSpecificApplicationPermissions": [],
+ "publishingState": "published",
+ "shortdescription": "Test app with dashboard cards",
+ "description": "Test app with dashboard cards",
+ "lastModifiedDateTime": null,
+ "allowedInstallationScopes": "team,groupChat,personal",
+ "serializedInternalDefinition": null,
+ "createdBy": null,
+ "authorization": {
+ "requiredPermissionSet": {
+ "resourceSpecificPermissions": []
+ }
+ },
+ "dashboardCards@odata.context": "https://graph.microsoft.com/beta/$metadata#appCatalogs/teamsApps('ff43cabf-9244-4260-a68e-5403ec648e96')/appDefinitions('ZmY0M2NhYmYtOTI0NC00MjYwLWE2OGUtNTQwM2VjNjQ4ZTk2IyMxLjAuMCMjUHVibGlzaGVk')/dashboardCards",
+ "dashboardCards": [
+ {
+ "id": "210a65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "displayName": "sample1",
+ "description": "this is the first sample of the card",
+ "pickerGroupId": "110a65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "defaultSize": "large",
+ "icon": {
+ "iconUrl": null,
+ "officeUIFabricIconName": "VivaLogo"
+ },
+ "contentSource": {
+ "sourceType": "bot",
+ "botConfiguration": {
+ "botId": "19806762-da13-422d-837a-f1061bc1f572"
+ }
+ }
+ },
+ {
+ "id": "210a65de-24ce-445e-9e1e-dd4ef0f0114a",
+ "displayName": "sample2",
+ "description": "Second sample of dashboard card.",
+ "pickerGroupId": "110b65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "defaultSize": "medium",
+ "icon": {
+ "iconUrl": "https://publiccdn.contoso.com/icons/card-icon.svg",
+ "officeUIFabricIconName": null
+ },
+ "contentSource": {
+ "sourceType": "bot",
+ "botConfiguration": {
+ "botId": "19806762-da13-422d-837a-f1061bc1f672"
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "id": "4c3aa29d-ea6b-4e68-9ae0-9e6f1251eea0",
+ "externalId": "c85a15d9-b835-49f4-99d6-a5cbe89734d3",
+ "displayName": "Dashboard Card Test",
+ "distributionMethod": "organization",
+ "appDefinitions@odata.context": "https://graph.microsoft.com/beta/$metadata#appCatalogs/teamsApps('4c3aa29d-ea6b-4e68-9ae0-9e6f1251eea0')/appDefinitions(dashboardCards())",
+ "appDefinitions": [
+ {
+ "id": "NGMzYWEyOWQtZWE2Yi00ZTY4LTlhZTAtOWU2ZjEyNTFlZWEwIyMxLjAuMCMjUHVibGlzaGVk",
+ "teamsAppId": "4c3aa29d-ea6b-4e68-9ae0-9e6f1251eea0",
+ "azureADAppId": null,
+ "displayName": "Dashboard Card Test",
+ "version": "1.0.0",
+ "requiredResourceSpecificApplicationPermissions": [],
+ "publishingState": "published",
+ "shortdescription": "Test app with dashboard cards",
+ "description": "Test app with dashboard cards",
+ "lastModifiedDateTime": null,
+ "allowedInstallationScopes": "team,groupChat,personal",
+ "serializedInternalDefinition": null,
+ "createdBy": null,
+ "authorization": {
+ "requiredPermissionSet": {
+ "resourceSpecificPermissions": []
+ }
+ },
+ "dashboardCards@odata.context": "https://graph.microsoft.com/beta/$metadata#appCatalogs/teamsApps('4c3aa29d-ea6b-4e68-9ae0-9e6f1251eea0')/appDefinitions('NGMzYWEyOWQtZWE2Yi00ZTY4LTlhZTAtOWU2ZjEyNTFlZWEwIyMxLjAuMCMjUHVibGlzaGVk')/dashboardCards",
+ "dashboardCards": [
+ {
+ "id": "210a65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "displayName": "sample1",
+ "description": "this is the first sample of the card",
+ "pickerGroupId": "110a65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "defaultSize": "large",
+ "icon": {
+ "iconUrl": null,
+ "officeUIFabricIconName": "VivaLogo"
+ },
+ "contentSource": {
+ "sourceType": "bot",
+ "botConfiguration": {
+ "botId": "19806762-da13-422d-837a-f1061bc1f572"
+ }
+ }
+ },
+ {
+ "id": "210a65de-24ce-445e-9e1e-dd4ef0f0114a",
+ "displayName": "sample2",
+ "description": "Second sample of dashboard card.",
+ "pickerGroupId": "110b65de-24ce-445e-9e1e-dd4ef0f0114b",
+ "defaultSize": "medium",
+ "icon": {
+ "iconUrl": "https://publiccdn.contoso.com/icons/card-icon.svg",
+ "officeUIFabricIconName": null
+ },
+ "contentSource": {
+ "sourceType": "bot",
+ "botConfiguration": {
+ "botId": "19806762-da13-422d-837a-f1061bc1f672"
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
+```
+
+## Related content
- [List apps installed in a team](team-list-installedapps.md) - [List apps installed in a chat](chat-list-installedapps.md)
v1.0 Appconsentapprovalroute List Appconsentrequests https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appconsentapprovalroute-list-appconsentrequests.md
Title: "List appConsentRequests"
description: "Retrieve appConsentRequest objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve [appConsentRequest](../resources/appconsentrequest.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All.|
+<!-- { "blockType": "permissions", "name": "appconsentapprovalroute_list_appconsentrequests" } -->
## HTTP request
This method supports theΓÇ»`$select`, `$skip`, `$top`, `$filter` (`eq`), and `$o
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentReq
#### Response
-The following is an example of the response. The response object includes all **appConsentRequest** objects that have at least one **userConsentRequest** that's `InProgress`, but doesn't expand the related **userConsentRequests** relationship.
+The following example shows the response. The response object includes all **appConsentRequest** objects that have at least one **userConsentRequest** that's `InProgress`, but doesn't expand the related **userConsentRequests** relationship.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Appconsentrequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appconsentrequest-filterByCurrentUser.md
Title: "appConsentRequest: filterByCurrentUser"
description: "Retrieve appConsentRequest objects for which the current user is the reviewer." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve a collection of [appConsentRequest](../resources/appconsentrequest.md) objects for which the current user is the reviewer and the status of the userConsentRequest for accessing the specified app is `InProgress`. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "appconsentrequest_filterByCurrentUser" } -->
## HTTP request
This function *requires* theΓÇ»`$filter` (`eq`) OData query parameter to return
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentReq
[!INCLUDE [sample-code](../includes/snippets/php/appconsentrequest-filterbycurrentuser-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/appconsentrequest-filterbycurrentuser-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Appconsentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appconsentrequest-get.md
Title: "Get appConsentRequest"
description: "Read the properties and relationships of an appConsentRequest object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [appConsentRequest](../resources/appconsentrequest.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "appconsentrequest_get" } -->
## HTTP request
This method supports theΓÇ»`$select` OData query parameter to help customize the
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Appconsentrequest List Userconsentrequests https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appconsentrequest-list-userconsentrequests.md
Title: "List userConsentRequests"
description: "Retrieve userConsentRequest objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve a collection of [userConsentRequest](../resources/userconsentrequest.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account)|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
-|Delegated (personal Microsoft account)|Not supported.|
-|Application|ConsentRequest.Read.All, ConsentRequest.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "appconsentrequest_list_userconsentrequests" } -->
## HTTP request
This method supports theΓÇ»`$select`, `$skip`, `$top`, `$filter` (`eq`), and `$o
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
v1.0 Appcredentialsigninactivity Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appcredentialsigninactivity-get.md
doc_type: apiPageType
description: "Get an appCredentialSignInActivity object that contains recent activity of an application credential." ms.localizationpriority: medium + # Get appCredentialSignInActivity
Namespace: microsoft.graph
Get an [appCredentialSignInActivity](../resources/appcredentialsigninactivity.md) object that contains recent activity of an application credential. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | AuditLog.Read.All, Directory.Read.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | AuditLog.Read.All, Directory.Read.All |
+<!-- { "blockType": "permissions", "name": "appcredentialsigninactivity_get" } -->
## HTTP request
This method does not support OData query parameters to help customize the respon
| Name | Description | | : | : |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [appCredentia
### Request
-The following is an example of a request that shows how to get an **appCredentialSignInActivity** object based on its ID.
+The following example shows a request that gets an **appCredentialSignInActivity** object based on its ID.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/reports/appCredentialSignInActivities/ODNmN
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Addkey https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-addkey.md
Title: "application: addKey"
description: "Add a key credential to an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Add a key credential to an [application](../resources/application.md). This meth
As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed.
-Applications that donΓÇÖt have any existing valid certificates (no certificates have been added yet, or all certificates have expired), wonΓÇÖt be able to use this service action. You can use the [Update application](../api/application-update.md) operation to perform an update instead.
+Applications that don't have any existing valid certificates (no certificates have been added yet, or all certificates have expired), won't be able to use this service action. You can use the [Update application](../api/application-update.md) operation to perform an update instead.
+ ## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_addkey" } -->
> [!NOTE] > An application does not need any specific permission to roll its own keys. ## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/addKey
POST /applications(appId='{appId}')/addKey
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body In the request body, provide the following required properties.
-| Property | Type |Description|
+| Property | Type |Description|
|:|:--|:-| | keyCredential | [keyCredential](../resources/keycredential.md) | The new application key credential to add. The __type__, __usage__ and __key__ are required properties for this usage. Supported key types are:<br><ul><li>`AsymmetricX509Cert`: The usage must be `Verify`.</li><li>`X509CertAndPassword`: The usage must be `Sign`</li></ul>| | passwordCredential | [passwordCredential](../resources/passwordcredential.md) | Only __secretText__ is required to be set which should contain the password for the key. This property is required only for keys of type `X509CertAndPassword`. Set it to `null` otherwise.|
-| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken). For more information about the claim types, see [Claims payload](/azure/active-directory/develop/active-directory-certificate-credentials).|
+| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>**aud**: Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>**iss**: Issuer needs to be the ID of the **application** that initiates the request.</li><li>**nbf**: Not before time.</li><li>**exp**: Expiration time should be the value of **nbf** + 10 minutes.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken). For more information about the claim types, see [Claims payload](/azure/active-directory/develop/active-directory-certificate-credentials).|
## Response
If successful, this method returns a `200 OK` response code and a new [keyCreden
#### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-Type: application/json
#### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Addpassword https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-addpassword.md
Title: "application: addPassword"
description: "Add a strong password to an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Adds a strong password to an [application](../resources/application.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-| Delegated (personal Microsoft account) | Application.ReadWrite.All |
-| Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_addpassword" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/addPassword
POST /applications(appId='{appId}')/addPassword
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
In the request body, provide an optional `passwordCredential` object with the fo
## Response
-If successful, this method returns a `200 OK` response code and a new [passwordCredential](../resources/passwordcredential.md) object in the response body. The **secretText** property in the response object contains the strong passwords generated by Azure Active Directory that are 16-64 characters in length. There is no way to retrieve this password in the future.
+If successful, this method returns a `200 OK` response code and a new [passwordCredential](../resources/passwordcredential.md) object in the response body. The **secretText** property in the response object contains the strong passwords generated by Microsoft Entra ID that are 16-64 characters in length. There is no way to retrieve this password in the future.
## Examples
The following example shows how to call this API.
### Request
-The following is an example of the request. The **id** that is specified in the request is the value of the **id** property of the application, not the value of the **appId** property.
+The following example shows a request. The **id** that is specified in the request is the value of the **id** property of the application, not the value of the **appId** property.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-type: application/json
"section": "documentation", "tocPath": "" }-->---
v1.0 Application Delete Owners https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-delete-owners.md
Title: "Remove owner"
description: "Remove an owner from an application." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Remove an owner from an [application](../resources/application.md). As a recommended best practice, apps should have at least two owners. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_delete_owners" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http DELETE /applications/{id}/owners/{id}/$ref
DELETE /applications(appId='{appId}')/owners/{id}/$ref
``` > [!CAUTION]
-> If `/$ref` is not appended to the request and the calling app has permissions to manage the user who is the app owner, the user will also be deleted from Azure Active Directory (Azure AD); otherwise, a `403 Forbidden` error is returned. You can restore deleted users through the [Restore deleted items API](directory-deleteditems-restore.md).
+> If `/$ref` is not appended to the request and the calling app has permissions to manage the user who is the app owner, the user will also be deleted from Microsoft Entra ID; otherwise, a `403 Forbidden` error is returned. You can restore deleted users through the [Restore deleted items API](directory-deleteditems-restore.md).
## Request headers | Name | Description| |:- |:- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body In the request body, supply the identifier of the directory object to be assigned as owner.
DELETE https://graph.microsoft.com/beta/applications/{id}/owners/{id}/$ref
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
HTTP/1.1 204 No Content
] } -->---
v1.0 Application Delete Tokenissuancepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-delete-tokenissuancepolicies.md
Title: "Remove tokenIssuancePolicy"
description: "Remove a tokenIssuancePolicy from an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Remove a [tokenIssuancePolicy](../resources/tokenissuancepolicy.md) from an [application](../resources/application.md). + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
DELETE /applications/{id}/tokenIssuancePolicies/{id}/$ref
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/applications/{id}/tokenIssuancePolicies/
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Application Delete Tokenlifetimepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-delete-tokenlifetimepolicies.md
Title: "Remove tokenLifetimePolicy"
description: "Remove a tokenLifetimePolicy from an application or servicePrincipal." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Remove a [tokenLifetimePolicy](../resources/tokenlifetimepolicy.md) from an [application](../resources/application.md) or [servicePrincipal](../resources/servicePrincipal.md). + ## Permissions One of the following sets of permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following sets of permissions is required to call this API. To learn
Token lifetime policies can be assigned to both applications and service principals.
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http
DELETE /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/{tokenLifetimeP
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/applications/3ccc9971-9ae7-45d6-8de8-263
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-delete.md
Title: "Delete application"
description: "Deletes an application." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Deletes an application. When deleted, apps are moved to a temporary container and can be restored within 30 days. After that time, they are permanently deleted. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "application_delete" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center. Replace `{applicationObjectId}` with the **id** for the application object.
<!-- { "blockType": "ignored" } --> ```http
DELETE /applications(appId='{appId}')
## Request headers | Name | Description| |:--|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/applications/{id}
##### Response
-Here is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response", "truncated": true
v1.0 Application Delta https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-delta.md
Title: "application: delta"
description: "Get newly created, updated, or deleted applications without having to perform a full read of the entire resource collection. See Using Delta Query for details." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Get newly created, updated, or deleted applications without having to perform a full read of the entire resource collection. See [Using Delta Query](/graph/delta-query-overview) for details. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "application_delta" } -->
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
## HTTP request
_id_ property is always returned.
## Request headers | Name | Description| |:|:-|
-| Authorization | Bearer &lt;token&gt;|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
### Response If successful, this method returns `200 OK` response code and [application](../resources/application.md) collection object in the response body. The response also includes a nextLink URL or a deltaLink URL. -- If a `@odata.nextLink` URL is returned, there are additional pages of data to be retrieved in the session. The application continues making requests using the `@odata.nextLink` URL until a `@odata.deltaLink` URL is included in the response.
+- If a `@odata.nextLink` URL is returned, there are more pages of data to be retrieved in the session. The application continues making requests by using the `@odata.nextLink` URL until a `@odata.deltaLink` URL is included in the response.
- If a `@odata.deltaLink` URL is returned, there is no more data about the existing state of the resource to be returned. Persist and use the `@odata.deltaLink` URL to learn about changes to the resource in the future. See:</br> - [Using Delta Query](/graph/delta-query-overview) for more details</br>-- [Get incremental changes for users](/graph/delta-query-users) for an example requests.</br>
+- [Get incremental changes for users](/graph/delta-query-users) for an example request.</br>
### Example ##### Request
v1.0 Application Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-get.md
Title: "Get application"
description: "Get the properties and relationships of an application object." ms.localizationpriority: high+ doc_type: apiPageType
Namespace: microsoft.graph
Get the properties and relationships of an [application](../resources/application.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "application_get" } -->
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All |
-|Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center. Replace `{applicationObjectId}` with the **id** for the application object.
<!-- { "blockType": "ignored" } --> ```http
The use of `$select` to get **keyCredentials** for applications has a throttling
## Request headers | Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [application]
### Example 1: Retrieve the properties of an application object #### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications/03ef14b0-ca33-4840-8f4f-d6e919
#### Response
-Here is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
### Example 2: Retrieve an application by its appId and only specific properties #### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications(appId='46e6adf4-a9cf-4b60-9390
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
GET https://graph.microsoft.com/beta/applications(appId='46e6adf4-a9cf-4b60-9390
#### Response
-Here is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Application List Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list-extensionproperty.md
Namespace: microsoft.graph
Retrieve the list of directory extension definitions, represented by [extensionProperty](../resources/extensionproperty.md) objects on an [application](../resources/application.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "application_list_extensionproperty" } -->
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All|
-|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All |
-|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
## HTTP request
This method supports the `$select` and `$filter` (`eq` on **name**) OData query
| Name | Description| |:--|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd2
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application List Federatedidentitycredentials https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list-federatedidentitycredentials.md
Title: "List federatedIdentityCredentials"
description: "Get a list of the federatedIdentityCredential objects and their properties." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get a list of the [federatedIdentityCredential](../resources/federatedidentitycredential.md) objects and their properties. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "application_list_federatedidentitycredentials" } -->
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.Read.All, Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http GET /applications/{id}/federatedIdentityCredentials
This method supports the `$filter` (`eq`) and `$select` [OData query parameters]
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/applications/bcd7c908-1c4d-4d48-93ee-ff3834
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Application List Owners https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list-owners.md
Title: "List owners"
description: "Retrieve a list of owners (directoryObject objects) for an application." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Retrieve a list of owners for an application that are [directoryObject](../resources/directoryobject.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_list_owners" } -->
[!INCLUDE [limited-info](../../includes/limited-info.md)] + ## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http GET /applications/{id}/owners
This method supports the [OData Query Parameters](/graph/query-parameters) to he
## Request headers | Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and collection of [directoryObject](../resources/directoryobject.md) objects in the response body. ## Example ##### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications/{id}/owners
##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Application List Tokenissuancepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list-tokenissuancepolicies.md
Title: "List assigned tokenIssuancePolicies"
description: "List tokenIssuancePolicies that are assigned to an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
List the [tokenIssuancePolicy](../resources/tokenissuancepolicy.md) objects that are assigned to an [application](../resources/application.md). + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http GET /applications/{id}/tokenIssuancePolicies
GET /applications(appId='{appId}')/tokenIssuancePolicies
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/applications/{id}/tokenIssuancePolicies
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Application List Tokenlifetimepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list-tokenlifetimepolicies.md
Title: "List assigned tokenLifetimePolicies"
description: "List tokenLifetimePolicies that are assigned to an application or servicePrincipal." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
List the [tokenLifetimePolicy](../resources/tokenlifetimepolicy.md) objects that are assigned to an [application](../resources/application.md) or [servicePrincipal](../resources/servicePrincipal.md). Only one object is returned in the collection because only one tokenLifetimePolicy can be assigned to an application. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
Token lifetime policies can be assigned to both applications and service principals.
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http
GET /servicePrincipals(appId='{appId}')/tokenLifetimePolicies
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications/3ccc9971-9ae7-45d6-8de8-263fd2
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Application List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-list.md
Title: "List applications"
description: "Get the list of applications in this organization." ms.localizationpriority: high+ doc_type: apiPageType
Get the list of [applications](../resources/application.md) in this organization
> [!NOTE] > When calling this API using tokens issued for a personal Microsoft account, it will return the apps owned by the personal Microsoft account. The notion of organizations doesn't exist for personal Microsoft accounts. To list applications owned by a specific personal Microsoft account, this API requires the *User.Read* permission in addition to *Application.Read.All* or *Application.ReadWrite.All*. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Application.Read.All and User.Read, Application.ReadWrite.All and User.Read | | Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.Read.All | + ## HTTP request
The use of `$select` to get **keyCredentials** for applications has a throttling
| Name | Description | |:- |:-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries). | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
#### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applications
#### Response
-Here is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
#### Request
-The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` because `$count` is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
+The following example shows a request. This request requires the **ConsistencyLevel** header set to `eventual` because `$count` is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
>**Note:** The `$count` and `$search` query parameters are currently not available in Azure AD B2C tenants.
+# [HTTP](#tab/http)
<!-- {
- "blockType": "ignored",
- "name": "get_count_only"
+ "blockType": "request",
+ "name": "get_count_only_beta_e2"
}--> ```msgraph-interactive GET https://graph.microsoft.com/beta/applications/$count ConsistencyLevel: eventual ```
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++ #### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
- "truncated": true
+ "truncated": true,
+ "@odata.type": "String"
} --> ```http HTTP/1.1 200 OK
Content-type: text/plain
#### Request
-The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` query string because the request has both the `$orderby` and `$filter` query parameters. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
+The following example shows a request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` query string because the request has both the `$orderby` and `$filter` query parameters. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
>**Note:** The `$count` and `$search` query parameters are currently not available in Azure AD B2C tenants.
ConsistencyLevel: eventual
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
#### Request
-The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` because `$search` and the `$count=true` query string is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
+The following example shows a request. This request requires the **ConsistencyLevel** header set to `eventual` because `$search` and the `$count=true` query string is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
>**Note:** The `$count` and `$search` query parameters are currently not available in Azure AD B2C tenants.
ConsistencyLevel: eventual
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
#### Request
-Here is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` because `$count` is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
+The following example shows a request. This request requires the **ConsistencyLevel** header set to `eventual` because `$count` is in the request. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on directory objects](/graph/aad-advanced-queries).
>**Note:** The `$count` and `$search` query parameters are currently not available in Azure AD B2C tenants.
ConsistencyLevel: eventual
#### Response
-Here is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Application Post Applications https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-applications.md
description: "Create a new application."
ms.localizationpriority: high doc_type: apiPageType+ # Create application
Create a new [application](../resources/application.md) object.
> > Do not share application client IDs (**appId**) in API documentation or code samples. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_post_applications" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
POST /applications
## Request headers | Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
If successful, this method returns `201 Created` response code and an [applicati
## Examples ### Request
-Here is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-Here is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
"groupMembershipClaims": null, "optionalClaims": null, "addIns": [],
- "publisherDomain": "contoso.onmicrosoft.com",
+ "publisherDomain": "contoso.com",
"samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app", "signInAudience": "AzureADandPersonalMicrosoftAccount", "tags": [],
Content-type: application/json
"enableIdTokenIssuance": false, "enableAccessTokenIssuance": false }
- },
+ },
"windows" : null } ```
v1.0 Application Post Calls https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-calls.md
Title: "Create call"
description: "Create a new call." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create [call](../resources/call.md) enables your bot to create a new outgoing peer-to-peer or group call, or join an existing meeting. You will need to [register the calling bot](/microsoftteams/platform/concepts/calls-and-meetings/registering-calling-bot) and go through the list of permissions needed.
+Create [call](../resources/call.md) enables your bot to create a new outgoing peer-to-peer or group call, or join an existing meeting. You need to [register the calling bot](/microsoftteams/platform/concepts/calls-and-meetings/registering-calling-bot) and go through the list of permissions needed.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/microsoftteams/platform/concepts/calls-and-meetings/registering-calling-bot#add-microsoft-graph-permissions).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:-|
-| Delegated (work or school account) | Not supported. |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Calls.JoinGroupCalls.Chat*, Calls.JoinGroupCallAsGuest.All, Calls.JoinGroupCall.All, Calls.Initiate.All, Calls.InitiateGroupCall.All |
+<!-- { "blockType": "permissions", "name": "application_post_calls" } -->
> **Notes:** > - For a call with app-hosted media, you need the Calls.AccessMedia.All permission in addition to one of the permissions listed in the previous table. > - Cloud Video Interop solutions that are [Certified for Microsoft Teams](/MicrosoftTeams/cloud-video-interop) have permission to call this API to join meetings for which they have meeting join links, similar to external users joining through a browser.
-> - Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
+> - The Calls.JoinGroupCalls.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
## HTTP request <!-- { "blockType": "ignored" } -->
POST /communications/calls
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required.| ## Request body
Content-Type: application/json
-`<Media Session Configuration>` is the serialized media session configuration which contains the session information of the media stack. Specific information about audio, video, VBSS session information should be passed here.
+`<Media Session Configuration>` is the serialized media session configuration, which contains the session information of the media stack. Specific information about audio, video, VBSS session information should be passed here.
The following is an example of an audio media session blob.
The following is an example of an audio media session blob.
#### Response
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-Type: application/json
### Example 3: Create a group call with service hosted media
-This supports up to 5 VoIP users. The example shows how to create a group call with two VoIP users.
+You can support up to 5 VoIP users. It shows how to create a group call with two VoIP users.
> **Note:** This example call needs the `Calls.InitiateGroupCalls.All` permission. The group call created doesn't support chat or recording. #### Request
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-Type: application/json
#### Response
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-Type: application/json
### Example 4: Create a group call with application hosted media
-This supports up to 5 VoIP users. The example shows how to create a group call with two VoIP users.
+You can support up 5 VoIP users. The example shows how to create a group call with two VoIP users.
> **Note:** This example call needs the `Calls.InitiateGroupCalls.All` permission. The group call created doesn't support chat or recording. #### Request
Content-Type: application/json
#### Response
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-Type: application/json
### Example 5: Join scheduled meeting with service hosted media
-To join the scheduled meeting we will need to get the thread ID, message ID, organizer ID and the tenant ID in which the meeting is scheduled.
+To join the scheduled meeting, you need to get the thread ID, message ID, organizer ID and the tenant ID in which the meeting is scheduled.
This information can be obtained from the [Get onlineMeeting](../api/onlinemeeting-get.md) API. The values of authorization token, callback URL, application ID, application name, user ID, user name, and tenant ID must be replaced along with the details obtained from the [Get onlineMeeting](../api/onlinemeeting-get.md) API with actual values to make the example work.
Content-Type: application/json
#### Response
+The following example shows the response.
<!-- { "blockType": "response", "truncated": "true",
Content-Type: application/json
>**Note:** For join meeting scenarios apart from call state notifications, we receive roster notifications. ### Example 6: Join a scheduled meeting with joinMeetingId and passcode
-The following shows an example that requires a **joinMeetingId** and a **passcode** to join an existing meeting. You can retrieve these properties from the [Get onlineMeeting](../api/onlinemeeting-get.md) API.
+The following example requires a **joinMeetingId** and a **passcode** to join an existing meeting. You can retrieve these properties from the [Get onlineMeeting](../api/onlinemeeting-get.md) API.
#### Request
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
#### Response+
+The following example shows the response.
<!-- { "blockType": "response", "name": "join-meeting-with-join-meeting-id-and-passcode",
Content-Type: application/json
``` ### Example 7: Join a scheduled meeting with joinMeetingId
-The following shows an example that requires a **joinMeetingId** but doesn't require a **passcode** to join an existing meeting. You can retrieve the **joinMeetingId** property from the [Get onlineMeeting](../api/onlinemeeting-get.md) API.
+The following example requires a **joinMeetingId** but doesn't require a **passcode** to join an existing meeting. You can retrieve the **joinMeetingId** property from the [Get onlineMeeting](../api/onlinemeeting-get.md) API.
#### Request
Content-Type: application/json
#### Response
+The following example shows the response.
<!-- { "blockType": "response", "name": "join-meeting-with-join-meeting-id-and-without-passcode",
To join the meeting with application hosted media, update the media config with
#### Request -
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
#### Response
+The following example shows the response
<!-- { "blockType": "response", "name": "join-meeting-app-hosted-media",
Content-Type: application/json
#### Response
+The following example shows the response.
<!-- { "blockType": "response", "name": "join-channel-meeting-service-hosted-media",
Content-Type: application/json
``` ### Example 10: Join channel meeting as a guest with service hosted media
-For joining a channel meeting as a guest you will need to create a guest [identity](../resources/identityset.md) and add it as the call source in the join meeting request.
+For joining a channel meeting as a guest, you need to create a guest [identity](../resources/identityset.md) and add it as the call source in the join meeting request.
The display name is the name you want to be displayed in the meeting for your guest identity. The ID may be a unique ID identifying the guest identity. > **Note:** This example needs the `Calls.JoinGroupCallsAsGuest.All` permission. #### Request -
+The following example shows a request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
Content-Type: application/json
#### Response
+The following example shows the response.
<!-- { "blockType": "response", "name": "join-channel-meeting-as-guest-service-hosted-media",
Content-Type: application/json
} ```
-> **Note:** The application will not receive the roster for participants in the meeting until its admitted from lobby.
+> **Note:** The application doesn't receive the roster for participants in the meeting until its admitted from lobby.
### Example 11: Create peer-to-peer PSTN call with service hosted media
Content-Type: application/json
#### Response
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
Content-Type: application/json
#### Response
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Application Post Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-extensionproperty.md
Namespace: microsoft.graph
Create a new directory extension definition, represented by an [extensionProperty](../resources/extensionproperty.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_post_extensionproperty" } -->
## HTTP request
POST /applications(appId='{appId}')/extensionProperties
## Request headers | Name | Description| |:--|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
In the request body, provide an [extensionProperty](../resources/extensionproper
| Property | Type | Description | |:-|:|:|
-|dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
+|dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>Not nullable. For multivalued directory extensions, these limits apply per value in the collection. |
|name|String| Name of the extension property. Not nullable. |
-|isMultiValued|Boolean| Defines the directory extension as a multi-valued property. When `true`, the directory extension property can store a collection of objects of the **dataType**; for example, a collection of integers. The default value is `false`.|
+|isMultiValued|Boolean| Defines the directory extension as a multi-valued property. When `true`, the directory extension property can store a collection of objects of the **dataType**; for example, a collection of string types such as `"extension_b7b1c57b532f40b8b5ed4b7a7ba67401_jobGroupTracker": ["String 1", "String 2"]`. The default value is `false`.|
|targetObjects|String collection| The Microsoft Graph resources that can use the extension property. All values must be in PascalCase. The following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`AdministrativeUnit`</li><li>`Application`</li><li>`Device`</li><li>`Organization`</li></ul>|
If successful, this method returns `201, Created` response code and a new [exten
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
v1.0 Application Post Federatedidentitycredentials https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-federatedidentitycredentials.md
Title: "Create federatedIdentityCredential"
description: "Create a new federatedIdentityCredential object for an application." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create a new [federatedIdentityCredential](../resources/federatedidentitycredential.md) object for an application. By [configuring a trust relationship](/azure/active-directory/develop/workload-identity-federation-create-trust) between your Azure AD application registration and the identity provider for your compute platform, you can use tokens issued by that platform to authenticate with Microsoft identity platform and call APIs in the Microsoft ecosystem. Maximum of 20 objects can be added to an application.
+Create a new [federatedIdentityCredential](../resources/federatedidentitycredential.md) object for an application. By [configuring a trust relationship](/azure/active-directory/develop/workload-identity-federation-create-trust) between your Microsoft Entra application registration and the identity provider for your compute platform, you can use tokens issued by that platform to authenticate with Microsoft identity platform and call APIs in the Microsoft ecosystem. Maximum of 20 objects can be added to an application.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_post_federatedidentitycredentials" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/federatedIdentityCredentials
POST /applications(appId='{appId}')/federatedIdentityCredentials
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
|Content-Type|application/json. Required.| ## Request body In the request body, supply a JSON representation of the [federatedIdentityCredential](../resources/federatedidentitycredential.md) object.
-The following table shows the properties that are required when you create the [federatedIdentityCredential](../resources/federatedidentitycredential.md).
+The following table lists the properties that are required when you create the [federatedIdentityCredential](../resources/federatedidentitycredential.md).
|Property|Type|Description| |:|:|:|
-|audiences|String collection|The audience that can appear in the external token. This field is mandatory and should be set to `api://AzureADTokenExchange` for Azure AD. It says what Microsoft identity platform should accept in the `aud` claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required.|
+|audiences|String collection|The audience that can appear in the external token. This field is mandatory and should be set to `api://AzureADTokenExchange` for Microsoft Entra ID. It says what Microsoft identity platform should accept in the `aud` claim in the incoming token. This value represents Microsoft Entra ID in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required.|
|issuer|String|TThe URL of the external identity provider and must match the issuer claim of the external token being exchanged. The combination of the values of **issuer** and **subject** must be unique on the app. It has a limit of 600 characters. Required.| |name|String|The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created|
-|subject|String|Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. It has a limit of 600 characters. The combination of **issuer** and **subject** must be unique on the app.|
+|subject|String|Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. It has a limit of 600 characters. The combination of **issuer** and **subject** must be unique on the app.|
Content-Type: application/json
] } ```-
v1.0 Application Post Onlinemeetings https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-onlinemeetings.md
Title: "Create onlineMeeting"
description: "Create an online meeting on behalf of a user specified in the request body." ms.localizationpriority: high+ doc_type: apiPageType
Namespace: microsoft.graph
Create an online meeting on behalf of a user. > [!TIP]
-> This API creates a standalone meeting that is not associated with any event on the user's calendar; therefore, meetings created via this API will not show on the user's calendar.
+>
+> * This API creates a standalone meeting that isn't associated with any event on the user's calendar; therefore, meetings created via this API aren't shown on the user's calendar.
+> * This API doesn't create a Teams live event.
+> * If you want to retrieve meeting transcripts, use the [Create event](../api/user-post-events.md#example-5-create-and-enable-an-event-as-an-online-meeting) API instead.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | :- |
-| Delegated (work or school account) | OnlineMeetings.ReadWrite |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | OnlineMeetings.ReadWrite.All* |
+<!-- { "blockType": "permissions", "name": "application_post_onlinemeetings" } -->
-To use application permission for this API, tenant administrators must create an [application access policy](/graph/cloud-communication-online-meeting-application-access-policy) and grant it to a user to authorize the app configured in the policy to create online meetings on behalf of that user (with user ID specified in the request path).
+To use the OnlineMeetings.ReadWrite.All application permission for this API, tenant administrators must create an [application access policy](/graph/cloud-communication-online-meeting-application-access-policy) and grant it to a user to authorize the app configured in the policy to create online meetings on behalf of that user (with user ID specified in the request path).
## HTTP request
POST /users/{userId}/onlineMeetings
``` > [!NOTE]
->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).
+>- **userId** is the object ID of a user in [Microsoft Entra admin center > user management page](https://entra.microsoft.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).
## Request headers | Name | Description | | :-- | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-type | application/json. Required. | | Accept-Language | Language. Optional. |
-If the request contains an `Accept-Language` HTTP header, the `content` of `joinInformation` will be in the language and locale variant specified in the `Accept-Language` header. The default content will be in English.
+If the request contains an `Accept-Language` HTTP header, the `content` of `joinInformation` will be in the language and locale variant specified in the `Accept-Language` header. The default content is in English.
## Request body In the request body, supply a JSON representation of an [onlineMeeting](../resources/onlinemeeting.md) object. > [!CAUTION] >
-> Assigning the `presenter` or `coorganizer` role to users who are not registered in Azure Active Directory is not currently supported.
+> Assigning the `presenter` or `coorganizer` role to users who aren't registered in Microsoft Entra ID isn't currently supported.
## Response If successful, this method returns a `201 Created` response code and an [onlineMeeting](../resources/onlinemeeting.md) object in the response body.
If successful, this method returns a `201 Created` response code and an [onlineM
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-Type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
Content-Type: application/json
} ```
-### Example 2: Create a Microsoft Teams live event with a user token
-
-#### Request
-
-The following is an example of a request.
-
-```http
-POST https://graph.microsoft.com/beta/me/onlineMeetings
-Content-Type: application/json
-
-{
- "subject":"User Token Live Event",
- "startDateTime":"2020-12-02T14:30:34.2444915+00:00",
- "endDateTime":"2020-12-02T15:00:34.2464912+00:00",
- "isBroadcast": true,
- "broadcastSettings": {
- "allowedAudience": "everyone",
- "isRecordingEnabled": true,
- "isAttendeeReportEnabled": true
- }
-}
-```
-
-#### Response
-
-The following is an example of the response.
-
-> **Note:** The response object shown here has been shortened for readability. All the properties will be returned from an actual call.
-
-```json
-{
- "id": "dc17674c-81d9-4adb-bfb2-8fa442e4622_19:meeting_MGQ4MDDYxODYzMmY2@thread.v2",
- "creationDateTime": "2020-12-02T14:30:34.2444915Z",
- "startDateTime": "2020-09-29T22:35:31.389759Z",
- "endDateTime": "2020-12-02T15:00:34.2464912Z",
- "joinWebUrl": "(redacted)",
- "subject": "User Token Live Event",
- "autoAdmittedUsers": "EveryoneInCompany",
- "isEntryExitAnnounced": true,
- "allowedPresenters": "organization",
- "videoTeleconferenceId": "(redacted)",
- "participants": {
- "organizer": {
- "upn": "(redacted)",
- "role": "producer",
- "identity": {
- "user": {
- "id": "dc174c-81d9-4adb-bfb2-8f6a4622",
- "displayName": null,
- "tenantId": "909581-5130-43e9-88f3-fccde38",
- "identityProvider": "AAD"
- }
- }
- },
- "attendees": [
- {
- "upn": "(redacted)",
- "role": "producer",
- "identity": {
- "user": {
- "id": "dc174c-81d9-4adb-bfb2-8442e4622",
- "displayName": null,
- "tenantId": "909581-5130-43e9-88f3-fcb3cde38",
- "identityProvider": "AAD"
- }
- }
- }
- ],
- "producers": [
- {
- "upn": "(redacted)",
- "role": "producer",
- "identity": {
- "user": {
- "id": "d7674c-81d9-4adb-bfb2-8f6a4622",
- "displayName": null,
- "tenantId": "909c81-5130-43e9-88f3-fcbcde38",
- "identityProvider": "AAD"
- }
- }
- }
- ],
- "contributors": []
- },
- "lobbyBypassSettings": {
- "scope": "organization",
- "isDialInBypassEnabled": false
- },
- "isBroadcast": true,
- "broadcastSettings": {
- "allowedAudience": "organization",
- "isRecordingEnabled": true,
- "isAttendeeReportEnabled": true
- },
- "joinMeetingIdSettings": {
- "isPasscodeRequired": false,
- "joinMeetingId": "1234567890",
- "passcode": null
- }
-}
-```
-
-### Example 3: Create an online meeting that requires a passcode
+### Example 2: Create an online meeting that requires a passcode
-The following example shows how to add a passcode to a meeting. The passcode is used when you join a meeting with a **joinMeetingId**. For more details, see [joinMeetingIdSettings](../resources/joinmeetingidsettings.md).
+The following example shows how to add a passcode to a meeting. The passcode is used when you join a meeting with a **joinMeetingId**. For more information, see [joinMeetingIdSettings](../resources/joinmeetingidsettings.md).
#### Request
-The following is an example of a request.
+The following example shows a request.
->**Note:** The passcode is automatically generated and a custom passcode is not supported.
+>**Note:** The passcode is automatically generated and a custom passcode isn't supported.
# [HTTP](#tab/http)
Content-Type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
Content-Type: application/json
} ```
+### Example 3: Create an online meeting that doesn't require a passcode
-### Example 4: Create an online meeting that does not require a passcode
-
-When **isPasscodeRequired** is set to `false` or when **joinMeetingIdSettings** is not specified in the request, the generated online meeting will not have a passcode.
+When **isPasscodeRequired** is set to `false` or when **joinMeetingIdSettings** isn't specified in the request, the generated online meeting won't have a passcode.
#### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-Type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
Content-Type: application/json
} ```
+### Example 4: Create an online meeting with a meeting template
+
+The following example shows how to create a meeting with a Microsoft Teams [meeting template](/microsoftteams/create-custom-meeting-template). Microsoft Teams custom meeting templates allow you to specify values for many of the meeting options that are available to meeting organizers.
+
+> [!CAUTION]
+>
+>- The template might lock some meeting options in the Teams UI. The enforcement of the lock takes place on the server side.
+>- Subsequent updates to the **onlineMeeting** can't overwrite the **meetingTemplateId** or locked meeting options.
+>- Using a custom meeting template to create a meeting is a Teams Premium feature.
+
+#### Request
+
+The following example shows a request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create-online-meeting-with-meeting-template"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/me/onlineMeetings
+Content-Type: application/json
+
+{
+ "startDateTime": "2019-07-12T14:30:34.2444915-07:00",
+ "endDateTime": "2019-07-12T15:00:34.2464912-07:00",
+ "subject": "User meeting",
+ "meetingTemplateId": "05b9ed5f-2ac3-4470-aae9-f4a0c30b1a4b"
+}
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+
+The following example shows the response.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.onlineMeeting"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('xxxxxxxx')/onlineMeetings/$entity",
+ "audioConferencing": {
+ "tollNumber": "+12345678",
+ "tollFreeNumber": "+12345",
+ "ConferenceId": "1234",
+ "dialinUrl": "https://dialin.teams.microsoft.com/xxxxxxx?id=2999"
+ },
+ "chatInfo": {
+ "threadId": "1xxxxxxxxxxxxxx%40thread.skype",
+ "messageId": "15629053",
+ "replyChainMessageId": null
+ },
+ "creationDateTime": "2019-07-11T02:17:17.6491364Z",
+ "startDateTime": "2019-07-11T02:17:17.6491364Z",
+ "endDateTime": "2019-07-11T02:47:17.651138Z",
+ "id": "MSpkYzE3Njc0Yy04MWQ5LTRhFpHRTNaR1F6WGhyZWFkLnYy",
+ "joinWebUrl": "https://teams.microsoft.com/l/meetup-join/19%3ameeting_M2IzYzczNTItYmY3iMjNlOTY4MGEz%40thread.skype/0?context=%7b%22Tid%22%3a%22f8bf-86f1-41af-91ab-2011db47%22%2c%22Oid%22%3a%20fae72-d251-43ec-86c-377304f%22%7d",
+ "participants": {
+ "organizer": {
+ "identity": {
+ "user": {
+ "id": "5e72-d251-43ec-868c-3732704f",
+ "tenantId": "72fbf-86f1-41af-91ab-2d71db47",
+ "displayName": "Mario Rogers"
+ }
+ },
+ "role": "presenter",
+ "upn": "upn-value"
+ }
+ },
+ "subject": "User meeting",
+ "meetingTemplateId": "05b9ed5f-2ac3-4470-aae9-f4a0c30b1a4b"
+}
+```
+ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Application Post Owners https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-owners.md
Title: "Add owner"
description: "Use this API to add an owner to an application." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Use this API to add an owner to an application by posting to the owners collection. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/owners/$ref
POST /applications(appId='{appId}')/owners/$ref
## Request headers | Name | Description| |:- |:- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body In the request body, supply the identifier of the directory object to be assigned as owner.
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability.
v1.0 Application Post Tokenissuancepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-tokenissuancepolicies.md
Title: "Assign tokenIssuancePolicy"
description: "Assign a tokenIssuancePolicy to an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Assign a [tokenIssuancePolicy](../resources/tokenissuancepolicy.md) to an [application](../resources/application.md). + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/tokenIssuancePolicies/$ref
POST /applications(appId='{appId}')/tokenIssuancePolicies/$ref
| Name | Description | |:--|:--|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
In the request body, supply the identifier of the [tokenIssuancePolicy](../resou
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-Type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Post Tokenlifetimepolicies https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-post-tokenlifetimepolicies.md
Title: "Assign tokenLifetimePolicy"
description: "Assign a tokenLifetimePolicy to an application or service principal." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Assign a [tokenLifetimePolicy](../resources/tokenlifetimepolicy.md) to an [application](../resources/application.md) or [servicePrincipal](../resources/servicePrincipal.md). You can have multiple tokenLifetimePolicy policies in a tenant but can assign only one tokenLifetimePolicy per application. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
Token lifetime policies can be assigned to both applications and service principals.
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http
POST /servicePrincipals(appId='{appId}')/tokenLifetimePolicies/$ref
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json | ## Request body
In the request body, supply the identifier of the [tokenLifetimePolicy](../resou
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-Type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Removekey https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-removekey.md
Title: "application: removeKey"
description: "Remove a key credential from an application" ms.localizationpriority: medium + doc_type: "apiPageType"
Remove a key credential from an [application](../resources/application.md). This
As part of the request validation for this method, a proof of possession of an existing key is verified before the action can be performed. + ## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_removekey" } -->
> [!NOTE] > An application does not need any specific permission to roll its own keys. ## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/removeKey
POST /applications(appId='{appId}')/removeKey
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--| | keyId | Guid | The unique identifier for the password.|
-| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).|
+| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>**aud**: Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>**iss**: Issuer needs to be the ID of the **application** that initiates the request.</li><li>**nbf**: Not before time.</li><li>**exp**: Expiration time should be the value of **nbf** + 10 minutes.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).|
## Response
The following is example shows how to call this API.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-Type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Removepassword https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-removepassword.md
Title: "application: removePassword"
description: "Remove a password from an application" ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Removes a password from an [application](../resources/application.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-| Delegated (personal Microsoft account) | Application.ReadWrite.All |
-| Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_removepassword" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/removePassword
POST /applications(appId='{appId}')/removePassword
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
The following is example shows how to call this API.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response"
v1.0 Application Setverifiedpublisher https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-setverifiedpublisher.md
Title: "application: setVerifiedPublisher"
description: "Set the verified publisher of an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Set the the [verifiedPublisher](../resources/verifiedPublisher.md) on an [application](../resources/application.md). For more information, including prerequisites to setting a verified publisher, see [Publisher verification](/azure/active-directory/develop/publisher-verification-overview). + ## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported |
-|Application | Not supported |
+<!-- { "blockType": "permissions", "name": "application_setverifiedpublisher" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/setVerifiedPublisher
POST /applications(appId='{appId}')/setVerifiedPublisher
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required.| ## Request body
If successful, this method returns a `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Unsetverifiedpublisher https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-unsetverifiedpublisher.md
Title: "application: unsetVerifiedPublisher"
description: "Unset the verified publisher of an application." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Unset the the [verifiedPublisher](../resources/verifiedPublisher.md) previously set on an [application](../resources/application.md), removing all verified publisher properties. For more information, see [Publisher verification](/azure/active-directory/develop/publisher-verification-overview).
+Unset the [verifiedPublisher](../resources/verifiedPublisher.md) previously set on an [application](../resources/application.md), removing all verified publisher properties. For more information, see [Publisher verification](/azure/active-directory/develop/publisher-verification-overview).
+ ## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported |
-|Application | Not supported |
+<!-- { "blockType": "permissions", "name": "application_unsetverifiedpublisher" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
<!-- { "blockType": "ignored" } --> ```http POST /applications/{id}/unsetVerifiedPublisher
POST /applications(appId='{appId}')/unsetVerifiedPublisher
| Name | Description | |:|:|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
POST https://graph.microsoft.com/beta/applications/{id}/unsetVerifiedPublisher
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Application Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-update.md
Title: "Update application"
description: "Update the properties of an application object." ms.localizationpriority: medium+ doc_type: apiPageType
Update the properties of an [application](../resources/application.md) object.
> [!IMPORTANT] > Using PATCH to set [**passwordCredential**](../resources/passwordcredential.md) is not supported. Use the [addPassword](./application-addpassword.md) and [removePassword](./application-removepassword.md) methods to update the password or secret for an application. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Application.ReadWrite.All |
-|Delegated (personal Microsoft account) | Application.ReadWrite.All |
-|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "application_update" } -->
## HTTP request
-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.
+You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center. Replace `{applicationObjectId}` with the **id** for the application object.
<!-- { "blockType": "ignored" } --> ```http
PUT /applications(appId='{appId}')/logo
## Request headers | Name | Description| |:--|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
In the request body, supply the values for relevant fields that should be update
| api | [apiApplication](../resources/apiapplication.md) | Specifies settings for an application that implements a web API. | | appRoles | [appRole](../resources/approle.md) collection | The collection of roles defined for the application. These roles can be assigned to users, groups, or service principals. Not nullable. | | displayName | String | The display name for the application. |
-| groupMembershipClaims | String | Configures the **groups** claim issued in a user or OAuth 2.0 access token that the application expects. To set this attribute, use one of the following valid string values:<ul><li>`None`</li><li>`SecurityGroup`: For security groups and Azure Active Directory (Azure AD) roles</li><li>`All`: This will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of</li></ul> |
-| identifierUris | String collection | The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. For more information, see [Application Objects and Service Principal Objects](/azure/active-directory/develop/app-objects-and-service-principals). The *any* operator is required for filter expressions on multi-valued properties. Not nullable. |
-| info | [informationalUrl](../resources/informationalurl.md) | Basic profile information of the application such as app's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see [Add Terms of service and privacy statement for registered Azure AD apps](/azure/active-directory/develop/howto-add-terms-of-service-privacy-statement). |
-| isFallbackPublicClient | Boolean | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is `false`, which means the fallback application type is confidential client such as web app. There are certain scenarios where Azure AD cannot determine the client application type (for example, [ROPC](https://tools.ietf.org/html/rfc6749#section-4.3) flow where it is configured without specifying a redirect URI). In those cases, Azure AD will interpret the application type based on the value of this property. |
+| groupMembershipClaims | String | Configures the **groups** claim issued in a user or OAuth 2.0 access token that the application expects. To set this attribute, use one of the following valid string values:<ul><li>`None`</li><li>`SecurityGroup`: For security groups and Microsoft Entra roles</li><li>`All`: This will get all of the security groups, distribution groups, and Microsoft Entra directory roles that the signed-in user is a member of</li></ul> |
+| identifierUris | String collection | The URIs that identify the application within its Microsoft Entra tenant, or within a verified custom domain if the application is multi-tenant. For more information, see [Application Objects and Service Principal Objects](/azure/active-directory/develop/app-objects-and-service-principals). The *any* operator is required for filter expressions on multi-valued properties. Not nullable. |
+| info | [informationalUrl](../resources/informationalurl.md) | Basic profile information of the application such as app's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see [Add Terms of service and privacy statement for registered Microsoft Entra apps](/azure/active-directory/develop/howto-add-terms-of-service-privacy-statement). |
+| isFallbackPublicClient | Boolean | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is `false`, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, [ROPC](https://tools.ietf.org/html/rfc6749#section-4.3) flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property. |
| keyCredentials | [keyCredential](../resources/keycredential.md) collection | The collection of key credentials associated with the application. Not nullable. | | logo | Stream | The main logo for the application. Not nullable. Use the PUT method to update the logo. |
-| onPremisesPublishing | [onPremisesPublishing](../resources/onpremisespublishing.md) | Represents the set of properties for configuring [Azure AD Application Proxy](/azure/active-directory/app-proxy/what-is-application-proxy) for an on-premises application. This property can only be set after the application has been created and cannot be updated in the same request as other application properties. |
-| optionalClaims | optionalClaims | Application developers can configure optional claims in their Azure AD apps to specify which claims they want in tokens sent to their application by the Microsoft security token service. See [optional claims](/azure/active-directory/develop/active-directory-optional-claims) for more information. |
+| onPremisesPublishing | [onPremisesPublishing](../resources/onpremisespublishing.md) | Represents the set of properties for configuring [Microsoft Entra application proxy](/azure/active-directory/app-proxy/what-is-application-proxy) for an on-premises application. This property can only be set after the application has been created and cannot be updated in the same request as other application properties. |
+| optionalClaims | optionalClaims | Application developers can configure optional claims in their Microsoft Entra apps to specify which claims they want in tokens sent to their application by the Microsoft security token service. See [optional claims](/azure/active-directory/develop/active-directory-optional-claims) for more information. |
| parentalControlSettings | [parentalControlSettings](../resources/parentalcontrolsettings.md) | Specifies parental control settings for an application. | | publicClient | [publicClientApplication](../resources/publicclientapplication.md) | Specifies settings for installed clients such as desktop or mobile devices. | | requiredResourceAccess | [requiredResourceAccess](../resources/requiredresourceaccess.md) collection | Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. Not nullable. | | samlMetadataUrl | String | The URL where the service exposes SAML metadata for federation. This property is valid only for single-tenant applications. |
-| signInAudience | String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (i.e. single tenant)</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (i.e. multi-tenant)</li> <li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant</li></ul> <br/>The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first. For more information, see [Validation differences for signInAudience](/azure/active-directory/develop/supported-accounts-validation?context=graph/context). |
+| signInAudience | String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organization's Microsoft Entra tenant (i.e. single tenant)</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organization's Microsoft Entra tenant (i.e. multi-tenant)</li> <li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organization's Microsoft Entra tenant</li></ul> <br/>The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first. For more information, see [Validation differences for signInAudience](/azure/active-directory/develop/supported-accounts-validation?context=graph/context). |
| spa | [spaApplication](../resources/spaapplication.md) | Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. | | tags | String collection | Custom strings that can be used to categorize and identify the application. Not nullable. |
-| tokenEncryptionKeyId | String | Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. |
+| tokenEncryptionKeyId | String | Specifies the keyId of a public key from the keyCredentials collection. When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. |
| uniqueName | String | The unique identifier that can be assigned to an application as an alternative identifier. Immutable. Read-only. | | web | [webApplication](../resources/webapplication.md) | Specifies settings for a web application. | | spa | [spaApplication](../resources/spaapplication.md) | Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. |
In the request body, supply the values for relevant fields that should be update
## Response If successful, this method returns a `204 No Content` response code and does not return anything in the response body.
-## Example
-##### Request
-Here is an example of the request.
+## Examples
+
+### Example 1: Update the displayName for an application
+
+#### Request
+The following request shows an example.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
-##### Response
+#### Response
<!-- { "blockType": "response"
Content-type: application/json
HTTP/1.1 204 No Content ```
-<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
-2015-10-25 14:57:30 UTC -->
-<!--
+
+### Example 2: Update the appRoles for an application
+
+The following example updates the **appRoles** collection for an application. To keep any existing app roles, include them in the request. Any existing objects in the collection that aren't included in the request are replaced with the new objects. This object is synchronized with the corresponding property of the service principal in the tenant.
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_application_approles"
+}-->
+```http
+PATCH https://graph.microsoft.com/beta/applications/fda284b5-f0ad-4763-8289-31a273fca865
+Content-type: application/json
+ {
- "type": "#page.annotation",
- "description": "Update application",
- "keywords": "",
- "section": "documentation",
- "tocPath": "",
- "suppressions": [
- ]
+ "appRoles": [
+ {
+ "allowedMemberTypes": [
+ "User",
+ "Application"
+ ],
+ "description": "Survey.Read",
+ "displayName": "Survey.Read",
+ "id": "ebb7c86c-fb47-4e3f-8191-420ff1b9de4a",
+ "isEnabled": false,
+ "origin": "Application",
+ "value": "Survey.Read"
+ }
+ ]
}>
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+
+<!-- {
+ "blockType": "response"
+} -->
+```http
+HTTP/1.1 204 No Content
+```
v1.0 Application Upsert https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/application-upsert.md
+
+ Title: "Upsert application"
+description: "Create a new application object if it doesn't exist, or update the properties of an existing application object."
+
+ms.localizationpriority: medium
+++
+# Upsert application
+
+Namespace: microsoft.graph
++
+Create a new [application](../resources/application.md) object if it doesn't exist, or update the properties of an existing [application](../resources/application.md) object.
+
+> [!IMPORTANT]
+> Using PATCH to set [**passwordCredential**](../resources/passwordcredential.md) is not supported. Use the [addPassword](./application-addpassword.md) and [removePassword](./application-removepassword.md) methods to update the password or secret for an application.
+
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "application_post_applications" } -->
+
+## HTTP request
+
+To create or update an application, specify the **uniqueName** client-provided alternate key.
+
+<!-- { "blockType": "ignored" } -->
+```http
+PATCH /applications(uniqueName='{uniqueName}')
+```
+
+## Request headers
+| Name | Description|
+|:--|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+| Prefer | `create-if-missing`. Required for upsert behavior, otherwise the request is treated as an update operation. |
+
+## Request body
+
+In the request body, supply a JSON representation of the [application](../resources/application.md) object. The request body must contain **displayName**, which is a required property. Specify other writable properties as necessary for your application, for creation or update.
+
+## Response
+
+If successful, if an application object with **uniqueName** doesn't exist, this method returns a `201 Created` response code and a new [application](../resources/application.md) object in the response body.
+
+If an application object with **uniqueName** already exists, this method updates the [application](../resources/application.md) object and returns a `204 No Content` response code.
+
+## Examples
+
+### Example 1: Create a new application if it doesn't exist
+
+The following example creates an application because an application with the specified **uniqueName** value doesn't exist.
+
+#### Request
+
+The following example shows a request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "upsert_application_create"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/applications(uniqueName='app-65278')
+Content-Type: application/json
+Prefer: create-if-missing
+
+{
+ "displayName": "Display name"
+}
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+### Response
+
+The following example shows the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.application"
+}
+-->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications/$entity",
+ "id": "03ef14b0-ca33-4840-8f4f-d6e91916010e",
+ "deletedDateTime": null,
+ "isFallbackPublicClient": null,
+ "appId": "631a96bc-a705-4eda-9f99-fdaf9f54f6a2",
+ "applicationTemplateId": null,
+ "identifierUris": [],
+ "createdDateTime": "2019-09-17T19:10:35.2742618Z",
+ "displayName": "Display name",
+ "isDeviceOnlyAuthSupported": null,
+ "groupMembershipClaims": null,
+ "optionalClaims": null,
+ "addIns": [],
+ "publisherDomain": "contoso.onmicrosoft.com",
+ "samlMetadataUrl": "https://graph.microsoft.com/2h5hjaj542de/app",
+ "signInAudience": "AzureADandPersonalMicrosoftAccount",
+ "tags": [],
+ "tokenEncryptionKeyId": null,
+ "api": {
+ "requestedAccessTokenVersion": 2,
+ "acceptMappedClaims": null,
+ "knownClientApplications": [],
+ "oauth2PermissionScopes": [],
+ "preAuthorizedApplications": []
+ },
+ "appRoles": [],
+ "publicClient": {
+ "redirectUris": []
+ },
+ "info": {
+ "termsOfServiceUrl": null,
+ "supportUrl": null,
+ "privacyStatementUrl": null,
+ "marketingUrl": null,
+ "logoUrl": null
+ },
+ "keyCredentials": [],
+ "parentalControlSettings": {
+ "countriesBlockedForMinors": [],
+ "legalAgeGroupRule": "Allow"
+ },
+ "passwordCredentials": [],
+ "requiredResourceAccess": [],
+ "uniqueName": "app-65278",
+ "web": {
+ "redirectUris": [],
+ "homePageUrl": null,
+ "logoutUrl": null,
+ "implicitGrantSettings": {
+ "enableIdTokenIssuance": false,
+ "enableAccessTokenIssuance": false
+ }
+ },
+ "windows" : null
+}
+```
+
+### Example 2: Update an existing application
+
+The following example updates the application because an application with the specified **uniqueName** value exists.
+
+#### Request
+
+The following example shows a request.
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "application_upsert_update"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/applications(uniqueName='app-65278')
+Content-Type: application/json
+Prefer: create-if-missing
+
+{
+ "displayName": "Display name"
+}
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+
+The following example shows the response.
+<!-- {
+ "blockType": "response"
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Applicationsignindetailedsummary Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/applicationsignindetailedsummary-get.md
Title: "Get applicationSignInDetailedSummary"
description: "Retrieve the properties and relationships of an applicationSignInDetailedSummary object." ms.localizationpriority: medium + doc_type: apiPageType
Namespace: microsoft.graph
Retrieve the properties and relationships of an [applicationSignInDetailedSummary](../resources/applicationsignindetailedsummary.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Reports.Read.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "applicationsignindetailedsummary_get" } -->
## HTTP request <!-- { "blockType": "ignored" } -->
This method supports the [OData query parameters](/graph/query-parameters) to he
| Authorization | Bearer {code} | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and an [applicationSignInDetailedSummary](../resources/applicationsignindetailedsummary.md) object in the response body.
If successful, this method returns a `200 OK` response code and an [applicationS
## Example ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/reports/applicationSignInDetailedSummary/{i
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Applicationtemplate Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/applicationtemplate-get.md
Title: "Get applicationTemplate"
description: "Retrieve the properties and relationships of applicationtemplate object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties of an [applicationTemplate](../resources/applicationtemplate.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | None. |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | None. |
+<!-- { "blockType": "permissions", "name": "applicationtemplate_get" } -->
-Additional permissions are not required to call this API, as long as your application has a valid access token to call Microsoft Graph.
+Additional permissions aren't required to call this API, as long as your application has a valid access token to call Microsoft Graph.
## HTTP request
For general information, see [OData query parameters](/graph/query-parameters).
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
The following is an example of the request.
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/applicationTemplates/{id}
+GET https://graph.microsoft.com/beta/applicationTemplates/00000007-0000-0000-c000-000000000000
``` # [C#](#tab/csharp)
GET https://graph.microsoft.com/beta/applicationTemplates/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json {
- "id" : "id-value",
- "displayName" : "displayName-value",
- "homePageUrl" : "homePageUrl-value",
- "supportedSingleSignOnModes" : ["supportedSingleSignOnModes-value"],
- "logoUrl" : "logoUrl-value",
- "categories" : ["categories-value"],
- "publisher" : "publisher-value",
- "description" : "description-value"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applicationTemplates/$entity",
+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET applicationTemplates('<guid>')?$select=appCategory,categories",
+ "id": "00000007-0000-0000-c000-000000000000",
+ "displayName": "Dynamics CRM Online",
+ "homePageUrl": "http://www.microsoft.com/dynamics/crm",
+ "supportedSingleSignOnModes": [
+ "oidc",
+ "external"
+ ],
+ "supportedProvisioningTypes": [],
+ "logoUrl": "https://az495088.vo.msecnd.net/app-logo/crm_215.png",
+ "categories": [
+ "crm",
+ "productivity",
+ "collaboration",
+ "businessMgmt"
+ ],
+ "publisher": "Microsoft Corporation",
+ "description": null,
+ "supportedClaimConfiguration": null,
+ "informationalUrls": {
+ "singleSignOnDocumentationUrl": null,
+ "appSignUpUrl": "http://go.microsoft.com/fwlink/?LinkId=252780"
+ }
} ```
v1.0 Applicationtemplate Instantiate https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/applicationtemplate-instantiate.md
Title: "applicationTemplate: instantiate"
-description: "Use this API to create a new applicationTemplate"
+description: "Add an instance of an application from the Microsoft Entra application gallery into your directory."
ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Add an instance of an application from the Azure AD application gallery into your directory. You can also use this API to instantiate [non-gallery apps](/azure/active-directory/manage-apps/add-non-gallery-app). Use the following ID for the **applicationTemplate** object: `8adf8e6e-67b2-4cf2-a259-e3dc5476c621`.
+Add an instance of an application from the [Microsoft Entra application gallery](../resources/applicationtemplate.md) into your directory.
+
+The application template with ID `8adf8e6e-67b2-4cf2-a259-e3dc5476c621` can be used to add a [non-gallery app](/azure/active-directory/manage-apps/add-non-gallery-app) that you can configure different single-sign on (SSO) modes like SAML SSO and password-based SSO.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+<!-- { "blockType": "permissions", "name": "applicationtemplate_instantiate" } -->
## HTTP request
The following example shows how to call this API.
### Request
-The following is an example of the request. The request URL specifies `8adf8e6e-67b2-4cf2-a259-e3dc5476c621` as the application template ID. This means the request is instantiating a non-gallery app.
+The following example shows a request. The request URL specifies `8adf8e6e-67b2-4cf2-a259-e3dc5476c621` as the application template ID. This means the request is instantiating a non-gallery app.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
Content-type: application/json
"section": "documentation", "tocPath": "" }-->-
v1.0 Applicationtemplate List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/applicationtemplate-list.md
Title: "List applicationTemplates"
description: "Retrieve a list of applicationtemplate objects." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of [applicationTemplate](../resources/applicationtemplate.md) objects from the Azure AD application gallery.
+Retrieve a list of [applicationTemplate](../resources/applicationtemplate.md) objects from the Microsoft Entra application gallery.
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | None. |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | None. |
+<!-- { "blockType": "permissions", "name": "applicationtemplate_list" } -->
-Additional permissions are not required to call this API, as long as your application has a valid access token to call Microsoft Graph.
+Additional permissions aren't required to call this API, as long as your application has a valid access token to call Microsoft Graph.
## HTTP request
For general information, see [OData query parameters](/graph/query-parameters).
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/applicationTemplates
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json {
- "value": [
- {
- "id" : "id-value",
- "displayName" : "displayName-value",
- "homePageUrl" : "homePageUrl-value",
- "supportedSingleSignOnModes" : ["supportedSingleSignOnModes-value"],
- "logoUrl" : "logoUrl-value",
- "categories" : ["categories-value"],
- "publisher" : "publisher-value",
- "description" : "description-value"
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applicationTemplates",
+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET applicationTemplates?$select=appCategory,categories",
+ "value": [
+ {
+ "id": "00000007-0000-0000-c000-000000000000",
+ "displayName": "Dynamics CRM Online",
+ "homePageUrl": "http://www.microsoft.com/dynamics/crm",
+ "supportedSingleSignOnModes": [
+ "oidc",
+ "external"
+ ],
+ "supportedProvisioningTypes": [],
+ "logoUrl": "https://az495088.vo.msecnd.net/app-logo/crm_215.png",
+ "categories": [
+ "crm",
+ "productivity",
+ "collaboration",
+ "businessMgmt"
+ ],
+ "publisher": "Microsoft Corporation",
+ "description": null,
+ "supportedClaimConfiguration": null,
+ "informationalUrls": {
+ "singleSignOnDocumentationUrl": null,
+ "appSignUpUrl": "http://go.microsoft.com/fwlink/?LinkId=252780"
+ }
+ }
+ ]
} ```
Content-type: application/json
"section": "documentation", "tocPath": "" }-->---
v1.0 Appmanagementpolicy Delete Appliesto https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-delete-appliesto.md
Title: "Remove appliesTo"
description: "Remove an appManagementPolicy from an application or service principal object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Remove an [appManagementPolicy](../resources/appManagementPolicy.md) policy object from an application or service principal object. When you remove the appManagementPolicy, the application or service principal adopts the tenant-wide [tenantAppManagementPolicy](../resources/tenantappmanagementpolicy.md) setting. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Application.Read.All and Policy.ReadWrite.ApplicationConfiguration | ## HTTP request
DELETE /servicePrincipals/{servicePrincipalObjectId}/appManagementPolicies/{appM
| Name | Description | | : | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Examples
If successful, this method returns `204 No Content` response code. It does not r
#### Request
-The following is an example of the request to remove an appManagementPolicy from an application.
+The following example shows a request to remove an appManagementPolicy from an application.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/applications/3ccc9971-9ae7-45d6-8de8-263
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
HTTP/1.1 204 No Content
#### Request
-The following is an example of the request to remove an appManagementPolicy from a service principal.
+The following example shows a request to remove an appManagementPolicy from a service principal.
DELETE https://graph.microsoft.com/beta/servicePrincipals/f284860e-368c-4a1f-889
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
DELETE https://graph.microsoft.com/beta/servicePrincipals/f284860e-368c-4a1f-889
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Appmanagementpolicy Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-delete.md
Title: "Delete appManagementPolicy"
description: "Delete an application management policy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Delete an [appManagementPolicy](../resources/appmanagementpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "appmanagementpolicy_delete" } -->
## HTTP request
DELETE /policies/appManagementPolicies/{id}
| Name | Description | | : | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Appmanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-get.md
Title: "Get appManagementPolicy"
description: "Get an application management policy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Read the properties of an [appManagementPolicy](../resources/appManagementPolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "appmanagementpolicy_get" } -->
## HTTP request
GET /policies/appManagementPolicies/{id}
| Name | Description | | : | : |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a single [appMan
### Request
-The following is an example of the request. From the response, the app management policy defines the following restrictions for application and service principal objects:
+The following example shows a request. From the response, the app management policy defines the following restrictions for application and service principal objects:
- Blocks creating of new passwords after 2019-10-19 at 10:37 AM UTC time. - Limits password secrets for apps created after 2019-10-19 at 10:37 AM UTC time to less than 4 days, 12 hours, 30 minutes and 5 seconds.
GET https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-type: application/json
}, { "restrictionType": "passwordLifetime",
- "maxLifetime": "P4DT12H30M5S",
+ "maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2017-10-19T10:37:00Z" }, {
Content-type: application/json
}, { "restrictionType": "symmetricKeyLifetime",
- "maxLifetime": "P4D",
+ "maxLifetime": "P30D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z" } ],
Content-type: application/json
"restrictionType": "asymmetricKeyLifetime", "maxLifetime": "P90D", "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "trustedCertificateAuthority",
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
+ "certificateBasedApplicationConfigurationIds": [
+ "eec5ba11-2fc0-4113-83a2-ed986ed13743",
+ "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
+ ],
+ "maxLifetime": null
} ] }
v1.0 Appmanagementpolicy List Appliesto https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-list-appliesto.md
Title: "List appliesTo"
description: "List resources assigned to an application management policy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
List application and service principal objects assigned an [appManagementPolicy](../resources/appManagementPolicy.md) policy object. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Application.Read.All and Policy.Read.All, Application.Read.All and Policy.ReadWrite.ApplicationConfiguration | ## HTTP request
For general information, see [OData query parameters](/graph/query-parameters).
| Name | Description | | : | : |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
#### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}/applies
#### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
Content-type: application/json
#### Request
-The following is an example of the request using $select query option.
+The following example shows a request using $select query option.
# [HTTP](#tab/http) <!-- {
v1.0 Appmanagementpolicy List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-list.md
Title: "List appManagementPolicies"
description: "Get a list of application management policies." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve a list of [appManagementPolicy](../resources/appManagementPolicy.md) objects. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.Read.All, Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "appmanagementpolicy_list" } -->
## Optional query parameters
GET /policies/appManagementPolicies
| Name | Description | | : | : |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/policies/appManagementPolicies
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-type: application/json
}, { "restrictionType": "passwordLifetime",
- "maxLifetime": "P4DT12H30M5S",
+ "maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2017-10-19T10:37:00Z" }, {
Content-type: application/json
}, { "restrictionType": "symmetricKeyLifetime",
- "maxLifetime": "P4D",
+ "maxLifetime": "P30D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z" } ],
Content-type: application/json
"restrictionType": "asymmetricKeyLifetime", "maxLifetime": "P90D", "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "trustedCertificateAuthority",
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
+ "certificateBasedApplicationConfigurationIds": [
+ "eec5ba11-2fc0-4113-83a2-ed986ed13743",
+ "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
+ ],
+ "maxLifetime": null
} ] }
v1.0 Appmanagementpolicy Post Appliesto https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-post-appliesto.md
Title: "Assign appliesTo"
description: "Assign a policy to application or service principal object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Assign an [appManagementPolicy](../resources/appManagementPolicy.md) policy object to an application or service principal object. The application or service principal adopts this policy over the tenant-wide [tenantAppManagementPolicy](../resources/tenantappmanagementpolicy.md) setting. Only one policy object can be assigned to an application or service principal. + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
| Delegated (personal Microsoft account) | Not supported. | | Application | Application.Read.All and Policy.ReadWrite.ApplicationConfiguration | ## HTTP request
POST /applications/{id}/appManagementPolicies/$ref
| Name | Description | | : | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
In the request body, provide a reference to a single policy object from the [app
## Response
-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns `204 No Content` response code. It doesn't return anything in the response body.
## Examples
If successful, this method returns `204 No Content` response code. It does not r
#### Request
-The following is an example of the request to assign an appManagementPolicy to an application.
+The following example shows a request to assign an appManagementPolicy to an application.
# [HTTP](#tab/http)
Content-type: application/json
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
HTTP/1.1 204 No Content
#### Request
-The following is an example of the request to assign an appManagementPolicy to a service principal.
+The following example shows a request to assign an appManagementPolicy to a service principal.
POST https://graph.microsoft.com/beta/servicePrincipals/{id}/appManagementPolici
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
POST https://graph.microsoft.com/beta/servicePrincipals/{id}/appManagementPolici
#### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Appmanagementpolicy Post https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-post.md
Title: "Create appManagementPolicy"
description: "Create an application management policy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Create an [appManagementPolicy](../resources/appManagementPolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "appmanagementpolicy_post" } -->
## HTTP request
POST /policies/appManagementPolicies
| Name | Description | | : | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | > [!IMPORTANT]
If successful, this method returns a `201 Created` response code with the new [a
### Request
-The following is an example of the request. This request created an app management policy with the following settings:
+The following example shows a request. This request created an app management policy with the following settings:
- Enables the policy. - Blocks creating of new passwords for applications and service principals created on or after 2019-10-19 at 10:37 AM UTC time.
POST https://graph.microsoft.com/beta/policies/appManagementPolicies
"description": "Cred policy sample", "isEnabled": true, "restrictions": {
- "passwordCredentials": [
- {
- "restrictionType": "passwordAddition",
- "maxLifetime": null,
- "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
- },
- {
- "restrictionType": "passwordLifetime",
- "maxLifetime": "P4DT12H30M5S",
- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
- },
- {
- "restrictionType": "symmetricKeyAddition",
- "maxLifetime": null,
- "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
- },
- {
- "restrictionType": "symmetricKeyLifetime",
- "maxLifetime": "P4D",
- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
- }
- ],
- "keyCredentials": [
- {
- "restrictionType": "asymmetricKeyLifetime",
- "maxLifetime": "P90D",
- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
- }
- ]
- }
+ "passwordCredentials": [
+ {
+ "restrictionType": "passwordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "passwordLifetime",
+ "maxLifetime": "P90D",
+ "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "symmetricKeyAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "symmetricKeyLifetime",
+ "maxLifetime": "P30D",
+ "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
+ }
+ ],
+ "keyCredentials": [
+ {
+ "restrictionType": "asymmetricKeyLifetime",
+ "maxLifetime": "P90D",
+ "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
+ },
+ {
+ "restrictionType": "trustedCertificateAuthority",
+ "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
+ "certificateBasedApplicationConfigurationIds": [
+ "eec5ba11-2fc0-4113-83a2-ed986ed13743",
+ "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
+ ],
+ "maxLifetime": null
+ }
+ ]
+ }
} ```
POST https://graph.microsoft.com/beta/policies/appManagementPolicies
[!INCLUDE [sample-code](../includes/snippets/php/create-appmanagementpolicy-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/create-appmanagementpolicy-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
POST https://graph.microsoft.com/beta/policies/appManagementPolicies
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
Content-type: application/json
}, { "restrictionType": "passwordLifetime",
- "maxLifetime": "P4DT12H30M5S",
+ "maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z" } ]
v1.0 Appmanagementpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/appmanagementpolicy-update.md
Title: "Update appManagementPolicy"
description: "Update an application management policy." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Update an [appManagementPolicy](../resources/appmanagementpolicy.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+<!-- { "blockType": "permissions", "name": "appmanagementpolicy_update" } -->
## HTTP request
PATCH /policies/appManagementPolicies/{id}
| Name | Description | | : | :-- |
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
| Content-Type | application/json. Required. | ## Request body
If successful, this method returns a `204 No Content` response code.
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
PATCH https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
[!INCLUDE [sample-code](../includes/snippets/php/update-appmanagementpolicy-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ # [Python](#tab/python) [!INCLUDE [sample-code](../includes/snippets/python/update-appmanagementpolicy-python-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
PATCH https://graph.microsoft.com/beta/policies/appManagementPolicies/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response",
v1.0 Approleassignment Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approleassignment-get.md
Title: "Get appRoleAssignment"
description: "Read the properties and relationships of an appRoleAssignment object." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Read the properties and relationships of an [appRoleAssignment](../resources/approleassignment.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+<!--
### For client service principals-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+<!--
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
One of the following permissions is required to call this API. To learn more, in
|Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All | ### For resource service principals-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+<!--
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All |
One of the following permissions is required to call this API. To learn more, in
|Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All | ### For groups-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+<!--
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Group.Read.All, Directory.Read.All, AppRoleAssignment.ReadWrite.All, Directory.ReadWrite.All |
One of the following permissions is required to call this API. To learn more, in
|Application | Group.Read.All, Directory.Read.All, AppRoleAssignment.ReadWrite.All, Directory.ReadWrite.All | ### For users-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+<!--
|Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | User.Read, User.ReadBasic.All, Directory.Read.All, AppRoleAssignment.ReadWrite.All | |Delegated (personal Microsoft account) | Not supported. | |Application | Directory.Read.All, AppRoleAssignment.ReadWrite.All |
+-->
+
+The following table shows the least privileged permission or permissions required to call this API on each supported resource type. Follow [best practices](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions) to request least privileged permissions. For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+
+| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:-|:-|:-|:-|
+| [group](../resources/group.md) | Group.Read.All | Not supported. | Group.Read.All |
+| [servicePrincipal](../resources/serviceprincipal.md) | Application.Read.All | Not supported. | Application.Read.All |
+| [user](../resources/user.md) | User.Read | Not supported. | Directory.Read.All |
++ ## HTTP request To get details of an appRole granted to a service principal:
This method supports the `$select` OData query parameter to help customize the r
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
GET https://graph.microsoft.com/beta/servicePrincipals(appId='00000003-0000-0000
#### Response
-The following is an example of the response. It shows a client service principal named **Postman** has been granted an app role with the ID **df021288-bdef-4463-88db-98f22de89214** which is the *User.Read.All* application permission, for the resource service principal named **Microsoft Graph**.
+The following example shows the response. It shows a client service principal named **Postman** has been granted an app role with the ID **df021288-bdef-4463-88db-98f22de89214** which is the *User.Read.All* application permission, for the resource service principal named **Microsoft Graph**.
>**Note:** The response object shown here might be shortened for readability. <!-- {
GET https://graph.microsoft.com/beta/servicePrincipals(appId='ceb96a54-de95-49a0
#### Response
-The following is an example of the response. It shows a client service principal named **Postman** has been granted an app role with the ID **df021288-bdef-4463-88db-98f22de89214** which is the *User.Read.All* application permission, for the resource service principal named **Microsoft Graph**.
+The following example shows the response. It shows a client service principal named **Postman** has been granted an app role with the ID **df021288-bdef-4463-88db-98f22de89214** which is the *User.Read.All* application permission, for the resource service principal named **Microsoft Graph**.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
GET https://graph.microsoft.com/beta/me/appRoleAssignments/Lo6gEKI-4EyAy9X91LBep
#### Response
-The following is an example of the response. It shows the signed-in user has the default app role for a resource service principal named *Postman*.
+The following example shows the response. It shows the signed-in user has the default app role for a resource service principal named *Postman*.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Approval Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approval-filterbycurrentuser.md
+
+ Title: "approval: filterByCurrentUser"
+description: "Get the approval resources."
+
+ms.localizationpriority: medium
+++
+# approval: filterByCurrentUser
+Namespace: microsoft.graph
++
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), return a collection of [access package assignment approvals](../resources/approval.md). The objects returned are those that are in scope for approval by the calling user.
+
+In [PIM for groups](../resources/privilegedidentitymanagement-for-groups-api-overview.md), return a collection of [assignment approvals](../resources/approval.md). The objects returned are those that are in scope for approval by the calling user.
+++
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+### For entitlement management
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+| Permission type | Permissions (from least to most privileged) |
+|:|:--|
+| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Not supported. |
+
+### For PIM for groups
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
+| Permission type | Permissions (from least to most privileged) |
+|:|:--|
+| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Not supported. |
+
+## HTTP request
+
+To retrieve the approval resources in entitlement management:
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/filterByCurrentUser(on='approver')
+```
+
+To retrieve the approval resources in PIM for groups:
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/privilegedAccess/group/assignmentApprovals/filterByCurrentUser(on='approver')
+```
+
+## Function parameters
+This method supports the OData query parameters for paging through a large result set. For general information, see [OData query parameters](/graph/query-parameters).
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|approvalFilterByCurrentUserOptions| The allowed value is `approver`. Required.|
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [approval](../resources/approval.md) objects in the response body.
+
+## Examples
+
+### Example 1: Retrieve the approval resources in entitlement management
+
+#### Request
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "approvalthis-filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/filterByCurrentUser(on='approver')
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.approval)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.approval",
+ "id": "368f6786-6786-368f-8667-8f3686678f36"
+ }
+ ]
+}
+```
+
+### Example 2: Retrieve the approval resources in PIM for groups
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "approvalthis-filterbycurrentuser_azureADGroup"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/privilegedAccess/group/assignmentApprovals/filterByCurrentUser(on='approver')
+```
+
+# [C#](#tab/csharp)
+
+# [CLI](#tab/cli)
+
+# [Go](#tab/go)
+
+# [Java](#tab/java)
+
+# [JavaScript](#tab/javascript)
+
+# [PHP](#tab/php)
+
+# [PowerShell](#tab/powershell)
+
+# [Python](#tab/python)
+++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.approval)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.approval",
+ "id": "46bc634a-0696-43c5-bc99-d568bc3c27f5",
+ "stages": [
+ {
+ "id": "46bc634a-0696-43c5-bc99-d568bc3c27f5",
+ "displayName": null,
+ "reviewedDateTime": null,
+ "reviewResult": "NotReviewed",
+ "status": "Completed",
+ "assignedToMe": true,
+ "justification": "",
+ "reviewedBy": null
+ }
+ ]
+ }
+ ]
+}
+```
v1.0 Approval Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approval-get.md
Title: "Get approval"
description: "Retrieve the properties of an approval object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties of an [approval](../resources/approval.md) object. This API request is made by an approver in the following scenarios: - In [entitlement management](../resources/entitlementmanagement-overview.md), providing the identifier of the [access package assignment request](../resources/accesspackageassignmentrequest.md).-- In [PIM for Azure AD roles](../resources/privilegedidentitymanagementv3-overview.md), providing the identifier of the [role assignment schedule request](../resources/unifiedroleassignmentschedulerequest.md).
+- In [PIM for Microsoft Entra roles](../resources/privilegedidentitymanagementv3-overview.md), providing the identifier of the [role assignment schedule request](../resources/unifiedroleassignmentschedulerequest.md).
- In [PIM for groups](../resources/privilegedidentitymanagement-for-groups-api-overview.md), providing the identifier of the [assignment schedule request](../resources/privilegedaccessgroupassignmentschedulerequest.md). + ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). ### For entitlement management-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
| Permission type | Permissions (from least to most privileged) | |:|:--| | Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All | | Delegated (personal Microsoft account) | Not supported. | | Application | Not supported. |
-### For PIM for Azure AD roles
+<a name='for-pim-for-azure-ad-roles'></a>
+### For PIM for Microsoft Entra roles
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
| Permission type | Permissions (from least to most privileged) | |:|:--| | Delegated (work or school account) | RoleAssignmentSchedule.Read.Directory, RoleAssignmentSchedule.ReadWrite.Directory |
One of the following permissions is required to call this API. To learn more, in
| Application | Not supported. | ### For PIM for groups-
+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
| Permission type | Permissions (from least to most privileged) | |:|:--| | Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
To get approval objects in entitlement management:
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id} ```
-To get approval objects in PIM for Azure AD roles:
+To get approval objects in PIM for Microsoft Entra roles:
<!-- { "blockType": "ignored" } --> ```http
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the requested [a
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Approval List Steps https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approval-list-steps.md
Title: "List approvalSteps"
description: "List approval steps associated with an approval object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
List the [approvalStep](../resources/approvalstep.md) objects associated with an [approval](../resources/approval.md). This API request is made by an approver in the following scenarios: - In [entitlement management](../resources/entitlementmanagement-overview.md), providing the identifier of the [access package assignment request](../resources/accesspackageassignmentrequest.md).-- In [PIM for Azure AD roles](../resources/privilegedidentitymanagementv3-overview.md), providing the identifier of the [role assignment schedule request](../resources/unifiedroleassignmentschedulerequest.md).
+- In [PIM for Microsoft Entra roles](../resources/privilegedidentitymanagementv3-overview.md), providing the identifier of the [role assignment schedule request](../resources/unifiedroleassignmentschedulerequest.md).
- In [PIM for groups](../resources/privilegedidentitymanagement-for-groups-api-overview.md), providing the identifier of the [assignment schedule request](../resources/privilegedaccessgroupassignmentschedulerequest.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow [best practices](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions) to request least privileged permissions. For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
### For entitlement management
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approval_list_steps" } -->
+
+<a name='for-pim-for-azure-ad-roles'></a>
-### For PIM for Azure AD roles
+### For PIM for Microsoft Entra roles
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleAssignmentSchedule.Read.Directory, RoleAssignmentSchedule.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approval_list_steps_2" } -->
### For PIM for groups
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approval_list_steps_3" } -->
## HTTP request
To list the approval steps in entitlement management:
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}/steps ```
-To list the approval steps in PIM for Azure AD roles:
+To list the approval steps in PIM for Microsoft Entra roles:
<!-- { "blockType": "ignored" } --> ```http
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Approvalstep Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approvalstep-get.md
Title: "Get approvalStep"
description: "Retrieve the properties of an approvalStep object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Retrieve the properties of an [approvalStep](../resources/approvalstep.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow [best practices](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions) to request least privileged permissions. For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
### Permissions required for calling this API for entitlement management
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_get" } -->
+
+<a name='for-pim-for-azure-ad-roles'></a>
-### For PIM for Azure AD roles
+### For PIM for Microsoft Entra roles
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleAssignmentSchedule.Read.Directory, RoleAssignmentSchedule.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_get_2" } -->
### Permissions required for calling this API for PIM for groups
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_get_3" } -->
## HTTP request
To get an approval step in entitlement management:
GET /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}/steps/{id} ```
-To get an approval step in PIM for Azure AD roles:
+To get an approval step in PIM for Microsoft Entra roles:
<!-- { "blockType": "ignored" } --> ```http
GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps/{i
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and the [approvalSte
### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Approvalstep Update https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/approvalstep-update.md
Title: "Update approvalStep"
description: "Apply approve or deny decision on an approvalStep object." ms.localizationpriority: medium + doc_type: "apiPageType"
Namespace: microsoft.graph
Apply approve or deny decision on an [approvalStep](../resources/approvalStep.md) object. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow [best practices](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions) to request least privileged permissions. For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
### Permissions required for calling this API for entitlement management
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | EntitlementManagement.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_update" } -->
+
+<a name='for-pim-for-azure-ad-roles'></a>
-### For PIM for Azure AD roles
+### For PIM for Microsoft Entra roles
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleAssignmentSchedule.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_update_2" } -->
### Permissions required for calling this API for PIM for groups
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Not supported. |
+<!-- { "blockType": "permissions", "name": "approvalstep_update_3" } -->
## HTTP request
To update an approval decision in entitlement management:
PATCH /identityGovernance/entitlementManagement/accessPackageAssignmentApprovals/{id}/steps/{id} ```
-To update an approval decision in PIM for Azure AD roles:
+To update an approval decision in PIM for Microsoft Entra roles:
<!-- { "blockType": "ignored" } --> ```http
PATCH /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps/
| Name |Description| |:-|:-|
-| Authorization | Bearer \{token\}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
The following table shows the properties that are required for this method.
## Response
-If successful, this method returns a `204 No Content` response code in the response body. However, if the caller does not have the right permissions, the method returns a `403 Forbidden` response code, or if the approval id is not found, the method returns `404 Not found`. If the request has already been approved by another approver in the same approval stage, the method returns `409 Conflict` in the response body.
+If successful, this method returns a `204 No Content` response code in the response body. However, if the caller doesn't have the right permissions, the method returns a `403 Forbidden` response code, or if the approval id isn't found, the method returns `404 Not found`. If the request has already been approved by another approver in the same approval stage, the method returns `409 Conflict` in the response body.
## Examples ### Request
-The following is an example of the request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
PATCH https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/
[!INCLUDE [sample-code](../includes/snippets/go/patch-approvalstep-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [Java](#tab/java)
+ # [PHP](#tab/php) [!INCLUDE [sample-code](../includes/snippets/php/patch-approvalstep-php-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
PATCH https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/
### Response
-The following is an example of the response.
+The following example shows the response.
> **Note:** The response object shown here might be shortened for readability.
v1.0 Assignedcomputeinstancedetails Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/assignedcomputeinstancedetails-get.md
+
+ Title: "Get assignedComputeInstanceDetails"
+description: "Read the properties and relationships of an assignedComputeInstanceDetails object for an AWS open security group finding."
++
+ms.localizationpriority: medium
++
+# Get assignedComputeInstanceDetails
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [assignedComputeInstanceDetails](../resources/assignedcomputeinstancedetails.md) object and its properties for an AWS open security group finding.
++
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "assignedcomputeinstancedetails_get" } -->
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/permissionsAnalytics/aws/findings/{id}/microsoft.graph.openAwsSecurityGroupFinding/assignedComputeInstancesDetails/{id}
+```
+
+## Optional query parameters
+This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [assignedComputeInstanceDetails](../resources/assignedcomputeinstancedetails.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_assignedcomputeinstancedetails"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/permissionsAnalytics/aws/findings/MSxPcGVuQXdzU2VjdXJpdHlHcm91cEZpbmRpbmcsNzE3MTg1/microsoft.graph.openAwsSecurityGroupFinding/assignedComputeInstancesDetails/YXJuOmF3czplYzI6dXMtd2VzdC0yOjk1Njk4Nzg4NzczNTppbnN0YW5jZS9pLTBkNWY1OTU5OGVkZjQzNDBl
+```
+
+# [JavaScript](#tab/javascript)
+++
+### Response
+
+The following example shows the response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.assignedComputeInstanceDetails"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+ {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.assignedComputeInstanceDetails)",
+ "id": "YXJuOmF3czplYzI6dXMtd2VzdC0yOjk1Njk4Nzg4NzczNTppbnN0YW5jZS9pLTBkNWY1OTU5OGVkZjQzNDBl",
+ "assignedComputeInstance": {
+ "id": "YXJuOmF3czplYzI6dXMtd2VzdC0yOjk1Njk4Nzg4NzczNTppbnN0YW5jZS9pLTBkNWY1OTU5OGVkZjQzNDBl",
+ "externalId": "arn:aws:ec2:us-west-2:956987887735:instance/i-0d5f59598edf4340e",
+ "displayName": "sg-test-ami",
+ "resourceType": "instance"
+ },
+ "accessedStorageBuckets": []
+}
+```
v1.0 Associatedteaminfo List https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/associatedteaminfo-list.md
Title: "List associatedTeamInfo"
description: "Get the list of teams in Microsoft Teams that a user is associated with." ms.localizationpriority: high+ doc_type: apiPageType
Currently, a [user](../resources/user.md) can be associated with a [team](../res
* A [user](../resources/user.md) can be a direct member of a [team](../resources/team.md). * A [user](../resources/user.md) can be a member of a shared [channel](../resources/channel.md) that is hosted inside a [team](../resources/team.md). + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-|Permission type|Permissions (from least to most privileged)|
-|:|:|
-|Delegated (work or school account) | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All|
+<!-- { "blockType": "permissions", "name": "associatedteaminfo_list" } -->
> **Note:** Currently, with user delegated permissions, this operation only works for the `me` user. With application permissions, it works for all users by specifying the specific user ID (`me` alias is not supported with application permissions).
GET /users/{user-id}/teamwork/associatedTeams
``` ## Optional query parameters
-This method does not currently support the [OData query parameters](/graph/query-parameters) to customize the response.
+This method doesn't currently support the [OData query parameters](/graph/query-parameters) to customize the response.
## Request headers |Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http)
GET https://graph.microsoft.com/beta/me/teamwork/associatedTeams
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Attachment Createuploadsession https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attachment-createuploadsession.md
Title: "attachment: createUploadSession"
description: "Create an upload session to iteratively upload ranges of a file so as to attach the file to the specified message." ms.localizationpriority: medium + doc_type: "apiPageType"
See [attach large files to Outlook messages or events](/graph/outlook-large-atta
> Be aware of a [known issue](https://developer.microsoft.com/en-us/graph/known-issues/?search=13644) if you're attaching a large file to a message or event in a shared or delegated mailbox. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | Mail.ReadWrite |
-| Delegated (personal Microsoft account) | Mail.ReadWrite |
-| Application | Mail.ReadWrite |
+<!-- { "blockType": "permissions", "name": "attachment_createuploadsession" } -->
## HTTP request
POST /me/messages/{id}/attachments/createUploadSession
| Name | Description | |:--|:--|
-| Authorization | Bearer {token} |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
v1.0 Attachment Delete https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attachment-delete.md
Title: "Delete attachment"
description: "Delete an attachment from a calendar event, message, Outlook task, or post." ms.localizationpriority: medium doc_type: apiPageType+
Namespace: microsoft.graph
Delete an attachment from a user calendar [event](../resources/event.md), [message](../resources/message.md), [Outlook task](../resources/outlooktask.md), or [post](../resources/post.md). + ## Permissions Depending on the resource (**event**, **message**, **outlookTask**, or **post**) that the attachment is attached to and the permission type (delegated or application) requested, the permission specified in the following table is the least privileged required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
DELETE /groups/{id}/conversations/{id}/threads/{id}/posts/{id}/attachments/{id}
| Name | Description| |:|:-|
-| Authorization | Bearer {token}. Required. |
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.
## Example ### Request
-The following is an example of the request to delete an attachment on an event.
+The following example shows a request to delete an attachment on an event.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/me/events/{id}/attachments/{id}
### Response
-The following is an example of the response.
+The following example shows the response.
<!-- { "blockType": "response", "truncated": true
v1.0 Attachment Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attachment-get.md
description: "Read the properties and relationships of an attachment, attached t
ms.localizationpriority: medium doc_type: apiPageType + # Get attachment
An attachment can be one of the following types:
All these types of attachments are derived from the [attachment](../resources/attachment.md) resource. + ### Get the raw contents of a file or item attachment You can append the path segment `/$value` to get the raw contents of a file or item attachment.
Use `$expand` to get the properties of an item attachment (contact, event, or me
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If you're getting the raw contents of a file or item attachment, the response bo
#### Request
-Here is an example of the request to get the properties of a file attachment on a message.
+The following example shows a request to get the properties of a file attachment on a message.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/me/messages/AAMkAGUzY5QKjAAA=/attachments/A
#### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "name": "get_file_attachment_beta",
GET https://graph.microsoft.com/beta/me/messages/AAMkADA1M-zAAA=/attachments/AAM
#### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "name": "get_item_attachment",
GET https://graph.microsoft.com/beta/me/messages/AAMkADA1M-zAAA=/attachments/AAM
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
GET https://graph.microsoft.com/beta/me/messages/AAMkADA1M-zAAA=/attachments/AAM
#### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "name": "get_and_expand_item_attachment",
Content-type: application/json
"sender":{ "emailAddress":{ "name":"Adele Vance",
- "address":"AdeleV@contoso.onmicrosoft.com"
+ "address":"AdeleV@contoso.com"
} }, "from":{ "emailAddress":{ "name":"Adele Vance",
- "address":"AdeleV@contoso.onmicrosoft.com"
+ "address":"AdeleV@contoso.com"
} }, "toRecipients":[ { "emailAddress":{ "name":"Alex Wilbur",
- "address":"AlexW@contoso.onmicrosoft.com"
+ "address":"AlexW@contoso.com"
} } ],
Content-type: application/json
{ "emailAddress":{ "name":"Adele Vance",
- "address":"AdeleV@contoso.onmicrosoft.com"
+ "address":"AdeleV@contoso.com"
} } ],
GET https://graph.microsoft.com/beta/me/messages/AAMkADA1M-zAAA=/attachments/AAM
[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)
Content-type: application/json
#### Request
-Here is an example of the request to get a reference attachment on an event.
+The following example shows a request to get a reference attachment on an event.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/me/events/AAMkAGE1M88AADUv0uAAAG=/attachmen
#### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+The following example shows the response. Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "name": "get_reference_attachment",
Content-type: application/json
#### Request
-Here is an example of the request to get the raw contents of a Word file that has been attached to a message.
+The following example shows a request to get the raw contents of a Word file that has been attached to a message.
<!-- { "blockType": "ignored", "name": "get_value_file_attachment",
GET https://graph.microsoft.com/beta/me/messages/AAMkAGUzY5QKjAAA=/attachments/A
``` #### Response
-Here is an example of the response.
+The following example shows the response.
The actual response body includes the raw bytes of the file attachment, which are abbreviated here for brevity. <!-- {
HTTP/1.1 200 OK
#### Request
-Here is an example of the request to get the raw contents of a contact item that has been attached to a message.
+The following example shows a request to get the raw contents of a contact item that has been attached to a message.
<!-- { "blockType": "ignored", "name": "get_value_contact_attachment",
GET https://graph.microsoft.com/beta/me/messages/AAMkADI5MAAGjk2PxAAA=/attachmen
``` #### Response
-Here is an example of the response.
+The following example shows the response.
<!-- { "blockType": "ignored",
END:VCARD
#### Request
-Here is an example of the request to get the raw contents of an event that has been attached to a message.
+The following example shows a request to get the raw contents of an event that has been attached to a message.
<!-- { "blockType": "ignored", "name": "get_value_event_attachment",
GET https://graph.microsoft.com/beta/me/messages/AAMkADVIOAAA=/attachments/AAMkA
``` #### Response
-Here is an example of the response.
+The following example shows the response.
<!-- { "blockType": "ignored",
END:VCALENDAR
#### Request
-Here is an example of the request to get the raw contents of a meeting invitation (of the [eventMessage](../resources/eventmessage.md) type) that has been attached to a message. The **eventMessage** entity is based on the **message** type.
+The following example shows a request to get the raw contents of a meeting invitation (of the [eventMessage](../resources/eventmessage.md) type) that has been attached to a message. The **eventMessage** entity is based on the **message** type.
<!-- { "blockType": "ignored", "name": "get_value_message_attachment",
GET https://graph.microsoft.com/beta/me/messages/AAMkAGUzY5QKiAAA=/attachments/A
``` #### Response
-Here is an example of the response.
+The following example shows the response.
The response body includes the **eventMessage** attachment in MIME format. The body of the **eventMessage** is truncated for brevity. The full message body is returned from an actual call.
The response body includes the **eventMessage** attachment in MIME format. The b
```http HTTP/1.1 200 OK
-From: Megan Bowen <MeganB@contoso.OnMicrosoft.com>
-To: Adele Vance <AdeleV@contoso.OnMicrosoft.com>
+From: Megan Bowen <MeganB@contoso.com>
+To: Adele Vance <AdeleV@contoso.com>
Subject: Let's go for lunch Thread-Topic: Let's go for lunch Thread-Index: AdTPqxOmg4AXoJV960a1j5NrJCHYjA==
v1.0 Attacksimulationoperation Get https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attacksimulationoperation-get.md
Title: "Get attackSimulationOperation"
description: "Get an attack simulation operation to track a long-running operation request for a tenant." ms.localizationpriority: medium+ doc_type: apiPageType
Namespace: microsoft.graph
Get an attack simulation operation to track a long-running operation request for a tenant. + ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | AttackSimulation.Read.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | AttackSimulation.Read.All |
+<!-- { "blockType": "permissions", "name": "attacksimulationoperation_get" } -->
## HTTP request
This method does not currently support the [OData query parameters](/graph/query
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [attackSimula
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/security/attackSimulation/operations/f1b138
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Attacksimulationroot Get Excludedaccounttarget https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attacksimulationroot-get-excludedaccounttarget.md
Title: "Get excludedAccountTarget"
description: "Get excluded account targets (users) for an attack simulation campaign for a tenant." ms.localizationpriority: medium+ doc_type: apiPageType
Get excluded account targets (users) for an attack simulation campaign for a ten
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | AttackSimulation.Read.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | AttackSimulation.Read.All |
+<!-- { "blockType": "permissions", "name": "attacksimulationroot_get_excludedaccounttarget" } -->
## HTTP request
GET /security/attackSimulation/simulations/{simulationId}/excludedAccountTarget
|Name|Description| |:|:|
-|Authorization|Bearer {token}. Required.|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
## Request body
-Do not supply a request body for this method.
+Don't supply a request body for this method.
## Response
If successful, this method returns a `200 OK` response code and an [accountTarge
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http)
The following is an example of a request.
GET https://graph.microsoft.com/beta/security/attackSimulation/simulations/f1b13829-3829-f1b1-2938-b1f12938b1a/excludedAccountTarget ```
-# [Java](#tab/java)
- # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/get-excludedaccounttarget-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
GET https://graph.microsoft.com/beta/security/attackSimulation/simulations/f1b13
### Response
-The following is an example of the response.
+The following example shows the response.
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Attacksimulationroot Get Includedaccounttarget https://github.com/microsoftgraph/microsoft-graph-docs-contrib/commits/main/api-reference/beta/api/attacksimulationroot-get-includedaccounttarget.md
Title: "Get includedAccountTarget"
description: "Get included account targets (users) for an attack simulation campaign for a tenant." ms.localizationpriority: medium+ doc_type: apiPageType
Get included account targets (users) for an attack simulation campaign for a ten
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permissio