Updates from: 03/05/2022 02:16:57
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackageassignmentpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-get.md
If successful, this method returns a `200 OK` response code and the requested [a
## Examples
-### Request
+### Example 1: Retrieve a policy
+
+#### Request
The following is an example of the request.
The following is an example of the request.
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/{id}
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/b2eba9a1-b357-42ee-83a8-336522ed6cbf
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-accesspackageassignmentpolicy-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
-### Response
+#### Response
The following is an example of the response.
Content-type: application/json
} ```
+### Example 2: Retrieve the custom extension handlers for a policy
+
+#### Request
+
+The following is an example of a request to retrieve the collection of custom extension handlers that are defined for a policy and their associated custom workflow extension.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_accesspackageassignmentpolicy_expand_customextensionhandlers"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197?$expand=customExtensionHandlers($expand=customExtension)
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "canExtend": true,
+ "durationInDays": 0,
+ "expirationDateTime": null,
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "accessReviewSettings": null,
+ "requestorSettings": {
+ "scopeType": "AllExistingDirectorySubjects",
+ "acceptRequests": true,
+ "allowedRequestors": []
+ },
+ "requestApprovalSettings": {
+ "isApprovalRequired": false,
+ "isApprovalRequiredForExtension": false,
+ "isRequestorJustificationRequired": false,
+ "approvalMode": "NoApproval",
+ "approvalStages": []
+ },
+ "customExtensionHandlers": [
+ {
+ "id": "5a38d27a-b702-48d9-ac72-dcf158ba1b0d",
+ "stage": "assignmentRequestCreated",
+ "customExtension": {
+ "id": "219f57b6-7983-45a1-be01-2c228b7a43f8",
+ "displayName": "test_action_1",
+ "description": "Test logic app",
+ "createdDateTime": "2022-01-11T05:19:16.97Z",
+ "lastModifiedDateTime": "2022-01-11T05:19:16.97Z",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "resourcegroup",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+ }
+ }
+ ]
+}
+```
+ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Accesspackageassignmentpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentpolicy-update.md
The following table shows the properties that are required when you update an [a
If successful, this method returns a `200 OK` response code and an updated [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md) object in the response body. - ## Examples
-### Request
+### Example 1: Update the details of a policy
+
+#### Request
In this policy update, one of the options for the multiple choice question was removed. Future requestors will no longer have the removed option available to them.
Content-Type: application/json
-### Response
+#### Response
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-Type: application/json
} ``` ++
+### Example 2: Remove the customExtensionHandlers from a policy
+
+To remove the collection of **customExtensionHandlers** and their associated custom workflow extension objects from a policy, assign an empty collection to the **customExtensionHandlers** object.
+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_accesspackageassignmentpolicy_delete_customExtensionHandlers"
+}
+-->
+
+```http
+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197
+Content-Type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "expiration": {
+ "type": "afterDuration",
+ "duration": "P365D"
+ },
+ "requestApprovalSettings": null,
+ "requestorSettings": {
+ "acceptRequests": true,
+ "scopeType": "AllExistingDirectorySubjects",
+ "allowedRequestors": []
+ },
+ "accessReviewSettings": null,
+ "customExtensionHandlers": []
+}
+```
+# [JavaScript](#tab/javascript)
++++++
+#### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"
+}
+-->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "4540a08f-8ab5-43f6-a923-015275799197",
+ "displayName": "policy with custom access package workflow extension",
+ "description": "Run specified custom access package workflow extension at different stages.",
+ "accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
+ "expiration": {
+ "type": "afterDuration",
+ "duration": "P365D"
+ },
+ "requestApprovalSettings": null,
+ "requestorSettings": {
+ "acceptRequests": true,
+ "scopeType": "AllExistingDirectorySubjects",
+ "allowedRequestors": []
+ },
+ "accessReviewSettings": null
+}
+```
+ <!-- { "type": "#page.annotation",
v1.0 Accesspackageassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackageassignmentrequest-get.md
HTTP/1.1 200 OK
Content-type: application/json {
- "id": "433dafca-5047-4614-95f7-a03510b1ded3",
- "requestType": "AdminAdd",
- "requestState": "Delivered",
- "requestStatus": "Fulfilled",
- "isValidationOnly": false,
- "createdDateTime": "2019-10-25T22:55:11.623Z"
+ "id": "c0cfd117-f90e-4f48-8226-e282a2ae752c",
+ "requestType": "UserAdd",
+ "requestState": "delivered",
+ "requestStatus": "Delivered",
+ "createdDateTime": "2022-01-07T00:51:12.817Z",
+ "completedDate": "2022-01-07T00:53:15.127Z",
+ "schedule": {
+ "startDateTime": null,
+ "recurrence": null,
+ "expiration": {
+ "endDateTime": null,
+ "duration": null,
+ "type": "notSpecified"
+ }
+ },
+ "customExtensionHandlerInstances": [
+ {
+ "status": "requestReceived",
+ "externalCorrelationId": "08585600902100964604743022906CU13",
+ "customExtensionId": "e59ef33d-7bc4-4b15-8d3c-01153de8a498",
+ "stage": "assignmentRequestCreated"
+ }
+ ]
} ```
v1.0 Accesspackagecatalog List Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md
+
+ Title: "List customAccessPackageWorkflowExtensions"
+description: "Get a list of the customAccessPackageWorkflowExtension objects and their properties."
+
+ms.localizationpriority: medium
++
+# List customAccessPackageWorkflowExtensions
+Namespace: microsoft.graph
++
+Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties. The resulting list includes all the **customAccessPackageWorkflowExtension** objects for the catalog that the caller has access to read.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
+```
+
+## Optional query parameters
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For example, to search for access packages with a particular name, include a filter such as `$filter=contains(tolower(displayName),'team')` in the query. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_customaccesspackageworkflowextension"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.customAccessPackageWorkflowExtension)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions",
+ "value": [
+ {
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.15Z",
+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "test",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+ }
+ ]
+}
+```
v1.0 Accesspackagecatalog Post Customaccesspackageworkflowextensions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md
+
+ Title: "Create customAccessPackageWorkflowExtensions"
+description: "Create a new customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Create customAccessPackageWorkflowExtensions
+Namespace: microsoft.graph
++
+Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object and add it to an existing [accessPackageCatalog](../resources/accesspackagecatalog.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.
+
+You can specify the following properties when creating a **customAccessPackageWorkflowExtension**.
+
+|Property|Type|Description|
+|:|:|:|
+|description|String|Description for the customAccessPackageWorkflowExtension object.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|
+++
+## Response
+
+If successful, this method returns a `201 Created` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_customaccesspackageworkflowextension_from_"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions
+Content-Type: application/json
+
+{
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.1483656Z",
+ "lastModifiedDateTime": "2022-01-24T21:48:57.1483656Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "customextension_test"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "f604bd15-f785-4309-ad7c-6fad18ddb6cb"
+ }
+}
+```
+
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewhistorydefinition-list-instances.md
Content-Type: application/json
"value": [ { "id": "61a617dd-238f-4037-8fa5-d800e515f5bc",
- "status": "Done",
+ "status": "done",
"reviewHistoryPeriodStartDate": "2021-02-01T00:00:00Z", "reviewHistoryPeriodEndDate": "2021-03-01T00:00:00Z", "fulfilledDateTime": "2021-03-01T01:38:15.7998393Z",
v1.0 Accessreviewinstance List Decisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstance-list-decisions.md
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/decisions/
[!INCLUDE [sample-code](../includes/snippets/powershell/list-accessreviewinstancedecisionitem-expand-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
v1.0 Accessreviewinstance List Stages https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstance-list-stages.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_accessreviewstage"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/16d424f6-0100-4bf1-9ebc-fe009c5e5006/instances/bb14c722-51b8-4962-9bd2-1d96ba773d80/stages ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewinstancedecisionitem Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-filterbycurrentuser.md
Content-Type: application/json
#### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewinstancedecisionitem_filterbycurrentuser_2"
Content-Type: application/json
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/stages/9458f255-dff2-4d86-9a05-69438f49d7f8/decisions/filterByCurrentUser(on='reviewer') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewinstancedecisionitem Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewinstancedecisionitem-get.md
Content-Type: application/json
### Example 2: Retrieve a decision from a stage of a multi-stage access review #### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewstage_accessreviewinstancedecisionitem"
Content-Type: application/json
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0/instances/6444d4fd-ab55-4608-8cf9-c6702d172bcc/stages/9458f255-dff2-4d86-9a05-69438f49d7f8/decisions/e6cafba0-cbf0-4748-8868-0810c7f4cc06 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewset Post Definitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewset-post-definitions.md
The following example creates an access review with the following settings:
#### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_accessReviewScheduleDefinition_group_multiStage"
Content-type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response >**Note:** The response object shown here might be shortened for readability.
v1.0 Accessreviewstage Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-filterbycurrentuser.md
If successful, this function returns a `200 OK` response code and a [accessRevie
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewstage_filterbycurrentuser"
If successful, this function returns a `200 OK` response code and a [accessRevie
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/08531375-eff6-4e21-b1a8-de0eb37ec913/instances/86889534-b102-4226-bfce-0c2aeee845df/stages/filterByCurrentUser(on='reviewer') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-get.md
If successful, this method returns a `200 OK` response code and an [accessReview
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewstage"
If successful, this method returns a `200 OK` response code and an [accessReview
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/6af553ce-104d-4842-ab5f-67d7b556e9dd/instances/9ea56d3c-8746-4cdf-9ccc-c7fe1a267c24/stages/839ecbd4-ba5d-4d32-8249-e734aac47adf ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage List Decisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-list-decisions.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_stage_accessreviewinstancedecisionitem"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/16d424f6-0100-4bf1-9ebc-fe009c5e5006/instances/bb14c722-51b8-4962-9bd2-1d96ba773d80/stages/8f0a8999-205b-4c29-a68c-2bee353fd4c5/decisions ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Stop https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-stop.md
If successful, this action returns a `204 No Content` response code.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "accessreviewstage_stop"
If successful, this action returns a `204 No Content` response code.
``` http POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/2b83cc42-09db-46f6-8c6e-16fec466a82d/instances/61a617dd-238f-4037-8fa5-d800e515f5bc/stages/5d431f4b-56f2-4a50-938b-fb1e4e2c91b9/stop ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Accessreviewstage Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accessreviewstage-update.md
Attempting to remove existing **fallbackReviewers** returns a `409 Conflict` res
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accessreviewstage"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Administrativeunit Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete-members.md
Title: "Remove a member"
-description: "Use this API to remove a member (user or group) from an administrative unit."
+description: "Use this API to remove a member (user, group, or device) from an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to remove a member (user or group) from an administrative unit.
+Use this API to remove a member (user, group, or device) from an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
-Here is an example of the request. In the example below, id1 represents the identifier for the target administrative unit, and id2 represents the unique identifier for the member user or group to be removed from the targetted administrative unit.
+### Request
+The following is an example of the request. In the example below, `{id1}` represents the identifier for the target administrative unit, and `{id2}` represents the unique identifier for the member user, group, or device to be removed from the target administrative unit.
-```http
+```msgraph-interactive
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id1}/members/{id2}/$ref ```
-##### Response
-Here is an example of the response.
+### Response
+The following is an example of the response.
```http HTTP/1.1 204 No Content
v1.0 Administrativeunit Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /administrativeUnits/{id}- ``` ## Request headers | Name | Description|
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
DELETE https://graph.microsoft.com/beta/administrativeUnits/{id}
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Administrativeunit Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-get-members.md
Title: "Get a member"
-description: "Use this API to get a specific member (user or group) in an administrative unit."
+description: "Use this API to get a specific member (user, group, or device) in an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to get a specific member (user or group) in an administrative unit.
+Use this API to get a specific member (user, group, or device) in an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Do not supply a request body for this method.
## Response
-If successful, this method returns a `200 OK` response code and a [user](../resources/user.md) or [group](../resources/group.md) object in the response body.
+If successful, this method returns a `200 OK` response code and a [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of the request.
-```http
+```msgraph-interactive
GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/{id} ```
-##### Response
-Here is an example of the respone. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
v1.0 Administrativeunit Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /administrativeUnits/{id}
+GET /directory/administrativeUnits/{id}
``` ## Optional query parameters This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [administrativeUnit](../resources/administrativeunit.md) object in the response body. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"name": "get_administrativeunit" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/administrativeUnits/{id}
+GET https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-administrativeunit-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/administrativeUnits/{id}
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "isMemberManagementRestricted": null,
+ "visibility": "HiddenMembership",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null
} ```
v1.0 Administrativeunit List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-list-members.md
Title: "List members"
-description: "Use this API to get the members list (user and group) in an administrative unit."
+description: "Use this API to get the members list (users, groups, and devices) in an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to get the members list (user and group) in an administrative unit.
+Use this API to get the members list (users, groups, and devices) in an administrative unit.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
GET /administrativeUnits/{id}/members GET /administrativeUnits/{id}/members/$ref ```
+## Optional query parameters
+This method (when used without `$ref`) supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. OData cast is also enabled, for example, you can cast to get just the users that are a member of the administrative unit.
+
+`$search` is supported on the **displayName** and **description** properties only. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
+ ## Request headers
-| Name |Description|
+| Header |Value|
|:-|:-| | Authorization | Bearer {token}. Required. |
+| ConsistencyLevel | eventual. This header and `$count` are required when using `$search`, or in specific usage of `$filter`. For more information about the use of **ConsistencyLevel** and `$count`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |
## Request body Do not supply a request body for this method. ## Response
-If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md) and/or [group](../resources/group.md) objects in the response body. Instead, if you put `$ref` at the end of the request, the response will contain a collection of `@odata.id` links/URLs to the members.
+If successful, this method returns a `200 OK` response code and a collection of [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) objects in the response body. Adding `$ref` at the end of the request returns a collection of only `@odata.id` URLs of the members.
## Examples
-##### List member objects
+### Example 1: List member objects
+
+#### Request
The following request will list the members of the administrative unit, returning a collection of users and/or groups. ```http GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members ```
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+#### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
Content-type: application/json
} ```
-##### List member references
+### Example 2: List member references
+
+#### Request
+ The following request will list the member references of the administrative unit, returning a collection of `@odata.id` references to the members.+ ``` GET https://graph.microsoft.com/beta/administrativeUnits/{id}/members/$ref ```
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+
+#### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
```http HTTP/1.1 200 OK
v1.0 Administrativeunit Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-post-members.md
Title: "Add a member"
-description: "Use this API to add a member (user or group) to an administrative unit."
+description: "Use this API to add a member (user, group, or device) to an administrative unit."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to add a member (user or group) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.
+Use this API to add a member (user, group, or device) to an administrative unit or to create a new group within an administrative unit. All [group types](/graph/api/resources/groups-overview) can be created within an administrative unit.
-**NOTE:** Currently it's only possible to add one member at a time to an administrative unit.`
+**Note:** Currently, it's only possible to add one member at a time to an administrative unit.`
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
POST /administrativeUnits/{id}/members
| Authorization | Bearer {token}. Required. | | Content-type | application/json. Required. |
-## Request body
### Adding an existing user or group
-In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), or [directoryObject](../resources/directoryobject.md) to be added.
+In the request body, provide the `id` of a [user](../resources/user.md), [group](../resources/group.md), [device](../resources/device.md), or [directoryObject](../resources/directoryobject.md) to be added.
### Creating a new group The following table shows the properties of the [group](../resources/group.md) resource to specify when you create a group in the administrative unit.
Content-type: application/json
-In the request body, provide the `id` of the [user](../resources/user.md) or [group](../resources/group.md) object you want to add.
+In the request body, provide the `id` of the [user](../resources/user.md), [group](../resources/group.md), or [device](../resources/device.md) object you want to add.
#### Response+ The following is an example of the response. <!-- {
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http PATCH /administrativeUnits/{id}
+PATCH /directory/administrativeUnits/{id}
``` ## Request headers
In the request body, supply the values for relevant fields that should be update
| Property | Type |Description| |:|:--|:-|
-|description|string|Description for the administrative unit.|
-|displayName|string|Display name for the administrative unit.|
-|visibility|string|Visibility for the administrative unit. If not set then the default is "public". Can be set to "HiddenMembership", which hides the membership from non-members.|
+|description|String|Description for the administrative unit.|
+|displayName|String|Display name for the administrative unit.|
-Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to
-add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
## Response
If successful, this method returns a `204 No Content` response code.
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
If successful, this method returns a `204 No Content` response code.
"name": "update_administrativeunit" }--> ```http
-PATCH https://graph.microsoft.com/beta/administrativeUnits/{id}
+PATCH https://graph.microsoft.com/beta/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value"
+ "displayName": "Greater Seattle District Technical Schools"
} ``` # [C#](#tab/csharp)
Content-type: application/json
-##### Response
+### Response
<!-- { "blockType": "response"
v1.0 Agreement Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/agreement-delete.md
DELETE https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements
[!INCLUDE [sample-code](../includes/snippets/go/delete-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Agreement Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/agreement-get.md
GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements/{i
[!INCLUDE [sample-code](../includes/snippets/go/get-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Agreement Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/agreement-update.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/update-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Application Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-get.md
Content-type: application/json
"enableIdTokenIssuance": false, "enableAccessTokenIssuance": false }
- }
+ },
+ "windows": null
} ```
v1.0 Application List Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-list-extensionproperty.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All|
|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All | |Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
The following is an example of the request.
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/applications/{id}/extensionProperties
+GET https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-extensionproperties-csharp-snippets.md)]
HTTP/1.1 200 OK
Content-type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties",
"value": [ {
- "id": "a2c459db-f5dc-4328-ae9b-118e88d04d19",
+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",
"deletedDateTime": null,
- "appDisplayName": "Display name",
- "name": "extension_b3efaf8f68a44275abcff28ef86b2ee3_extensionName",
+ "appDisplayName": "",
+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",
"dataType": "String", "isSyncedFromOnPremises": false, "targetObjects": [
- "Application"
+ "User"
+ ]
+ },
+ {
+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",
+ "deletedDateTime": null,
+ "appDisplayName": "",
+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",
+ "dataType": "String",
+ "isSyncedFromOnPremises": false,
+ "targetObjects": [
+ "User"
] } ]
v1.0 Application Post Applications https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-post-applications.md
Content-type: application/json
"enableIdTokenIssuance": false, "enableAccessTokenIssuance": false }
- }
+ },
+ "windows" : null
} ```
v1.0 Application Post Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-post-extensionproperty.md
The following is an example of the request.
}--> ```http
-POST https://graph.microsoft.com/beta/applications/{id}/extensionProperties
+POST https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties
Content-type: application/json {
- "name": "extensionName",
- "dataType": "string",
+ "name": "jobGroup",
+ "dataType": "String",
"targetObjects": [
- "Application"
+ "User"
] } ```
HTTP/1.1 201 Created
Content-type: application/json {
- "id": "a2c459db-f5dc-4328-ae9b-118e88d04d19",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",
+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",
"deletedDateTime": null,
- "appDisplayName": "Display name",
- "name": "extension_b3efaf8f68a44275abcff28ef86b2ee3_extensionName",
+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",
"dataType": "String", "isSyncedFromOnPremises": false,
+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",
"targetObjects": [
- "Application"
+ "User"
] } ```
v1.0 Application Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).| ## Response
v1.0 Application Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-removepassword.md
POST /applications/{id}/removePassword
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Application Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-update.md
In the request body, supply the values for relevant fields that should be update
| uniqueName | String | The unique identifier that can be assigned to an application as an alternative identifier. Immutable. Read-only. | | web | [webApplication](../resources/webapplication.md) | Specifies settings for a web application. | | spa | [spaApplication](../resources/spaapplication.md) | Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. |
+| windows | [windowsApplication](../resources/windowsapplication.md) | Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store. Includes package SID and redirect URIs for authorization codes and access tokens. |
## Response
v1.0 Bitlocker List Recoverykeys https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bitlocker-list-recoverykeys.md
The response might also contain an `odata.nextLink`, which you can use to page t
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys?$filter=deviceId eq '1ab40ab2-32a8-4b00-b6b5-ba724e407de9'
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
v1.0 Bitlockerrecoverykey Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bitlockerrecoverykey-get.md
To get the specified BitLocker key without returning the **key** property:
} --> ``` http
-GET /informationProtection/bitlocker/recoveryKeys/'{bitlockeryRecoveryKeyId}'
+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}
``` To get the specified BitLocker key including its **key** property:
To get the specified BitLocker key including its **key** property:
} --> ``` http
-GET /informationProtection/bitlocker/recoveryKeys/'{bitlockeryRecoveryKeyId}'?$select=key
+GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key
``` ## Optional query parameters
This method supports the `$select` OData query parameter to return the **key** p
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.| + ## Request body Do not supply a request body for this method.
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4?$select=key
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
+ocp-client-name: "My Friendly Client"
+ocp-client-version: "1.2"
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-bitlockerrecoverykey-4-csharp-snippets.md)]
v1.0 Bookingappointment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/bookingappointment-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /bookingBusinesses/{id}/appointments/{id}- ``` ## Request headers | Name | Description|
Do not supply a request body for this method.
If successful, this method returns `204, No Content` response code. It does not return anything in the response body. ## Example
-##### Request
-The following is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
DELETE https://graph.microsoft.com/beta/bookingBusinesses/Contosolunchdelivery@c
-##### Response
-The following is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/channel-list-tabs.md
Namespace: microsoft.graph
Retrieve the list of [tabs](../resources/teamstab.md) in the specified [channel](../resources/channel.md) within a [team](../resources/team.md).
+> **Note**: The Files tab is native to a channel or chat and is not returned by this API.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Chat Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/chat-post.md
The following table lists the properties that are required to create a chat obje
|:|:|:| |topic|(Optional) String|The title of the chat. The chat title can be provided only if the chat is of `group` type.| |chatType|[chatType](../resources/chat.md#chattype-values)| Specifies the type of chat. Possible values are: `group` and `oneOnOne`. |
-|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every single user, including the user initiating the create request, who will participate in the chat must be specified in this list.|
+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|
|installedApps| [teamsApp](../resources/teamsapp.md) collection|List of apps that should be installed in the chat.| > **Note:** Currently, only one app installation is supported. If multiple app installations are listed in the request, the response will be a `Bad Request` error.
Content-Type: application/json
} ```
+### Example 5: Create a group chat with tenant guest user
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_chat_group"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/chats
+Content-Type: application/json
+
+{
+ "chatType": "group",
+ "topic": "Group chat title",
+ "members": [
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["guest"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats/$entity",
+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",
+ "topic": "Group chat title",
+ "createdDateTime": "2020-12-04T23:11:16.175Z",
+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",
+ "chatType": "group",
+ "webUrl": "https://teams.microsoft.com/l/chat/19%3A1c5b01696d2e4a179c292bc9cf04e63b@thread.v2/0?tenantId=b33cbe9f-8ebe-4f2a-912b-7e2a427f477f"
+}
+```
+ ## See also - [Get teamsAsyncOperation](teamsasyncoperation-get.md)
v1.0 Cloudpcorganizationsettings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcorganizationsettings-get.md
If successful, this method returns a `200 OK` response code and a [cloudPcOrgani
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_cloudpcorganizationsettings"
If successful, this method returns a `200 OK` response code and a [cloudPcOrgani
``` http GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/organizationSettings ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Cloudpcsnapshot Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcsnapshot-get.md
+
+ Title: "Get cloudPcSnapshot"
+description: "Read the properties and relationships of a cloudPcSnapshot object."
+
+ms.localizationpriority: medium
++
+# Get cloudPcSnapshot
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /deviceManagement/virtualEndpoint/snapshots/{cloudPcSnapshotId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of a request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_cloudpcsnapshot"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots/A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.cloudPcSnapshot"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",
+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",
+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",
+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",
+ "status": "ready"
+ }
+}
+```
+
v1.0 Cloudpcusersetting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcusersetting-get.md
Content-Type: application/json
"displayName": "String", "selfServiceEnabled": true, "localAdminEnabled": false,
+ "restorePointSetting": {
+ "frequencyInHours": 16,
+ "userRestoreEnabled": true
+ },
"lastModifiedDateTime": "2021-02-01T10:29:57Z", "createdDateTime": "2021-02-01T10:29:57Z" }
Content-Type: application/json
"displayName": "Display Name value", "selfServiceEnabled": true, "localAdminEnabled": false,
+ "restorePointSetting": {
+ "frequencyInHours": 16,
+ "userRestoreEnabled": true
+ },
"lastModifiedDateTime": "2021-02-01T10:29:57Z", "createdDateTime": "2021-02-01T10:29:57Z", "assignments": [
v1.0 Cloudpcusersetting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/cloudpcusersetting-update.md
The following table shows the properties that are required when you update the [
|displayName|String|The setting name displayed in the user interface.| |localAdminEnabled|Boolean|To turn on the local admin option, change this setting to `True`.ΓÇ» | |selfServiceEnabled|Boolean|To turn on the self-service option, change this setting to `True`.ΓÇ»|
+|restorePointSetting|[cloudPcRestorePointSetting](../resources/cloudpcrestorepointsetting.md)|Defines how frequently a restore point is created (that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.|
|lastModifiedDateTime|DateTimeOffset|The last date and time the setting was modified. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this:ΓÇ»'2014-01-01T00:00:00Z'.ΓÇ»|
Content-Type: application/json
"@odata.type": "#microsoft.graph.cloudPcUserSetting", "displayName": "Example", "selfServiceEnabled": true,
+ "restorePointSetting": {
+ "frequencyInHours": "16",
+ "userRestoreEnabled": true
+ },
"localAdminEnabled": false } ```
v1.0 Columndefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/columndefinition-get.md
ms.prod: "sites-and-lists"
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]+ Retrieve the metadata for a [site][], [list][] or [contentType][] [column][columnDefinition]. ## Permissions
-
- One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-
- |Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Sites.Read.All, Sites.ReadWrite.All, Sites.Manage.All, Sites.FullControl.All |
GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{colu
## Request body
-
+Do not supply a request body for this method.
-Do not supply a request body with this method.
+## Response
+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.
- ## Example
-
- ### Request
-
-
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get_column_from_contenttype" } -->
GET /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
-
- ### Response
-
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "microsoft.graph.columnDefinition", "truncated": true } -->
v1.0 Contactmergesuggestions Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/contactmergesuggestions-get.md
+
+ Title: "Get contactMergeSuggestions"
+description: "Read the properties and relationships of a contactMergeSuggestions object."
+
+ms.localizationpriority: medium
++
+# Get contactMergeSuggestions
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|User.Read, User.ReadWrite|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /me/settings/contactMergeSuggestions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object in the response body.
+
+## Examples
+
+The following is an example of the request to get **contactMergeSuggestions** settings for the user.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_contactmergesuggestions"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/me/settings/contactMergeSuggestions
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.contactMergeSuggestions",
+ "name": "get_contactmergesuggestions"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "isEnabled": true
+}
+```
+
v1.0 Contactmergesuggestions Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/contactmergesuggestions-update.md
+
+ Title: "Update contactMergeSuggestions"
+description: "Update the properties of a contactMergeSuggestions object."
+
+ms.localizationpriority: medium
++
+# Update contactMergeSuggestions
+Namespace: microsoft.graph
++
+Update the properties of a [contactMergeSuggestions](../resources/contactmergesuggestions.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|User.ReadWrite|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /me/settings/contactMergeSuggestions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+|isEnabled|Boolean|`true` if the duplicate contact merge suggestions feature is enabled for user; `false` if the feature is disabled. Default is `true`.|
+++
+## Response
+
+If successful, this method returns a `204 No Content` response code and the value is updated on the backend.
+
+## Examples
+
+The following example updates the **isEnabled** privacy setting to disable the duplicate contacts merge suggestions feature.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_contactmergesuggestions"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/me/settings/contactMergeSuggestions
+Content-Type: application/json
+
+{
+ "isEnabled": false
+}
+```
++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "name": "update_contactmergesuggestions"
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Crosstenantaccesspolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicy"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicy List Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-list-partners.md
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicy Post Partners https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-post-partners.md
If successful, this method returns a `201 Created` response code and a [crossTen
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_crosstenantaccesspolicyconfigurationpartner_from_"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicy-update.md
The [crossTenantAccessPolicy](../resources/crosstenantaccesspolicy.md) object si
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicy"
Content-Type: application/json
"displayName": "CrossTenantAccessPolicy", } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicyconfigurationdefault"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Resettosystemdefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-resettosystemdefault.md
If successful, this action returns a `204 No Content` response code. To confirm
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "crosstenantaccesspolicyconfigurationdefault_resettosystemdefault"
If successful, this action returns a `204 No Content` response code. To confirm
``` http POST https://graph.microsoft.com/betefault ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationdefault Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationdefault-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicyconfigurationdefault"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-delete.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `204 No Content` response code.
``` http DELETE https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-get.md
If successful, this method returns a `200 OK` response code and a [crossTenantAc
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_crosstenantaccesspolicyconfigurationpartner"
If successful, this method returns a `200 OK` response code and a [crossTenantAc
``` http GET https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/9c5d131d-b1c3-4fc4-9e3f-c6557947d551 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Crosstenantaccesspolicyconfigurationpartner Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/crosstenantaccesspolicyconfigurationpartner-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_crosstenantaccesspolicyconfigurationpartner"
Content-Type: application/json
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ ### Response
v1.0 Customaccesspackageworkflowextension Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-delete.md
+
+ Title: "Delete customAccessPackageWorkflowExtension"
+description: "Delete a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Delete customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Delete a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object. The custom workflow extension must first be removed from any associated [policies](../resources/accesspackageassignmentpolicy.md) before it can be deleted. Follow these steps to remove the custom workflow extension from any associated policies:
+1. First retrieve the accessPackageCatalogId by calling the [Get accessPackageAssignmentPolicies](accesspackageassignmentpolicy-get.md) operation and appending `?$expand=accessPackage($expand=accessPackageCatalog)` to the query. For example, `https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies?$expand=accessPackage($expand=accessPackageCatalog)`.
+2. Use the access package catalog ID and retrieve the ID of the **customAccessPackageWorkflowExtension** object that you want to delete by running the [LIST customAccessPackageWorkflowExtensions](accesspackagecatalog-list-customaccesspackageworkflowextensions.md) operation.
+3. Call the [Update accessPackageAssignmentPolicy](accesspackageassignmentpolicy-update.md) operation to remove the custom workflow extension object from the policy. For an example, see [Example 2: Remove the customExtensionHandlers from a policy](accesspackageassignmentpolicy-update.md#example-2-remove-the-customextensionhandlers-from-a-policy).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_customaccesspackageworkflowextension"
+}
+-->
+``` http
+DELETE /identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Response
+```
v1.0 Customaccesspackageworkflowextension Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-get.md
+
+ Title: "Get customAccessPackageWorkflowExtension"
+description: "Read the properties and relationships of a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Get customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object for an [accessPackageCatalog](../resources/accesspackagecatalog.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.Read.All EntitlementManagement.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to retrieve specific properties. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_customaccesspackageworkflowextension"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "id": "98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0",
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only",
+ "createdDateTime": "2022-01-24T21:48:57.15Z",
+ "lastModifiedDateTime": "2022-01-24T21:55:44.953Z",
+ "clientConfiguration": null,
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "test",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+}
+```
+
v1.0 Customaccesspackageworkflowextension Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/customaccesspackageworkflowextension-update.md
+
+ Title: "Update customAccessPackageWorkflowExtension"
+description: "Update the properties of a customAccessPackageWorkflowExtension object."
+
+ms.localizationpriority: medium
++
+# Update customAccessPackageWorkflowExtension
+Namespace: microsoft.graph
++
+Update the properties of an existing [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|EntitlementManagement.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PUT /identityGovernance/entitlementManagement/accessPackageCatalogs/{catalogId}/customAccessPackageWorkflowExtensions/{customAccessPackageWorkflowExtensionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
++
+|Property|Type|Description|
+|:|:|:|
+|description|String|Description for the customAccessPackageWorkflowExtension object.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow.|
++
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_customaccesspackageworkflowextension"
+}
+-->
+``` http
+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/32efb28c-9a7a-446c-986b-ca6528c6669d/customAccessPackageWorkflowExtensions/98ffaec5-ae8e-4902-a434-5ffc5d3d3cd0
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.customAccessPackageWorkflowExtension",
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "displayName": "test_action_0124_email",
+ "description": "this is for graph testing only",
+ "endpointConfiguration": {
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",
+ "resourceGroupName": "EMLogicApp",
+ "logicAppWorkflowName": "elm-extension-email"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "eed6dee9-7ff7-44a5-8980-c11e8886cea2"
+ }
+}
+```
+
v1.0 Device List Memberof https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/device-list-memberof.md
Title: "List device groups"
-description: "Get groups that this device is a direct member of. This operation is not transitive."
+ Title: "List memberOf"
+description: "Get groups or administrative units that this device is a direct member of. This operation is not transitive."
ms.localizationpriority: medium ms.prod: "directory-management" doc_type: apiPageType
-# List device groups
+# List memberOf
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get groups that this device is a direct member of. This operation is not transitive.
+Get [groups](../resources/group.md) and [administrative units](../resources/administrativeunit.md) that the device is a direct member of. This operation is not transitive.
## Permissions
This method supports the `$search`, `$count`, and `$filter` [OData query paramet
Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
-When items are added or updated for this resource, they are specially indexed for use with the `$count` and `$search` query parameters. There can be a slight delay between when an item is added or updated and when it is available in the index.
- ## Request headers | Header | Value | |:|:--|
v1.0 Directory List Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directory-list-administrativeunits.md
+
+ Title: "List administrativeUnits"
+description: "Retrieve a list of administrativeUnit objects."
+
+ms.localizationpriority: medium
++
+# List administrativeUnits
+
+Namespace: microsoft.graph
++
+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+GET /administrativeUnits
+GET /directory/administrativeUnits
+```
+## Optional query parameters
+This method supports the `$count`, `$select`, `$search`, `$filter`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.
++
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.
+## Example
+### Request
+Here is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_administrativeunits"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/administrativeUnits
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits",
+ "value": [
+ {
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "isMemberManagementRestricted": null,
+ "visibility": "HiddenMembership",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "List administrativeUnits",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directory-post-administrativeunits.md
+
+ Title: "Create administrativeUnit"
+description: "Use this API to create a new administrativeUnit."
+
+ms.localizationpriority: medium
++
+# Create administrativeUnit
+
+Namespace: microsoft.graph
++
+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /administrativeUnits
+POST /directory/administrativeUnits
+```
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.
+
+## Example
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_administrativeunit_from_administrativeunits"
+}-->
+```http
+POST https://graph.microsoft.com/beta/administrativeUnits
+Content-type: application/json
+
+{
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#administrativeUnits/$entity",
+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+
+## See also
+
+- [Add custom data to resources using extensions](/graph/extensibility-overview)
+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
+<!--
+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)
+-->
++
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create administrativeUnit",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
++
v1.0 Directorysetting Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directorysetting-delete.md
Title: "Delete a directory setting"
+ Title: "Delete directorySetting"
description: "Delete a directory setting." ms.localizationpriority: medium
ms.prod: "directory-management"
doc_type: apiPageType
-# Delete a directory setting
+# Delete directorySetting
Namespace: microsoft.graph
Namespace: microsoft.graph
Delete a directory setting.
-> **Note**: The /beta version of this API only applies to groups. The /v1.0 version of this API has been renamed to *Delete groupSettings*.
- ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } -->
-Delete a specific tenant-wide or group setting
+Delete a tenant-wide setting.
```http
-DELETE /settings/{id}
-DELETE /groups/{id}/settings/{id}
+DELETE /settings/{directorySettingId}
+```
+<!-- { "blockType": "ignored" } -->
+Delete a group-specific setting.
+```http
+DELETE /groups/{groupId}/settings/{directorySettingId}
```+ ## Request headers | Name | Description| |:|:-|
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"blockType": "request", "name": "delete_directorysetting" }-->
-```http
-DELETE https://graph.microsoft.com/beta/settings/{id}
+```msgraph-interactive
+DELETE https://graph.microsoft.com/beta/settings/3c105fc3-2254-4861-9e2d-d59e2126f3ef
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/delete-directorysetting-csharp-snippets.md)]
DELETE https://graph.microsoft.com/beta/settings/{id}
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true
v1.0 Directorysetting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directorysetting-get.md
Title: "Get a directory setting"
+ Title: "Get directorySetting"
description: "Retrieve the properties of a specific directory setting object." ms.localizationpriority: medium
ms.prod: "directory-management"
doc_type: apiPageType
-# Get a directory setting
+# Get directorySetting
Namespace: microsoft.graph
Namespace: microsoft.graph
Retrieve the properties of a specific directory setting object.
-> **Note**: The /beta version of this API only applies to groups. The /v1.0 version of this API has been renamed to *Get groupSettings*.
- ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). +
+### List tenant-wide settings
+ |Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |Delegated (personal Microsoft account) | Not supported. | |Application | Directory.Read.All, Directory.ReadWrite.All |
+### List group-specific settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Group.Read.All, Group.ReadWrite.All |
++ ## HTTP request+
+<!-- { "blockType": "ignored" } -->
+
+Get a tenant-wide setting.
+
+```http
+GET /settings/{directorySettingId}
+```
+ <!-- { "blockType": "ignored" } -->
-Get a specific tenant-wide or group setting
+Get a group-specific setting.
```http
-GET /settings/{id}
-GET /groups/{id}/settings/{id}
+GET /groups/{groupId}/settings/{directorySettingId}
```+ ## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
+This method supports the `$select` [OData query parameters](/graph/query-parameters) to help customize the response.
## Request headers | Name |Description|
GET https://graph.microsoft.com/beta/settings/f0b2d6f5-097d-4177-91af-a24e530b53
-##### Response
+### Response
The following is an example of the response. >**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Directorysetting Post Settings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directorysetting-post-settings.md
- Title: "Create a directory setting"
-description: "Use this API to create a new setting, based on the templates available in directorySettingTemplates."
-
-doc_type: apiPageType
--
-# Create a directory setting
-
-Namespace: microsoft.graph
--
-Use this API to create a new setting, based on the templates available in directorySettingTemplates. These settings can be at the tenant-level or at an object level (currently only for groups). The creation request must provide settingValues for all the settings defined in the template. For group-specific settings, only the setting governing whether members of a group can invite guest users can be set. This will govern this behavior once the ability to add guest users to a group is generally available.
-
-> **Note**: The /beta version of this API only applies to groups. The /v1.0 version of this API has been renamed to *Create groupSettings*.
-
-For a list of templates and the properties they support in beta, use a [directorySettingTemplate query](https://developer.microsoft.com/graph/graph-explorer?request=directorySettingTemplates&version=beta). (For v1.0 endpoints, call [groupSettingTemplates](https://developer.microsoft.com/graph/graph-explorer?request=groupSettingTemplates&version=v1.0).)
--
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | Directory.ReadWrite.All, Directory.AccessAsUser.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | Directory.ReadWrite.All |
-
-## HTTP request
-<!-- { "blockType": "ignored" } -->
-```http
-POST /settings
-POST /groups/{id}/settings
-```
-## Request headers
-| Name | Description|
-|:|:-|
-| Authorization | Bearer {token}. Required.|
-
-## Request body
-In the request body, supply a JSON representation of [directorySetting](../resources/directorysetting.md) object. However, the display name for the setting will be set based on the referenced settings template name.
-
-## Response
-
-If successful, this method returns `201 Created` response code and [directorySetting](../resources/directorysetting.md) object in the response body.
-
-## Example 1: Create a new setting for all Microsoft 365 groups in the tenant
-
-### Request
-The following is an example of the request.
--
-# [HTTP](#tab/http)
-<!-- {
- "blockType": "request",
- "name": "create_directorysetting_from_settings"
-}-->
-```http
-POST https://graph.microsoft.com/beta/settings
-Content-type: application/json
-
-{
- "displayName": "Group.Unified",
- "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
- "values": [
- {
- "name": "GuestUsageGuidelinesUrl",
- "value": "https://privacy.contoso.com/privacystatement"
- },
- {
- "name": "EnableMSStandardBlockedWords",
- "value": "true"
- },
- {
- "name": "EnableMIPLabels",
- "value": "true"
- },
- {
- "name": "PrefixSuffixNamingRequirement",
- "value": "[Contoso-][GroupName]"
- }
- ]
-}
-```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-
-# [Go](#tab/go)
-
-# [PowerShell](#tab/powershell)
----
-In the request body, supply a JSON representation of [directorySetting](../resources/directorysetting.md) object.
-
-### Response
-The following is an example of the response.
-
->**Note:** The response object shown here has been shortened for readability.
-<!-- {
- "blockType": "response",
- "truncated": true,
- "@odata.type": "microsoft.graph.directorySetting"
-} -->
-```http
-HTTP/1.1 201 Created
-Content-type: application/json
-
-{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",
- "id": "f0b2d6f5-097d-4177-91af-a24e530b53cc",
- "displayName": "Group.Unified",
- "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
- "values": [
- {
- "name": "GuestUsageGuidelinesUrl",
- "value": "https://privacy.contoso.com/privacystatement"
- },
- {
- "name": "EnableMSStandardBlockedWords",
- "value": "true"
- },
- {
- "name": "EnableMIPLabels",
- "value": "true"
- },
- {
- "name": "PrefixSuffixNamingRequirement",
- "value": "[Contoso-][GroupName]"
- }
- ]
-}
-```
-
-## Example 2: Create a setting to block guests for a specific Microsoft 365 group
-
-### Request
--
-# [HTTP](#tab/http)
-<!-- {
- "blockType": "request",
- "name": "create_directorysetting_from_settings_for_guests"
-}-->
-```http
-POST https://graph.microsoft.com/v1.0/groups/055a5d18-a3a9-4338-b9c5-de92559b7ebf/settings
-Content-type: application/json
-
-{
- "displayName": "Group.Unified.Guest",
- "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
- "values": [
- {
- "name": "AllowToAddGuests",
- "value": "false"
- }
- ]
-}
-```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-
-# [Go](#tab/go)
----
-In the request body, supply a JSON representation of [directorySetting](../resources/directorysetting.md) object.
-
-### Response
-
-Note: The response object shown here may be shortened for readability.
-
-<!-- {
- "blockType": "response",
- "truncated": true,
- "@odata.type": "microsoft.graph.directorySetting"
-} -->
-```http
-HTTP/1.1 201 Created
-Content-type: application/json
-
-{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",
- "id": "a77ad44e-aa2a-4976-91b5-b947787b9577",
- "displayName": "Group.Unified.Guest",
- "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
- "values": [
- {
- "name": "AllowToAddGuests",
- "value": "false"
- }
- ]
-}
-```
-
-<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
-2015-10-25 14:57:30 UTC -->
-<!--
-{
- "type": "#page.annotation",
- "description": "Create directorySetting",
- "keywords": "",
- "section": "documentation",
- "tocPath": "",
- "suppressions": [
- ]
-}
>
v1.0 Directorysetting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directorysetting-update.md
Title: "Update a directory setting"
+ Title: "Update directorySetting"
description: "Update the properties of a specific directory setting object." ms.localizationpriority: medium
ms.prod: "directory-management"
doc_type: apiPageType
-# Update a directory setting
+# Update directorySetting
Namespace: microsoft.graph
Namespace: microsoft.graph
Update the properties of a specific directory setting object.
-> **Note**: The /beta version of this API only applies to groups. The /v1.0 version of this API has been renamed to *Update groupSettings*.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Directory.ReadWrite.All | + ## HTTP request <!-- { "blockType": "ignored" } -->
-Update a tenant-wide or group specific setting.
+Update a tenant-wide setting.
+```http
+PATCH /settings/{directorySettingId}
+```
+
+<!-- { "blockType": "ignored" } -->
+Update a group-specific setting.
```http
-PATCH /settings/{id}
-PATCH /groups/{id}/settings/{id}
+PATCH /groups/{groupId}/settings/{directorySettingId}
```+ ## Optional request headers | Name | Description| |:--|:--|
In the request body, supply the values for relevant fields that should be update
If successful, this method returns a `204 OK` response code. ## Example
-##### Request
+### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"blockType": "request", "name": "update_directorysetting" }-->
-```http
-PATCH https://graph.microsoft.com/beta/settings/{id}
+```msgraph-interactive
+PATCH https://graph.microsoft.com/beta/settings/3c105fc3-2254-4861-9e2d-d59e2126f3ef
Content-type: application/json {
- "values": [
- {
- "name": "name-value",
- "value": "value-value"
- }
- ]
+ "values": [
+ {
+ "name": "CustomBlockedWordsList",
+ "value": "Contoso"
+ }
+ ]
} ``` # [C#](#tab/csharp)
Content-type: application/json
-##### Response
+### Response
<!-- { "blockType": "response" } -->
v1.0 Entitlementmanagement Post Accesspackageresourcerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md
POST /identityGovernance/entitlementManagement/accessPackageResourceRequests
In the request body, supply a JSON representation of an [accessPackageResourceRequest](../resources/accesspackageresourcerequest.md) object. Include the `accessPackageResource` relationship with an [accessPackageResource](../resources/accesspackageresource.md) object as part of the request.
-To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group.
+To add an Azure AD group as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadGroup` and the value of the **originId** is the identifier of the group. If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role which allows them to modify groups. If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
-To remove an Azure AD app from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).
+To add an Azure AD application as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `AadApplication` and the value of the **originId** is the identifier of the [servicePrincipal](../resources/serviceprincipal.md). If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role which allows them to modify application role assignments.
-To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:
+To add a SharePoint Online site as a resource to a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminAdd`, and an `accessPackageResource` representing the resource. The value of the **originSystem** property within the `accessPackageResource` should be `SharePointOnline` and the value of the **originId** is the URI of the [site](../resources/site.md). If using delegated permissions, the user should be in the the SharePoint Administrator role. If using application permissions, the application requesting to add the site should also be assigned the `Sites.FullControl.All` permission. To assign the geolocation environment for a multi-geolocation Sharepoint Online resource, include the **accessPackageResourceEnvironment** relationship in the `accessPackageResource` object. This can be done in two ways:
+ Use `@odata.bind` annotation to assign the `id` of the `accessPackageResourceEnvironment` to an `accessPackageResourceEnvironment` object. + Specify the `originId` parameter of the `accessPackageResourceEnvironment` in an `accessPackageResourceEnvironment` object.
+To remove a resource from a catalog, set the **catalogId** to be of the ID of the catalog, **requestType** to be `AdminRemove`, and the `accessPackageResource` the resource object to be removed. The resource object can be retrieved using [list accessPackageResources](accesspackagecatalog-list-accesspackageresources.md).
## Response
Content-type: application/json
The following is an example of the request for adding an application to a catalog, including specifying a required attribute of that application. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_accesspackageresourcerequest_from_accesspackageresourcerequests6"
Content-type: application/json
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++ #### Response
v1.0 Event Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/event-get.md
The following example shows expanding a series master event of a recurring serie
"name": "get_event_seriesMaster_expansion" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences$expand=exceptionOccurrences
+GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=subject,start,end,occurrenceId,exceptionOccurrences,cancelledOccurrences&$expand=exceptionOccurrences
``` # [Go](#tab/go) [!INCLUDE [sample-code](../includes/snippets/go/get-event-seriesmaster-expansion-go-snippets.md)]
GET https://graph.microsoft.com/beta/me/events/AAMkADAGAADDdm4NAAA=/?$select=sub
[!INCLUDE [sample-code](../includes/snippets/powershell/get-event-seriesmaster-expansion-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+ #### Response
v1.0 Extensionproperty Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/extensionproperty-delete.md
+
+ Title: "Delete extensionProperty"
+description: "Delete an extensionProperty."
+ms.localizationpriority: medium
+++
+# Delete extensionProperty
+
+Namespace: microsoft.graph
++
+Delete an [extensionProperty](../resources/extensionproperty.md).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Application.ReadWrite.All, Directory.ReadWrite.All |
+|Delegated (personal Microsoft account) | Application.ReadWrite.All |
+|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+DELETE /applications/{id}/extensionProperties/{id}
+```
+
+## Request headers
+
+| Name | Description|
+|:--|:-|
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_extensionproperty"
+}-->
+
+```http
+DELETE https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Delete extensionProperty",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
+++
v1.0 Extensionproperty Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/extensionproperty-get.md
+
+ Title: "Get extensionProperty"
+description: "Read an extensionProperty object."
+
+ms.localizationpriority: medium
++
+# Get extensionProperty
+Namespace: microsoft.graph
++
+Read an [extensionProperty](../resources/extensionproperty.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All |
+|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All |
+|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /applications/{applicationsId}/extensionProperties/{extensionPropertyId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [extensionProperty](../resources/extensionproperty.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_extensionproperty"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/1f0f15e3-925d-40f0-8fc8-9d3ad135bce0
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.extensionProperty"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",
+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",
+ "deletedDateTime": null,
+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",
+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",
+ "dataType": "String",
+ "isSyncedFromOnPremises": false,
+ "targetObjects": [
+ "User"
+ ]
+}
+```
+
v1.0 Group Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-assignlicense.md
In the request body, provide a JSON object with the following parameters.
| Parameter | Type |Description| |:|:--|:-| |addLicenses|[assignedLicense](../resources/assignedlicense.md) collection|A collection of [assignedLicense](../resources/assignedlicense.md) objects that specify the licenses to add. You can disable servicePlans associated with a license by setting the **disabledPlans** property on an [assignedLicense](../resources/assignedlicense.md) object.|
-|removeLicenses|GUID collection|A collection of skuIds that identify the licenses to remove.|
+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|
## Response
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To remove members from a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group List Settings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-list-settings.md
+
+ Title: "List settings"
+description: "Retrieve a list of directory setting objects."
+
+ms.localizationpriority: medium
++
+# List settings
+
+Namespace: microsoft.graph
++
+Retrieve a list of tenant-level or group-specific group settings objects.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+### List tenant-wide settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Directory.Read.All, Directory.ReadWrite.All |
+
+### List group-specific settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Group.Read.All, Group.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+List tenant-wide or group settings
+```http
+GET /settings
+```
+
+<!-- { "blockType": "ignored" } -->
+List group-specific settings
+```http
+GET /groups/{groupId}/settings
+```
+
+## Optional query parameters
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
+
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [directorySetting](../resources/directorysetting.md) objects in the response body.
+
+## Example
+
+### Request
+Here is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_settings_1"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/settings
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.directorySetting",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings",
+ "value": [
+ {
+ "id": "f0b2d6f5-097d-4177-91af-a24e530b53cc",
+ "displayName": "Group.Unified",
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "CustomBlockedWordsList",
+ "value": ""
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "ClassificationDescriptions",
+ "value": ""
+ },
+ {
+ "name": "DefaultClassification",
+ "value": ""
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ },
+ {
+ "name": "AllowGuestsToBeGroupOwner",
+ "value": "false"
+ },
+ {
+ "name": "AllowGuestsToAccessGroups",
+ "value": "true"
+ },
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "GroupCreationAllowedGroupId",
+ "value": ""
+ },
+ {
+ "name": "AllowToAddGuests",
+ "value": "true"
+ },
+ {
+ "name": "UsageGuidelinesUrl",
+ "value": ""
+ },
+ {
+ "name": "ClassificationList",
+ "value": ""
+ },
+ {
+ "name": "EnableGroupCreation",
+ "value": "true"
+ }
+ ]
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "List settings",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Group List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-list.md
Content-type: application/json
} ``` +
+### Example 8: List any groups with any licenses
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_groups_with_licenses"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/groups?$select=id,assignedLicenses&$filter=assignedLicenses/any()
+```
+
+#### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.group",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#groups(id,assignedLicenses)",
+ "value": [
+ {
+ "id": "5caf712c-8483-4b3d-8384-d8da988c0ca4",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [],
+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
+ }
+ ]
+ },
+ {
+ "id": "aae8ec2a-5a08-4013-ae70-fafbb5c20de1",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "7547a3fe-08ee-4ccb-b430-5077c5041653"
+ ],
+ "skuId": "18181a46-0d4e-45cd-891e-60aabd171b4e"
+ }
+ ]
+ },
+ {
+ "id": "e55bdaa0-e104-479a-979e-b0457fff6380",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "7547a3fe-08ee-4ccb-b430-5077c5041653"
+ ],
+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
+ }
+ ]
+ }
+ ]
+}
+```
++ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Group Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To add members to a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Post Settings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-post-settings.md
Title: "Create a directory setting on groups"
+ Title: "Create settings"
description: "Use this API to create a new directory setting for the group." ms.localizationpriority: medium
ms.prod: "groups"
doc_type: apiPageType
-# Create a directory setting on groups
+# Create settings
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Use this API to create a new directory setting for the group.
+Create a new setting based on the templates available in [directorySettingTemplates](../resources/directorysettingtemplate.md). These settings can be at the tenant-level or at the group level.
+
+Group settings apply to only Microsoft 365 groups. The template named `Group.Unified` can be used to configure tenant-wide Microsoft 365 group settings, while the template named `Group.Unified.Guest` can be used to configure group-specific settings.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Application | Directory.ReadWrite.All | ## HTTP request+
+Create a tenant-wide setting.
+<!-- { "blockType": "ignored" } -->
+```http
+POST /settings
+```
+
+Create a group-specific setting.
<!-- { "blockType": "ignored" } --> ```http POST /groups/{id}/settings ```+ ## Request headers | Name | Description| |:|:-|
In the request body, supply a JSON representation of [directorySetting](../resou
If successful, this method returns `201 Created` response code and [directorySetting](../resources/directorysetting.md) object in the response body.
-## Example
-### Request
+## Examples
+
+### Example 1: Create a setting to block guests for a specific Microsoft 365 group
+
+#### Request
The following is an example of the request. # [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "create_directorysetting_from_group"
+ "name": "create_groupsetting_from_groupsettings_for_guests"
}--> ```http
-POST https://graph.microsoft.com/beta/groups/{id}/settings
+POST https://graph.microsoft.com/beta/groups/05aa6a98-956a-45c0-b13b-88076a23f2cd/settings
Content-type: application/json {
- "directorySetting": {
- "displayName": "displayName-value",
- "templateId": "templateId-value",
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
"values": [
- {
- "name": "name-value",
- "value": "value-value"
- }
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
]
- }
} ``` # [C#](#tab/csharp)
Content-type: application/json
-### Response
+#### Response
The following is an example of the response. >**Note:** The response object shown here might be shortened for readability. <!-- {
HTTP/1.1 201 Created
Content-type: application/json {
- "directorySetting": {
- "id": "id-value",
- "displayName": "displayName-value",
- "templateId": "templateId-value",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",
+ "id": "a06fa228-3042-4662-bd09-33e298da1afe",
+ "displayName": null,
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
+}
+```
+
+### Example 2: Create a directory or tenant-level setting
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_directorysettings"
+}-->
+```msgraph-interactive
+POST https://graph.microsoft.com/beta/settings
+Content-type: application/json
+
+{
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ }
+ ]
+}
+```
+
+#### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.directorySetting"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#settings/$entity",
+ "id": "844d252c-4de2-43eb-a784-96df77231aae",
+ "displayName": null,
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
"values": [
- {
- "name": "name-value",
- "value": "value-value"
- }
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ }
]
- }
} ```
v1.0 Identityapiconnector Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-create.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someotherapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-get.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"GUID",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Uploadclientcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityapiconnector-uploadclientcertificate.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/apiConnectors/$entity",
- "id": "guid",
+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "My API connector", "targetUrl": "https://api.contoso.com/endpoint", "authenticationConfiguration": {
v1.0 Identityprotectionroot List Riskyserviceprincipals https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityprotectionroot-list-riskyserviceprincipals.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_riskyserviceprincipal"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Identityprotectionroot List Serviceprincipalriskdetections https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/identityprotectionroot-list-serviceprincipalriskdetections.md
If successful, this method returns a `200 OK` response code and a collection of
#### Request The following is an example of the request.+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_serviceprincipalriskdetection"
The following is an example of the request.
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response
Content-Type: application/json
#### Request The following example shows how to use `$filter` to get the collection of service principal risk detections where the risk level is `medium` or the risk event type is `investigationsThreatIntelligence`. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_filter_serviceprincipalriskdetection"
The following example shows how to use `$filter` to get the collection of servic
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections?$filter=riskEventType eq 'investigationsThreatIntelligence' or riskLevel eq 'medium' ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response The following is an example of the response.
v1.0 Itemactivity Getbyinterval https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/itemactivity-getbyinterval.md
description: "Get itemActivityStats for the activities that took place under this resource within the specified time interval." Previously updated : 10/06/2017 Title: Get item activity stats by interval ms.localizationpriority: medium doc_type: apiPageType # Get item activity stats by interval
Get [itemActivityStats][] for the activities that took place under this resource
Analytics aggregates might not be available for all action types.
-[itemActivityStats]: ../resources/itemactivitystat.md
- ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged)
-|:--|:-
-|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
-|Delegated (personal Microsoft account) | Not supported.
-|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
+|Permission type | Permissions (from least to most privileged)|
+|:--|:-|
+|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
## HTTP request
GET /sites/{site-id}/lists/{list-id}/items/{item-id}/getActivitiesByInterval(sta
| endDateTime | string (timestamp) | The end time over which to aggregate activities. | interval | string | The aggregation interval.
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [itemActivityStats][] object in the response body.
+ ## Example
-#### Request
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get-activities-by-interval" } -->
GET /drives/{drive-id}/items/{item-id}/getActivitiesByInterval(startDateTime='20
-#### Response
+### Response
+
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "Collection(microsoft.graph.itemActivityStat)", "truncated": true } -->
Content-type: application/json
} ```
+[itemActivityStats]: ../resources/itemactivitystat.md
+ <!-- { "type": "#page.annotation",
v1.0 Itemanalytics Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/itemanalytics-get.md
description: "Get itemAnalytics about the views that took place under this resource." Previously updated : 10/06/2017 Title: Get analytics ms.localizationpriority: medium doc_type: apiPageType
For a custom time range or interval, use the [getActivitiesByInterval][] API.
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged)
-|:--|:-
-|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
-|Delegated (personal Microsoft account) | Not supported.
-|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
+|Permission type | Permissions (from least to most privileged)|
+|:--|:-|
+|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
## HTTP request
GET /sites/{site-id}/analytics
GET /sites/{site-id}/lists/{list-id}/items/{item-id}/analytics ```
+## Optional query parameters
+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [itemAnalytics][] object in the response body.
+ ## Example
-#### Request
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get-analytics" } -->
GET /drives/{drive-id}/items/{item-id}/analytics
-#### Response
+### Response
+
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "microsoft.graph.itemAnalytics", "truncated": true } -->
v1.0 List Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/list-create.md
description: "Create a new list in a site." Previously updated : 09/11/2017 Title: Create a SharePoint List ms.localizationpriority: medium ms.prod: "sharepoint"
One of the following permissions is required to call this API. To learn more, in
POST https://graph.microsoft.com/beta/sites/{site-id}/lists ```
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+ ## Request body
-In the request body, supply a JSON representation of the [list][] resource to create.
+In the request body, supply a JSON representation of a [list][] object.
+
+## Response
-## Example
+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.
-Here is an example of how to create a new generic list.
+## Examples
+
+### Request
+
+The following is an example of how to create a new generic list.
+
+> **Note:** Custom columns are optional.
+
+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
+If the **list** facet or **template** is not specified, the list defaults to the `genericList` template, which includes a _Title_ column.
# [HTTP](#tab/http)
Content-Type: application/json
-**Note:** Custom columns are optional.
-
-In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
-If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
+### Response
-## Response
+The following is an example of the response.
-If successful, this method returns a [list][] in the response body for the created list.
+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.list", "truncated": true } -->
Content-type: application/json
} ```
-**Note:** The response object is truncated for clarity.
-Default properties will be returned from the actual call.
- [list]: ../resources/list.md [site]: ../resources/site.md
v1.0 Manageddevice Bulkrestorecloudpc https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/manageddevice-bulkrestorecloudpc.md
+
+ Title: "managedDevice: bulkRestoreCloudPc"
+description: "Restore multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices and a restore point date and time."
+
+ms.localizationpriority: medium
++
+# managedDevice: bulkRestoreCloudPc
+Namespace: microsoft.graph
++
+Restore multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices and a restore point date and time.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /deviceManagement/managedDevices/bulkRestoreCloudPc
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the parameters.
+
+The following table shows the parameters that can be used with this action.
+
+|Parameter|Type|Description|
+|:|:|:|
+|managedDeviceIds|String collection|The IDs of the Cloud PC devices.|
+|restorePointDateTime|DateTimeOffset|The UTC time point for the selected Cloud PC devices to restore to a previous state. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is '2014-01-01T00:00:00Z'.|
+|timeRange|[restoreTimeRange](#restoretimerange-values)|The time range of the restore point. Possible values are: `before`, `after`, `beforeOrAfter`, `unknownFutureValue`.|
+
+### restoreTimeRange values
+
+|Member|Description|
+|:|:|
+|before|Choose the closest snapshot before the selected time point.|
+|after|Choose the closest snapshot after the selected time point.|
+|beforeOrAfter|Choose the closest snapshot around the selected time point.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
+
+## Response
+
+If successful, this action returns a `200 OK` response code and a [cloudPcBulkRemoteActionResult](../resources/cloudpcbulkremoteactionresult.md) in the response body.
+
+## Examples
+
+### Request
+The following is an example of a request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "manageddevicethis.bulkrestorecloudpc"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/deviceManagement/managedDevices/bulkRestoreCloudPc
+Content-Type: application/json
+Content-length: 123
+
+{
+ "managedDeviceIds": [
+ "30d0e128-de93-41dc-89ec-33d84bb662a0",
+ "7c82a3e3-9459-44e4-94d9-b92f93bf78dd"
+ ],
+ "restorePointDateTime": "2021-09-23T04:00:00.0000000",
+ "timeRange": "before"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.cloudPcBulkRemoteActionResult"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "microsoft.graph.cloudPcBulkRemoteActionResult",
+ "successfulDeviceIds": [
+ "30d0e128-de93-41dc-89ec-33d84bb662a0"
+ ],
+ "failedDeviceIds": [
+ "7c82a3e3-9459-44e4-94d9-b92f93bf78dd"
+ ],
+ "notFoundDeviceIds": [
+ ],
+ "notSupportedDeviceIds": [
+ ]
+ }
+}
+```
v1.0 Manageddevice Restorecloudpc https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/manageddevice-restorecloudpc.md
+
+ Title: "managedDevice: restoreCloudPc"
+description: "Restore a Cloud PC device to a previous state from a snapshot."
+
+ms.localizationpriority: medium
++
+# managedDevice: restoreCloudPc
+Namespace: microsoft.graph
++
+Restore a Cloud PC device to a previous state from a snapshot.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /deviceManagement/managedDevices/{managedDeviceId}/restoreCloudPc
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the parameters.
+
+The following table shows the parameters that can be used with this action.
+
+|Parameter|Type|Description|
+|:|:|:|
+|cloudPcSnapshotId|String|The unique identifier for the snapshot of the Cloud PC device at a specific point in time.|
+++
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+The following is an example of a request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "manageddevicethis.restorecloudpc"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/deviceManagement/managedDevices/5e1387aa-d960-4916-ae7c-293b977e49bf/restoreCloudPc
+Content-Type: application/json
+Content-length: 37
+
+{
+ "cloudPcSnapshotId": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Organizationalbranding Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organizationalbranding-get.md
The following example returns the **bannerLogo** object which hadn't been set fo
The following is an example of the request. +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_organizationalbranding_frlocale_bannerLogo"
The following is an example of the request.
```msgraph-interactive GET https://graph.microsoft.com/beta/organization/d69179bf-f4a4-41a9-a9de-249c0f2efb1d/branding/localizations/default/bannerLogo ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ #### Response
v1.0 Organizationalbranding Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organizationalbranding-update.md
The following is an example of the request.
+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_organizationalbrandinglocaliation_2"
Content-Type: image/jpeg
<Image> ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+++
v1.0 Outlookuser Post Mastercategories https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/outlookuser-post-mastercategories.md
POST /users/{id|userPrincipalName}/outlook/masterCategories
| Name | Description| |:|:-| | Authorization | Bearer {token}. Required. |-
+|Content-Type|application/json. Required.|
## Request body
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.
## Response
-If successful, this method returns `201 Created` response code and [outlookCategory](../resources/outlookcategory.md) object in the response body.
+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
Content-Length: 70 {
- "displayName":"Project expenses",
- "color":"preset9"
+ "displayName": "Project expenses",
+ "color": "preset9"
} ``` # [C#](#tab/csharp)
Content-Length: 70
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-type: application/json {
- "@odata.context":"https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
- "id":"bac262b7-485d-4739-b436-e31467d64fac",
- "displayName":"Project expenses",
- "color":"preset9"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
+ "id": "bac262b7-485d-4739-b436-e31467d64fac",
+ "displayName": "Project expenses",
+ "color": "preset9"
} ```
v1.0 Participant Invite https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/participant-invite.md
Title: "participant: invite" description: "Invite participants to the active call."-+ ms.localizationpriority: medium ms.prod: "cloud-communications" doc_type: apiPageType
Invite participants to the active call.
For more information about how to handle operations, see [commsoperation](../resources/commsoperation.md).
->**Note:** This API is only supported for group calls.
+>**Note:** Inviting multiple participants in one request is only supported for group calls.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
In the request body, provide a JSON object with the following parameters.
|clientContext|String|Unique Client Context string. Max limit is 256 chars.| ## Response
-If succsessful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.
+If successful, this method returns a `200 OK` response code and a Location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request. The body of the response contains the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created.
>**Note:** When this API returns a successful response, all participants will receive a roster update.
The following examples show how to call this API.
> **Note:** The response objects might be shortened for readability. All the properties will be returned from an actual call.
-### Example 1: Invite one participant to an existing group call
+### Example 1: Invite one participant to an existing call
#### Request
v1.0 Participant Stopholdmusic https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/participant-stopholdmusic.md
Location: https://graph.microsoft.com/beta/communications/calls/e141b67c-90fd-45
{ "@odata.type": "#microsoft.graph.stopHoldMusicOperation", "id": "0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "status": "running",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c"
-}
-```
-
-### Notification sent to the application after the stopHoldMusicOperation finishes
-
-```http
-POST https://bot.contoso.com/api/calls
-Content-Type: application/json
-```
-
-<!-- {
- "blockType": "example",
- "@odata.type": "microsoft.graph.commsNotifications"
-}-->
-```json
-{
- "@odata.type": "#microsoft.graph.commsNotifications",
- "value": [
- {
- "@odata.type": "#microsoft.graph.commsNotification",
- "changeType": "deleted",
- "resourceUrl": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "resourceData": {
- "@odata.type": "#microsoft.graph.stopHoldMusicOperation",
- "@odata.id": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "@odata.etag": "W/\"54451\"",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
- "status": "completed"
- }
- }
- ]
+ "status": "completed",
+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
+ "resultInfo": null
} ```
v1.0 Rbacapplication List Transitiveroleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-list-transitiveroleassignments.md
+
+ Title: "List transitiveRoleAssignment"
+description: "List direct and transitive role assignments for a specific principal."
+ms.localizationpriority: medium
+++
+# List transitiveRoleAssignment
+
+Namespace: microsoft.graph
++
+Get the list of direct and transitive [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects for a specific principal. For example, if a user is assigned an Azure AD role through group membership, the role assignment is transitive, and this request will list the group's ID as the **principalId**. Results can also be filtered by the **roleDefinitionId** and **directoryScopeId**. Supported only for directory (Azure AD) provider.
+
+For more information, see [Use Azure AD groups to manage role assignments](/azure/active-directory/roles/groups-concept).
+
+> [!NOTE]
+> This request might have replication delays for role assignments that were recently created, updated, or deleted.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+
+## HTTP request
+
+To list transitive role assignments for a directory provider:
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+```http
+GET /roleManagement/directory/transitiveRoleAssignments?$filter=principalId eq '{principalId}'
+```
+
+## Optional query parameters
+
+This method supports the `$count`, `$filter` (`eq`), and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). You can filter by the **principalId**, **roleDefinitionId** and **directoryScopeId** to retrieve both direct and transitive role assignments for a principal.
+
+## Request headers
+
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token} Required. |
+| ConsistencyLevel | eventual. This header, `$count`, and `$filter` are required. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries). |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignment](../resources/unifiedroleassignment.md) objects in the response body.
+
+## Examples
+For the examples in this section, consider the following role assignment scenario. A user named Alice has both direct and transitive role assignments as follows:
+
+| User | Group | Role | Scope | Role assignment ID |
+| :: | :: | :: | :: | :: |
+| Alice<br/>`2c7936bc-3517-40f3-8eda-4806637b6516` | | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA1<br/>`857708a7-b5e0-44f9-bfd7-53531d72a739` |
+| | G1<br/>`ae2fc327-4c71-48ed-b6ca-f48632186510`<br/>(Alice is a member) | User Administrator<br/>`fe930be7-5e62-47db-91af-98c3a49a38b1` | Tenant | RA2<br/>`8a021d5f-7351-4713-aab4-b088504d476e` |
+| | G2<br/>`6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8`<br/>(Alice is a member) | Helpdesk Administrator<br/>`729827e3-9c14-49f7-bb1b-9608f156bbb8` | Administrative unit (AU1)<br/>`26e79164-0c5c-4281-8c5b-be7bc7809fb2` | RA3<br/>`6cc86637-13c8-473f-afdc-e0e65c9734d2` |
+++ Alice is assigned the User Administrator role directly at tenant scope with role assignment RA1. ++ Alice is member of a group G1 and G1 is assigned the User Administrator role at tenant scope with role assignment RA2.++ Alice is also a member of group G2 and G2 is assigned the Helpdesk Administrator role at an administrative unit AU1 scope with role assignment RA3.+
+### Example 1 : Get direct and transitive role assignments of a principal
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_all"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516'
+ConsistencyLevel: eventual
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",
+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",
+ "principalId": "ae2fc327-4c71-48ed-b6ca-f48632186510",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",
+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
+ }
+ ]
+}
+```
+
+### Example 2: Get direct and transitive assignments of a principal, but only specific role definitions
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_transitive"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and roleDefinitionId eq 'fe930be7-5e62-47db-91af-98c3a49a38b1'
+ConsistencyLevel: eventual
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "857708a7-b5e0-44f9-bfd7-53531d72a739",
+ "principalId": "2c7936bc-3517-40f3-8eda-4806637b6516",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ },
+ {
+ "id": "8a021d5f-7351-4713-aab4-b088504d476e",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/",
+ "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
+ }
+ ]
+}
+```
+
+### Example 3: Get direct and transitive role assignments of a principal, but only administrative unit scoped
+
+#### Request
+
+The following is an example of the request. This request requires the **ConsistencyLevel** header set to `eventual` and the `$count=true` and `$filter` query parameters. For more information about the use of **ConsistencyLevel**, `$count`, and `$filter`, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_tenantscoped"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/directory/transitiveRoleAssignments?$count=true&$filter=principalId eq '2c7936bc-3517-40f3-8eda-4806637b6516' and directoryScopeId eq '/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2'
+ConsistencyLevel: eventual
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++++
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment",
+ "isCollection": true
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/transitiveRoleAssignments",
+ "value": [
+ {
+ "id": "6cc86637-13c8-473f-afdc-e0e65c9734d2",
+ "principalId": "6ffb34b8-5e6d-4727-a7f9-93245e7f6ea8",
+ "directoryScopeId": "/administrativeUnits/26e79164-0c5c-4281-8c5b-be7bc7809fb2",
+ "roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
+ }
+ ]
+}
+```
v1.0 Rbacapplicationmultiple List Resourcenamespaces https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplicationmultiple-list-resourcenamespaces.md
+
+ Title: "List resourceNamespaces"
+description: "Get a list of the unifiedRbacResourceNamespace objects and their properties."
+
+ms.localizationpriority: medium
++
+# List resourceNamespaces
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces
+```
+
+## Optional query parameters
+This method supports the `$filter` and `$select` OData query parameters to help customize the response. This method supports `$filter` for **id** and **name**. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects in the response body.
+
+## Examples
+
+The following example gets all resource namespaces.
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourcenamespace"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here has been shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceNamespace)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces",
+ "value": [
+ {
+ "id": "microsoft.aad.b2c",
+ "name": "microsoft.aad.b2c"
+ },
+ {
+ "id": "microsoft.aad.cloudAppSecurity",
+ "name": "microsoft.aad.cloudAppSecurity"
+ },
+ {
+ "id": "microsoft.directory",
+ "name": "microsoft.directory"
+ }
+ ]
+}
+```
v1.0 Riskyserviceprincipal Confirmcompromised https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-confirmcompromised.md
If successful, this action returns a `204 No Content` response code. It does not
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "riskyserviceprincipal_confirmcompromised"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal Dismiss https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-dismiss.md
If successful, this action returns a `204 No Content` response code. It does not
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "riskyserviceprincipal_dismiss"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-get.md
If successful, this method returns a `200 OK` response code and a [riskyServiceP
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_riskyserviceprincipal"
If successful, this method returns a `200 OK` response code and a [riskyServiceP
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/9089a539-a539-9089-39a5-899039a58990 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Riskyserviceprincipal List History https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/riskyserviceprincipal-list-history.md
If successful, this method returns a `200 OK` response code and a collection of
## Example ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_riskyserviceprincipalhistoryitem"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/identityProtection/riskyServicePrincipals/{riskyServicePrincipalId}/history ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ ### Response
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters+ This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
+> [!NOTE]
+> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedShift/startDateTime ge 2019-05-09T00:00:00Z and sharedShift/startDateTime le 2019-05-09T23:59:59Z`.
+ ## Request headers | Header | Value |
v1.0 Search Acronym Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-acronym-delete.md
+
+ Title: "Delete acronym"
+description: "Deletes an acronym object."
+
+ms.localizationpriority: medium
++
+# Delete acronym
+Namespace: microsoft.graph.search
++
+Deletes an [acronym](../resources/search-acronym.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /search/acronyms/{acronymsId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_acronym"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/search/acronyms/{acronymsId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Acronym Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-acronym-get.md
+
+ Title: "Get acronym"
+description: "Read the properties and relationships of an acronym object."
+
+ms.localizationpriority: medium
++
+# Get acronym
+Namespace: microsoft.graph.search
++
+Read the properties and relationships of an [acronym](../resources/search-acronym.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/acronyms/{acronymsId}
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [acronym](../resources/search-acronym.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_acronym"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/acronyms/{acronymsId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.acronym"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "DNN",
+ "standsFor": ["Deep Neural Network"],
+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers.",
+ "webUrl": "http://microsoft.com/deep-neural-network",
+ "state": "published",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ }
+}
+```
+
v1.0 Search Acronym Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-acronym-update.md
+
+ Title: "Update acronym"
+description: "Update the properties of an acronym object."
+
+ms.localizationpriority: medium
++
+# Update acronym
+Namespace: microsoft.graph.search
++
+Update the properties of an [acronym](../resources/search-acronym.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /search/acronyms/{acronymsId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [acronym](../resources/search-acronym.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.
+
+|Property|Type|Description|
+|:|:|:|
+|description|String|A brief description of the acronym that gives users more info about the acronym and what it stands for. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|displayName|String|The actual short form or acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|standsFor|String collection|What the acronym stands for.|
+|state|microsoft.graph.search.answerState|State of the acronym. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|webUrl|String|The URL of the page or website where users can go for more information about the acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+++
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_acronym"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/search/acronyms/{acronymsId}
+Content-Type: application/json
+
+{
+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers."
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Bookmark Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-bookmark-delete.md
+
+ Title: "Delete bookmark"
+description: "Delete a bookmark object."
+
+ms.localizationpriority: medium
++
+# Delete bookmark
+Namespace: microsoft.graph.search
++
+Delete a [bookmark](../resources/search-bookmark.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /search/bookmarks/{bookmarksId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_bookmark"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/search/bookmarks/{bookmarkId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Bookmark Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-bookmark-get.md
+
+ Title: "Get bookmark"
+description: "Read the properties and relationships of a bookmark object."
+
+ms.localizationpriority: medium
++
+# Get bookmark
+Namespace: microsoft.graph.search
++
+Read the properties and relationships of a [bookmark](../resources/search-bookmark.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/bookmarks/{bookmarksId}
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [bookmark](../resources/search-bookmark.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_bookmark"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/bookmarks/{bookmarksId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.bookmark"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "Italy Holiday",
+ "webUrl": "http://www.margiestravel.com/",
+ "description": "Book a fancy vacation in Tuscany or browse museums in Florence.",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ },
+ "keywords": {
+ "keywords": ["Vacation in Europe", "Holiday in Europe"],
+ "reservedKeywords": ["Vacation in Italy"],
+ "matchSimilarKeywords": true
+ },
+ "categories": ["HR"],
+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",
+ "availabilityEndDateTime": "2020-11-21T20:01:37Z",
+ "languageTags": ["en-US"],
+ "platforms": ["ios"],
+ "groupIds": ["groupId"],
+ "targetedVariations": null,
+ "powerAppIds": ["powerAppId"],
+ "state": "published",
+ "isSuggested": false
+}
+```
+
v1.0 Search Bookmark Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-bookmark-update.md
+
+ Title: "Update bookmark"
+description: "Update the properties of a bookmark object."
+
+ms.localizationpriority: medium
++
+# Update bookmark
+Namespace: microsoft.graph.search
++
+Update the properties of a [bookmark](../resources/search-bookmark.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /search/bookmarks/{bookmarksId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [bookmark](../resources/search-bookmark.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.
+>**Note:** Updates to collection properties will update the entire collection. Any updates to a collection, such as keywords or categories, will replace the collection entirely.
+
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|Bookmark name displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Bookmark description shown on search results page. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Bookmark URL link. When users click this bookmark in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|categories|String collection|Categories commonly used to describe this bookmark. For example, IT and HR.|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the bookmark will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the bookmark will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|List of countries or regions able to view this bookmark.|
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this bookmark. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a bookmark for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|powerAppIds|String collection|List of Power Apps associated with this bookmark. If users add existing Power Apps to a bookmark, they can complete tasks, such as to enter vacation time or to report expenses on the search results page.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this bookmark to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the bookmark. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|groupIds|String collection|List of security groups able to view this bookmark.|
+++
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "update_bookmark"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/search/bookmarks/{bookmarksId}
+Content-Type: application/json
+
+{
+ "description": "Book a fancy vacation in Tuscany or browse museums in Florence."
+}
+
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Qna Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-qna-delete.md
+
+ Title: "Delete qna"
+description: "Delete a qna object."
+
+ms.localizationpriority: medium
++
+# Delete qna
+Namespace: microsoft.graph.search
++
+Delete a [qna](../resources/search-qna.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /search/qnas/{qnaId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_qna"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/beta/search/qnas/{qnaId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Qna Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-qna-get.md
+
+ Title: "Get qna"
+description: "Read the properties and relationships of a qna object."
+
+ms.localizationpriority: medium
++
+# Get qna
+Namespace: microsoft.graph.search
++
+Read the properties and relationships of a [qna](../resources/search-qna.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/qnas/{qnaId}
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [qna](../resources/search-qna.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_qna"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/qnas/{qnaId}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.qna"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "Global Country Holidays",
+ "webUrl": "http://www.contoso.com/",
+ "description": "The dates that Contoso offices will be closed to observe holidays. These dates may differ from the actual date of the holiday in cases where the holiday falls on a weeΓÇïkend.",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ },
+ "keywords": {
+ "keywords": ["new years day", "martin luther king day", "presidents day", "memorial day", "independence day", "labor day", "thanksgiving", "christmas"],
+ "reservedKeywords": ["holidays", "paid days off"],
+ "matchSimilarKeywords": true
+ },
+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",
+ "availabilityEndDateTime": "2021-12-31T20:01:37Z",
+ "languageTags": ["en-US"],
+ "platforms": ["ios"],
+ "groupIds": ["groupId"],
+ "targetedVariations": null,
+ "state": "published"
+}
+```
+
v1.0 Search Qna Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-qna-update.md
+
+ Title: "Update qna"
+description: "Update the properties of a qna object."
+
+ms.localizationpriority: medium
++
+# Update qna
+Namespace: microsoft.graph.search
++
+Update the properties of a [qna](../resources/search-qna.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /search/qna/{qnaId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [qna](../resources/search-qna.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.
+>**Note:** Updates to collection properties will update the entire collection. Any updates to a collection, such as keywords or categories, will replace the collection entirely.
+
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|Question displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Answer displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Qna URL link. When users click this qna in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the qna will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the qna will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|List of countries or regions able to view this qna.|
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this qna. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a qna for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this qna to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the qna. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|groupIds|String collection|List of security groups able to view this qna.|
+++
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_qna"
+}-->
+``` http
+PATCH https://graph.microsoft.com/beta/search/qna/{qnaId}
+Content-Type: application/json
+
+{
+ "description": "The dates that Contoso offices will be closed to observe holidays. These dates may differ from the actual date of the holiday in cases where the holiday falls on a weeΓÇïkend."
+}
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Search Searchentity List Acronyms https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-list-acronyms.md
+
+ Title: "List acronyms"
+description: "Get a list of the acronym objects and their properties."
+
+ms.localizationpriority: medium
++
+# List acronyms
+Namespace: microsoft.graph.search
++
+Get a list of the [acronym](../resources/search-acronym.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/acronyms
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [acronym](../resources/search-acronym.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_acronym"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/acronyms
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.acronym",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+ {
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "DNN",
+ "standsFor": ["Deep Neural Network"],
+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers.",
+ "webUrl": "http://microsoft.com/deep-neural-network",
+ "state": "published",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ }
+ }
+]
+```
+
v1.0 Search Searchentity List Bookmarks https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-list-bookmarks.md
+
+ Title: "List bookmarks"
+description: "Get a list of bookmark objects and their properties."
+
+ms.localizationpriority: medium
++
+# List bookmarks
+Namespace: microsoft.graph.search
++
+Get a list of [bookmark](../resources/search-bookmark.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/bookmarks
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData query parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [bookmark](../resources/search-bookmark.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_bookmark"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/bookmarks
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.bookmark",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+ {
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "Italy Holiday",
+ "webUrl": "http://www.margiestravel.com/",
+ "description": "Book a fancy vacation in Tuscany or browse museums in Florence.",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ },
+ "keywords": {
+ "keywords": ["Vacation in Europe", "Holiday in Europe"],
+ "reservedKeywords": ["Vacation in Italy"],
+ "matchSimilarKeywords": true
+ },
+ "categories": ["HR"],
+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",
+ "availabilityEndDateTime": "2020-11-21T20:01:37Z",
+ "languageTags": ["en-US"],
+ "platforms": ["ios"],
+ "groupIds": ["groupId"],
+ "targetedVariations": null,
+ "powerAppIds": ["powerAppId"],
+ "state": "published",
+ "isSuggested": false
+ }
+]
+```
+
v1.0 Search Searchentity List Qnas https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-list-qnas.md
+
+ Title: "List qnas"
+description: "Get a list of the qna objects and their properties."
+
+ms.localizationpriority: medium
++
+# List qnas
+Namespace: microsoft.graph.search
++
+Get a list of the [qna](../resources/search-qna.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /search/qnas
+```
+
+## Optional query parameters
+This method supports the `select`, `expand`, `filter`, `orderBy`, `maxTop`, and `count` [OData Query Parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [qna](../resources/search-qna.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_qna"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/search/qnas
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.qna",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+[
+ {
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897",
+ "displayName": "Global Country Holidays",
+ "webUrl": "http://www.contoso.com/",
+ "description": "The dates that Contoso offices will be closed to observe holidays. These dates may differ from the actual date of the holiday in cases where the holiday falls on a weeΓÇïkend. <table> <thead> <tr> <td><strong>2021 Dates</strong></td> <td><strong>Holiday</strong></td> </tr> </thead> <tbody> <tr> <td>January 1, 2021</td> <td>New Year's Day</td> </tr> <tr> <td>January 18, 2021</td> <td>Martin Luther King Day</td> </tr> <tr> <td>February 15, 2021</td> <td>Presidents Day</td> </tr> <tr> <td>May 31, 2021</td> <td>Memorial Day</td> </tr> <tr> <td>July 5, 2021</td> <td>Independence Day</td> </tr> <tr> <td>September 6, 2021</td> <td>Labor Day</td> </tr> <tr> <td>November 25, 2021 - November 26, 2021</td> <td>Thanksgiving Day and Day after Thanksgiving</td> </tr> <tr> <td>December 23, 2021 - December 24, 2021</td> <td>Christmas Eve and Christmas Day</td> </tr> </tbody> </table>",
+ "lastModifiedDateTime": "2016-03-21T20:01:37Z",
+ "lastModifiedBy": {
+ "user": {
+ "id": "efee1b77-fb3b-4f65-99d6-274c11914d12",
+ "displayName": "Amalie Larsen"
+ }
+ },
+ "keywords": {
+ "keywords": ["new years day", "martin luther king day", "presidents day", "memorial day", "independence day", "labor day", "thanksgiving", "christmas"],
+ "reservedKeywords": ["holidays", "paid days off"],
+ "matchSimilarKeywords": true
+ },
+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",
+ "availabilityEndDateTime": "2021-12-31T20:01:37Z",
+ "languageTags": ["en-US"],
+ "platforms": ["ios"],
+ "groupIds": ["groupId"],
+ "targetedVariations": null,
+ "state": "published"
+ }
+]
+```
+
v1.0 Search Searchentity Post Acronyms https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-post-acronyms.md
+
+ Title: "Create acronym"
+description: "Create a new acronym object."
+
+ms.localizationpriority: medium
++
+# Create acronym
+Namespace: microsoft.graph.search
++
+Create a new [acronym](../resources/search-acronym.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /search/acronyms
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [acronym](../resources/search-acronym.md) object.
+
+The following table shows the properties that are available when you create an [acronym](../resources/search-acronym.md).
+
+|Property|Type|Description|
+|:|:|:|
+|description|String|A brief description of the acronym that gives users more info about the acronym and what it stands for. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|displayName|String|The actual short form or acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|standsFor|String collection|What the acronym stands for.|
+|state|microsoft.graph.search.answerState|State of the acronym. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|webUrl|String|The URL of the page or website where users can go for more information about the acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+++
+## Response
+
+If successful, this method returns a `200 Ok` response code.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_acronym_from_acronyms"
+}-->
+```http
+POST https://graph.microsoft.com/beta/search/acronyms
+Content-Type: application/json
+
+{
+ "displayName": "DNN",
+ "standsFor": "Deep Neural Network",
+ "description": "A deep neural network is a neural network with a certain level of complexity, a neural network with more than two layers.",
+ "webUrl": "http://microsoft.com/deep-neural-network",
+ "state": "draft"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+Here is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.acronym"
+}-->
+```http
+HTTP/1.1 200 Ok
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897"
+}
+```
+
v1.0 Search Searchentity Post Bookmarks https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-post-bookmarks.md
+
+ Title: "Create bookmark"
+description: "Create a new bookmark object."
+
+ms.localizationpriority: medium
++
+# Create bookmark
+Namespace: microsoft.graph.search
++
+Create a new [bookmark](../resources/search-bookmark.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}-->
+```http
+POST /search/bookmarks
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [bookmark](../resources/search-bookmark.md) object.
+
+The following table shows the properties that are available when you create a [bookmark](../resources/search-bookmark.md).
+
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|Bookmark name displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Bookmark description shown on search results page. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Bookmark URL link. When users click this bookmark in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|categories|String collection|Categories commonly used to describe this bookmark. For example, IT and HR.|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the bookmark will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the bookmark will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|List of countries or regions able to view this bookmark.|
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this bookmark. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a bookmark for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|powerAppIds|String collection|List of Power Apps associated with this bookmark. If users add existing Power Apps to a bookmark, they can complete tasks, such as to enter vacation time or to report expenses on the search results page.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this bookmark to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the bookmark. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|groupIds|String collection|List of security groups able to view this bookmark.|
+++
+## Response
+
+If successful, this method returns a `201 Created` response code with the ID of the bookmark created.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_bookmark_from_bookmarks"
+}-->
+```http
+POST https://graph.microsoft.com/beta/search/bookmarks
+Content-Type: application/json
+
+{
+ "displayName": "Contoso Install Site",
+ "webUrl": "http://www.contoso.com/",
+ "description": "Try or buy Contoso for Home or Business and view product information",
+ "keywords": {
+ "keywords": ["Contoso", "install"],
+ "reservedKeywords": ["Contoso"],
+ "matchSimilarKeywords": true
+ },
+ "availabilityStartDateTime": null,
+ "availabilityEndDateTime": null,
+ "platforms": ["windows"],
+ "targetedVariations": [
+ {
+ "languageTag": "es-ES",
+ "displayName": "Sitio de instalaci├│n Contoso",
+ "description": "Pruebe o compre Contoso hogar o negocios y vea la informaci├│n del producto"
+ }
+ ],
+ "groupIds": ["groupId"],
+ "powerAppIds": ["powerAppId"],
+ "state": "published"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+Here is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.bookmark"
+}-->
+```http
+HTTP/1.1 201 CREATED
+Location: /733b26d5-af76-4eea-ac69-1a0ce8716897
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897"
+}
+```
+
v1.0 Search Searchentity Post Qnas https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/search-searchentity-post-qnas.md
+
+ Title: "Create qna"
+description: "Create a new qna object."
+
+ms.localizationpriority: medium
++
+# Create qna
+Namespace: microsoft.graph.search
++
+Create a new [qna](../resources/search-qna.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| SearchConfiguration.Read.All, SearchConfiguration.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /search/qnas
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [qna](../resources/search-qna.md) object.
+
+The following table shows the properties that are available when you create a [qna](../resources/search-qna.md).
+
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|Question displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Answer displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Qna URL link. When users click this qna in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the qna will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the qna will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|List of countries or regions able to view this qna.|
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this qna. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a qna for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this qna to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the qna. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|groupIds|String collection|List of security groups able to view this qna.|
+++
+## Response
+
+If successful, this method returns a `201 Created` response code with the ID of the question and answer created.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_qna_from_qnas"
+}-->
+```http
+POST https://graph.microsoft.com/beta/search/qnas
+Content-Type: application/json
+
+{
+ "displayName": "Global Country Holidays",
+ "webUrl": "http://www.contoso.com/",
+ "description": "The dates that Contoso offices will be closed to observe holidays. These dates may differ from the actual date of the holiday in cases where the holiday falls on a weeΓÇïkend. <table> <thead> <tr> <td><strong>2021 Dates</strong></td> <td><strong>Holiday</strong></td> </tr> </thead> <tbody> <tr> <td>January 1, 2021</td> <td>New Year's Day</td> </tr> <tr> <td>January 18, 2021</td> <td>Martin Luther King Day</td> </tr> <tr> <td>February 15, 2021</td> <td>Presidents Day</td> </tr> <tr> <td>May 31, 2021</td> <td>Memorial Day</td> </tr> <tr> <td>July 5, 2021</td> <td>Independence Day</td> </tr> <tr> <td>September 6, 2021</td> <td>Labor Day</td> </tr> <tr> <td>November 25, 2021 - November 26, 2021</td> <td>Thanksgiving Day and Day after Thanksgiving</td> </tr> <tr> <td>December 23, 2021 - December 24, 2021</td> <td>Christmas Eve and Christmas Day</td> </tr> </tbody> </table>",
+ "keywords": {
+ "keywords": ["new years day", "martin luther king day", "presidents day", "memorial day", "independence day", "labor day", "thanksgiving", "christmas"],
+ "reservedKeywords": ["holidays", "paid days off"],
+ "matchSimilarKeywords": true
+ },
+ "availabilityStartDateTime": "2020-09-21T20:01:37Z",
+ "availabilityEndDateTime": "2021-12-31T20:01:37Z",
+ "languageTags": ["en-US"],
+ "platforms": ["ios"],
+ "groupIds": ["groupId"],
+ "state": "published"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+### Response
+Here is an example of the response.
+<!--{
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.search.qna"
+}-->
+```http
+HTTP/1.1 201 CREATED
+Location: /733b26d5-af76-4eea-ac69-1a0ce8716897
+Content-Type: application/json
+
+{
+ "id": "733b26d5-af76-4eea-ac69-1a0ce8716897"
+}
+```
+
v1.0 Sectiongroup List Sectiongroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/sectiongroup-list-sectiongroups.md
GET https://graph.microsoft.com/beta/me/onenote/sectionGroups/{id}/sectionGroups
[!INCLUDE [sample-code](../includes/snippets/go/get-sectiongroups-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+ ##### Response
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-get.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Application.Read.All, Directory.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All |
+> [!NOTE]
+> A service principal can retrieve its own application and service principal details without being granted any application permissions.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
GET /servicePrincipals/{id}
``` ## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
This method supports the `$count`, `$expand`, `$filter`, `$orderBy`, `$search`, `$select`, and `$top` [OData query parameters](/graph/query-parameters) to help customize the response. Some queries are supported only when you use the **ConsistencyLevel** header set to `eventual` and `$count`. For more information, see [Advanced query capabilities on Azure AD directory objects](/graph/aad-advanced-queries).
v1.0 Serviceprincipal List Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-list-approleassignedto.md
For example, if the resource service principal is the service principal for the
If the resource service principal is an application that has app roles granted to users and groups, this will return all the users and groups assigned app roles for this application.
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal List Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-list-approleassignments.md
Retrieve the list of [appRoleAssignment](../resources/approleassignment.md) that
App roles that are assigned to service principals are also known as [application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types). Application permissions can be granted directly by creating app role assignments, or through a [consent experience](/azure/active-directory/develop/application-consent-experience). +
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the servicePrincipal's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the servicePrincipal that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be `nbf` + 10 mins.</li></ul><br>For steps to generate this proof of possession token, see [Generating proof of possession tokens for rolling keys](/graph/application-rollkey-prooftoken).| ## Response
v1.0 Serviceprincipal Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipal-removepassword.md
POST /servicePrincipals/{id}/removePassword
| Property | Type |Description| |:|:--|:-|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Serviceprincipalriskdetection Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/serviceprincipalriskdetection-get.md
If successful, this method returns a `200 OK` response code and a [servicePrinci
### Example 1: Get a specific risk detection object #### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_serviceprincipalriskdetection"
If successful, this method returns a `200 OK` response code and a [servicePrinci
``` http GET https://graph.microsoft.com/beta/identityProtection/servicePrincipalRiskDetections/{servicePrincipalRiskDetectionId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++ #### Response
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-delete.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-get.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-post-subscriptions.md
Subscribes a listener application to receive change notifications when the reque
See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).
+ ## Permissions Creating a subscription requires read permission to the resource. For example, to get change notifications on messages, your app needs the Mail.Read permission.
OneDrive for Business and SharePoint support sending your application notificati
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
--- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-update.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources and optionally specify in the POST request payload whether to include encrypted resource data in notifications.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Synchronization Synchronization Secrets https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/synchronization-synchronization-secrets.md
If the secrets are successfully saved, this method returns a `204 No Content` re
### Request The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "synchronization_secrets"
Content-type: application/json
] } ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
--- ### Response The following is an example of the response.
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadForTeam, TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
[!INCLUDE [teamwork-permissions-note](../../../includes/teamwork-permissions-note.md)]
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-post-members.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Add a new [conversationMember](../resources/conversationmember.md) to a [team](../resources/team.md).
+Add a new [conversation member](../resources/conversationmember.md) to a [team](../resources/team.md).
## Permissions+ One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). |Permission type|Permissions (from least to most privileged)|
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.ReadWrite.All |
+> [!NOTE]
+> Using application permissions to [add guest members](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide&preserve-view=true) to a team is not supported.
+ ## HTTP request <!-- {
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team Update Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-update-members.md
Namespace: microsoft.graph
Update the role of a [conversationMember](../resources/conversationmember.md) in a [team](../resources/team.md).
+> [!NOTE]
+> Team members with the role of `guest` cannot be given the role of `owner`.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Tenantappmanagementpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/tenantappmanagementpolicy-update.md
Update the properties of a [tenantAppManagementPolicy](../resources/tenantAppMan
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-| :- | : |
-| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | Policy.ReadWrite.ApplicationConfiguration |
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | Policy.ReadWrite.ApplicationConfiguration |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | Policy.ReadWrite.ApplicationConfiguration |
## HTTP request
PATCH /policies/defaultAppManagementPolicy
In the request body, supply the values for relevant fields from the [tenantAppManagementPolicy](../resources/tenantAppManagementPolicy.md) that should be updated. Existing properties that are not included in the request body will maintain their previous values. For best performance, do not include unchanged values in the request payload.
-| Property | Type | Description |
-|:|:-|:-|
-| displayName | String | The display name of the default policy. Inherited from [policyBase](../resources/policybase.md). |
-| description | String | The description of the default policy. Inherited from [policyBase](../resources/policybase.md). |
-| isEnabled | Boolean | Denotes if the policy is enabled. Default value is false. |
-| applicationRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all application objects in the tenant. |
-| servicePrincipalRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all service principal objects in the tenant. |
+| Property | Type | Description |
+| : | :-- | :-- |
+| applicationRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all application objects in the tenant. |
+| displayName | String | The display name of the default policy. Inherited from [policyBase](../resources/policybase.md). |
+| description | String | The description of the default policy. Inherited from [policyBase](../resources/policybase.md). |
+| isEnabled | Boolean | Denotes if the policy is enabled. Default value is false. |
+| servicePrincipalRestrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply as default to all service principal objects in the tenant. |
## Response
If successful, this method returns a `204 No Content` response code. It does not
The following is an example of the request. -- # [HTTP](#tab/http)+ <!-- { "blockType": "request", "name": "update_tenantAppManagementPolicy"
Content-Type: application/json
{ "restrictionType": "passwordAddition", "maxLifetime": null,
- "restrictForAppsCreatedAfterDateTime": "2021-04-01T10:37:00Z"
+ "restrictForAppsCreatedAfterDateTime": "2021-01-01T10:37:00Z"
}, { "restrictionType": "passwordLifetime", "maxLifetime": "P4DT12H30M5S",
- "restrictForAppsCreatedAfterDateTime": "2019-01-01T10:37:00Z"
+ "restrictForAppsCreatedAfterDateTime": "2017-01-01T10:37:00Z"
}, { "restrictionType": "symmetricKeyAddition", "maxLifetime": null,
- "restrictForAppsCreatedAfterDateTime": "2021-04-01T10:37:00Z"
+ "restrictForAppsCreatedAfterDateTime": "2021-01-01T10:37:00Z"
+ },
+ {
+ "restrictionType": "customPasswordAddition",
+ "maxLifetime": null,
+ "restrictForAppsCreatedAfterDateTime": "2015-01-01T10:37:00Z"
}, { "restrictionType": "symmetricKeyLifetime", "maxLifetime": "P40D",
- "restrictForAppsCreatedAfterDateTime": "2015-04-01T10:37:00Z"
+ "restrictForAppsCreatedAfterDateTime": "2015-01-01T10:37:00Z"
} ], "keyCredentials":[
Content-Type: application/json
} } ```+ # [C#](#tab/csharp)+ [!INCLUDE [sample-code](../includes/snippets/csharp/update-tenantappmanagementpolicy-csharp-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript)+ [!INCLUDE [sample-code](../includes/snippets/javascript/update-tenantappmanagementpolicy-javascript-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc)+ [!INCLUDE [sample-code](../includes/snippets/objc/update-tenantappmanagementpolicy-objc-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java)+ [!INCLUDE [sample-code](../includes/snippets/jav)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Go](#tab/go)+ [!INCLUDE [sample-code](../includes/snippets/go/update-tenantappmanagementpolicy-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [PowerShell](#tab/powershell)+ [!INCLUDE [sample-code](../includes/snippets/powershell/update-tenantappmanagementpolicy-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] - ### Response The following is an example of the response.
v1.0 Termsofusecontainer List Agreements https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/termsofusecontainer-list-agreements.md
GET https://graph.microsoft.com/beta/identityGovernance/termsOfUse/agreements
[!INCLUDE [sample-code](../includes/snippets/go/get-agreements-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Termsofusecontainer Post Agreements https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/termsofusecontainer-post-agreements.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/create-agreement-from-agreements-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Termstore Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/termstore-group-get.md
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/beta/sites/microsoft.sharepoint.com,c6482504-4a85-4b21-858a-7e88dafc8232,d90ca07d-25c0-4ce7-864b-d68b607e697f/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C?$select=*,parentSiteId ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore_sites"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/beta/sites/microsoft.sharepoint.com,c6482504-4a85-4b21-858a-7e88dafc8232,d90ca07d-25c0-4ce7-864b-d68b607e697f/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 Unifiedrbacresourceaction Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourceaction-get.md
+
+ Title: "Get unifiedRbacResourceAction"
+description: "Read the properties and relationships of an unifiedRbacResourceAction object."
+
+ms.localizationpriority: medium
++
+# Get unifiedRbacResourceAction
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}/resourceActions/{unifiedRbacResourceActionId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object in the response body.
+
+## Examples
+
+The following example gets the action with the identifier `microsoft.directory-accessReviews-allProperties-read-get` for the resource namespace with the identifier of `microsoft.directory`.
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrbacresourceaction"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions/microsoft.directory-accessReviews-allProperties-read-get
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRbacResourceAction"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.directory')/resourceActions/$entity",
+ "actionVerb": "GET",
+ "description": "Read all properties of access reviews",
+ "id": "microsoft.directory-accessReviews-allProperties-read-get",
+ "name": "microsoft.directory/accessReviews/allProperties/read",
+ "resourceScopeId": null
+}
+```
v1.0 Unifiedrbacresourcenamespace Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourcenamespace-get.md
+
+ Title: "Get unifiedRbacResourceNamespace"
+description: "Read the properties and relationships of an unifiedRbacResourceNamespace object."
+
+ms.localizationpriority: medium
++
+# Get unifiedRbacResourceNamespace
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object in the response body.
+
+## Examples
+
+The following example gets the resource namespace with the identifier of `microsoft.aad.b2c`.
+
+### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrbacresourcenamespace"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.aad.b2c
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRbacResourceNamespace"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces/$entity",
+ "id": "microsoft.aad.b2c",
+ "name": "microsoft.aad.b2c"
+}
+```
v1.0 Unifiedrbacresourcenamespace List Resourceactions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrbacresourcenamespace-list-resourceactions.md
+
+ Title: "List resourceActions"
+description: "Get a list of the unifiedRbacResourceAction objects and their properties."
+
+ms.localizationpriority: medium
++
+# List resourceActions
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|RoleManagement.Read.Directory, RoleManagement.Read.All, RoleManagement.ReadWrite.Directory|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/resourceNamespaces/{unifiedRbacResourceNamespaceId}/resourceActions
+```
+
+## Optional query parameters
+This method supports the `$filter`, `$select`, `$top`, and `$skipToken` OData query parameters to help customize the response. This method supports `$filter` (`eq`) for **actionVerb**, **description**, **id**, and **name** properties. This method returns a default page size of 100 **resourceActions** and supports `$top` and `$skipToken` for paging. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects in the response body.
+
+## Examples
+
+### Example 1: Get microsoft.directory actions
+
+The following example gets the actions for the resource namespace with the identifier of `microsoft.directory`.
+
+This method returns a maximum of 100 actions. If there are more actions, you can use `@odata.nextLink` to get the next set of actions.
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourceaction_directory"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+#### Response
+>**Note:** The response object shown here has been shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceAction)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.directory')/resourceActions",
+ "@odata.nextLink": "https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.directory/resourceActions?$skiptoken=bWljcm9z...",
+ "value": [
+ {
+ "actionVerb": null,
+ "description": "Create and delete access reviews, and read and update all properties of access reviews in Azure AD",
+ "id": "microsoft.directory-accessReviews-allProperties-allTasks",
+ "name": "microsoft.directory/accessReviews/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "GET",
+ "description": "Read all properties of access reviews",
+ "id": "microsoft.directory-accessReviews-allProperties-read-get",
+ "name": "microsoft.directory/accessReviews/allProperties/read",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Manage access reviews of application role assignments in Azure AD",
+ "id": "microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks",
+ "name": "microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks",
+ "resourceScopeId": null
+ }
+ ]
+}
+```
+
+### Example 2: Get microsoft.insights actions
+
+The following example gets the actions for the resource namespace with the identifier of `microsoft.insights`.
+
+#### Request
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrbacresourceaction_insights"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/resourceNamespaces/microsoft.insights/resourceActions
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRbacResourceAction)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/resourceNamespaces('microsoft.insights')/resourceActions",
+ "value": [
+ {
+ "actionVerb": null,
+ "description": "Manage all aspects of Insights app",
+ "id": "microsoft.insights-allEntities-allProperties-allTasks",
+ "name": "microsoft.insights/allEntities/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Read all aspects of Viva Insights",
+ "id": "microsoft.insights-allEntities-allProperties-read",
+ "name": "microsoft.insights/allEntities/allProperties/read",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "PATCH",
+ "description": "Deploy and manage programs in Insights app",
+ "id": "microsoft.insights-programs-allProperties-update-patch",
+ "name": "microsoft.insights/programs/allProperties/update",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": null,
+ "description": "Run and manage queries in Viva Insights",
+ "id": "microsoft.insights-queries-allProperties-allTasks",
+ "name": "microsoft.insights/queries/allProperties/allTasks",
+ "resourceScopeId": null
+ },
+ {
+ "actionVerb": "GET",
+ "description": "View reports and dashboard in Insights app",
+ "id": "microsoft.insights-reports-allProperties-read-get",
+ "name": "microsoft.insights/reports/allProperties/read",
+ "resourceScopeId": null
+ }
+ ]
+}
+```
v1.0 User Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-assignlicense.md
In the request body, provide a JSON object with the following parameters.
If successful, this method returns `200 OK` response code and an updated [user](../resources/user.md) object in the response body.
-## Example
-Add licenses to the user.
-##### Request
+## Examples
+
+### Example 1: Assign licenses to the signed-in user
+
+#### Request
# [HTTP](#tab/http) <!-- {
POST https://graph.microsoft.com/beta/me/assignLicense
Content-type: application/json {
- "addLicenses": [
- {
- "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "skuId-value-1"
- },
- {
- "disabledPlans": [ "a571ebcc-fqe0-4ca2-8c8c-7a284fd6c235" ],
- "skuId": "skuId-value-2"
- }
- ],
- "removeLicenses": []
+ "addLicenses": [
+ {
+ "disabledPlans": [
+ "8a256a2b-b617-496d-b51b-e76466e88db0"
+ ],
+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ },
+ {
+ "disabledPlans": [],
+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"
+ }
+ ],
+ "removeLicenses": []
} ``` # [C#](#tab/csharp)
Content-type: application/json
-## Example
-Remove licenses from the user.
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "accountEnabled": true,
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "8a256a2b-b617-496d-b51b-e76466e88db0"
+ ],
+ "skuId": "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ },
+ {
+ "disabledPlans": [],
+ "skuId": "f30db892-07e9-47e9-837c-80727f46fd3d"
+ }
+ ],
+ "city": "Nairobi",
+ "companyName": "Contoso"
+}
+```
+
+### Example 2: Remove licenses from the signed-in user
-##### Request
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "user_assignlicense_removelicenses"
+}-->
```http POST https://graph.microsoft.com/beta/me/assignLicense Content-type: application/json {
- "addLicenses": [],
- "removeLicenses": ["skuId-value-1", "skuId-value-2"]
+ "addLicenses": [],
+ "removeLicenses": [
+ "f30db892-07e9-47e9-837c-80727f46fd3d",
+ "84a661c4-e949-4bd2-a560-ed7766fcaf2b"
+ ]
} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
-##### Response
-In both examples, the response is the updated user object. Note: The response object shown here might be shortened for readability.
+# [PowerShell](#tab/powershell)
++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Content-type: application/json
{ "accountEnabled": true,
- "assignedLicenses": [
- {
- "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "skuId-value"
- }
- ],
- "assignedPlans": [
- {
- "assignedDateTime": "2016-10-19T10:37:00Z",
- "capabilityStatus": "capabilityStatus-value",
- "service": "service-value",
- "servicePlanId": "bea13e0c-3828-4daa-a392-28af7ff61a0f"
- }
- ],
- "businessPhones": [
- "businessPhones-value"
- ],
- "city": "city-value",
- "companyName": "companyName-value"
+ "assignedLicenses": [],
+ "city": "Nairobi",
+ "companyName": "Contoso"
} ```
v1.0 User List Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-list-licensedetails.md
Title: "List licenseDetails" description: "Retrieve a list of licenseDetails objects."-+ ms.localizationpriority: medium ms.prod: "users" doc_type: apiPageType
v1.0 User List Manager https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-list-manager.md
ConsistencyLevel: eventual
[!INCLUDE [sample-code](../includes/snippets/powershell/get-transitive-managers-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
v1.0 User Revokesigninsessions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-revokesigninsessions.md
This operation has no request content.
## Response
-If successful, this method returns a `204 No Content` response code.
+If successful, this method returns a `200 OK` response code.
>[!NOTE]
->This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-HTTP-code). It returns a different HTTP response code.
+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.
## Example The following example shows how to call this API.
-##### Request
+### Request
# [HTTP](#tab/http) <!-- {
- "blockType": "request",
+ "blockType": "ignored",
"name": "user_revokesigninsessionss" }--> ```http
POST https://graph.microsoft.com/beta/me/revokeSignInSessions
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 No Content
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Edm.Boolean",
+ "value": true
+}
``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/user-update.md
Because the **user** resource supports [extensions](/graph/extensibility-overvie
add, update, or delete your own app-specific data in custom properties of an extension in an existing **user** instance. > [!NOTE]
-> The follow properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
## Response
v1.0 Virtualendpoint List Snapshots https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/virtualendpoint-list-snapshots.md
+
+ Title: "List snapshots"
+description: "Get a list of cloudPcSnapshot objects and their properties."
+
+ms.localizationpriority: medium
++
+# List snapshots
+Namespace: microsoft.graph
++
+Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /deviceManagement/virtualEndpoint/snapshots
+```
+
+## Optional query parameters
+This method supports the `$filter` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of a request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_cloudpcsnapshot"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/snapshots
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.cloudPcSnapshot",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "662009bc-7732-4f6f-8726-25883518b33e",
+ "createdDateTime": "2021-08-23T09:28:32.8260335Z",
+ "lastRestoredDateTime": "2021-09-01T09:28:32.8260338Z",
+ "id": "A00009UV000_93aff428-61f2-467f-a879-1102af6fd4a8",
+ "status": "ready"
+ }
+ ]
+}
+```
+
v1.0 Virtualendpoint List Usersettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/virtualendpoint-list-usersettings.md
Content-Type: application/json
"displayName": "Test1", "selfServiceEnabled": true, "localAdminEnabled": false,
+ "restorePointSetting": {
+ "frequencyInHours": 16,
+ "userRestoreEnabled": true
+ },
"lastModifiedDateTime": "2021-02-01T10:29:57Z", "createdDateTime": "2021-02-01T10:29:57Z" }
v1.0 Virtualendpoint Post Usersettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/virtualendpoint-post-usersettings.md
The following table shows the properties that are required when you create the [
|displayName|String|The setting name as it appears in the UI. | |localAdminEnabled|Boolean|To turn on the local admin option, change this setting to `True`.ΓÇ» | |selfServiceEnabled|Boolean|To turn on the self service option, change this setting to `True`.ΓÇ»|
+|restorePointSetting|[cloudPcRestorePointSetting](../resources/cloudpcrestorepointsetting.md)|Defines how frequently a restore point is created (that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.|
|lastModifiedDateTime|DateTimeOffset|The last date and time the setting was modified. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this:ΓÇ»'2014-01-01T00:00:00Z'.ΓÇ»| ## Response
Content-Type: application/json
"@odata.type": "#microsoft.graph.cloudPcUserSetting", "displayName": "Example", "selfServiceEnabled": false,
- "localAdminEnabled": true
+ "localAdminEnabled": true,
+ "restorePointSetting": {
+ "frequencyInHours": 16,
+ "userRestoreEnabled": true
+ }
} ``` # [C#](#tab/csharp)
Content-Type: application/json
"displayName": "Example", "selfServiceEnabled": false, "localAdminEnabled": true,
+ "restorePointSetting": {
+ "frequencyInHours": 16,
+ "userRestoreEnabled": true
+ },
"lastModifiedDateTime": "2021-02-01T10:29:57Z"ΓÇ» } ```
v1.0 Windowshelloforbusinessauthenticationmethod Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/windowshelloforbusinessauthenticationmethod-get.md
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAu
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} ```
+>**Note:** To read the **device** navigation property for another user, specify it in an `$expand` query as follows: `/users/{id}/authentication/windowsHelloForBusinessMethods/{id}?$expand=device`.
+ ## Optional query parameters Not supported.
v1.0 Windowsupdates Deploymentaudience Updateaudience https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/windowsupdates-deploymentaudience-updateaudience.md
Content-Type: application/json
{ "addMembers": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "removeMembers": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "addExclusions": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ], "removeExclusions": [ {
- "@odata.type": "#microsoft.graph.windowsUpdates.updatableAsset",
+ "@odata.type": "#microsoft.graph.windowsUpdates.azureADDevice",
"id": "String (identifier)" } ]
v1.0 X509certificateauthenticationmethodconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-delete.md
Title: "Delete x509CertificateAuthenticationMethodConfiguration"
-description: "Delete a x509CertificateAuthenticationMethodConfiguration object and restores all the other properties to their default settings"
+description: "Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration."
ms.localizationpriority: medium ms.prod: "identity-and-sign-in"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Restore the [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object to its default configuration.
+Delete the tenant-customized [x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md) object and restore the default configuration.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 X509certificateauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-get.md
GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authen
### Response+
+The following response object shows an x509CertificateAuthenticationMethodConfiguration with its default configuration.
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
HTTP/1.1 200 OK
Content-Type: application/json {
- "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
- "id": "X509Certificate",
- "state": "disabled",
- "certificateUserBindings": [{
- "x509CertificateField": "PrincipalName",
- "userProperty": "onPremisesUserPrincipalName",
- "priority": 1
- },
- {
- "x509CertificateField": "RFC822Name",
- "userProperty": "userPrincipalName",
- "priority": 2
- }
- ],
- "authenticationModeConfiguration": {
- "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
- "rules": []
- },
- "includeTargets": [{
- "targetType": "group",
- "id": "all_users",
- "isRegistrationRequired": false
- }]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "disabled",
+ "certificateUserBindings": [
+ {
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ },
+ {
+ "x509CertificateField": "RFC822Name",
+ "userProperty": "userPrincipalName",
+ "priority": 2
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
+ "rules": []
+ },
+ "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('X509Certificate')/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets",
+ "includeTargets": [
+ {
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }
+ ]
} ```
v1.0 X509certificateauthenticationmethodconfiguration Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/x509certificateauthenticationmethodconfiguration-update.md
If successful, this method returns a `204 No Content` response code and an updat
### Request
+The following is an example of an update request with the following settings:
+++ Enables the x509 certificate authentication method in the tenant.++ Configures only one user binding between the certificate **PrincipalName** and the Azure AD **onPremisesUserPrincipalName** properties.++ Defines multi-factor authentication as requirement.++ Configures the binding rules for the strong authentication method against the rule type.+ # [HTTP](#tab/http) <!-- { "blockType": "request",
PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/auth
Content-Type: application/json {
- "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
- "id": "X509Certificate",
- "state": "disabled",
- "certificateUserBindings": [{
- "x509CertificateField": "PrincipalName",
- "userProperty": "onPremisesUserPrincipalName",
- "priority": 1
- },
- {
- "x509CertificateField": "RFC822Name",
- "userProperty": "userPrincipalName",
- "priority": 2
- }
- ],
- "authenticationModeConfiguration": {
- "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor",
- "rules": []
- },
- "includeTargets": [{
- "targetType": "group",
- "id": "all_users",
- "isRegistrationRequired": false
- }]
+ "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
+ "id": "X509Certificate",
+ "state": "enabled",
+ "certificateUserBindings": [
+ {
+ "x509CertificateField": "PrincipalName",
+ "userProperty": "onPremisesUserPrincipalName",
+ "priority": 1
+ }
+ ],
+ "authenticationModeConfiguration": {
+ "x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",
+ "rules": [
+ {
+ "x509CertificateRuleType": "issuerSubject",
+ "identifier": "CN=ContosoCA,DC=Contoso,DC=org ",
+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
+ },
+ {
+ "x509CertificateRuleType": "policyOID",
+ "identifier": "1.2.3.4",
+ "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
+ }
+ ]
+ },
+ "includeTargets": [
+ {
+ "targetType": "group",
+ "id": "all_users",
+ "isRegistrationRequired": false
+ }
+ ]
} ``` # [JavaScript](#tab/javascript)
Content-Type: application/json
### Response <!-- {
- "blockType": "response",
- "truncated": true
+ "blockType": "response"
} --> ``` http HTTP/1.1 204 No Content
-Content-Type: application/json
```
v1.0 Accesspackageassignmentpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageassignmentpolicy.md
To assign a user to an access package, [create an accessPackageAssignmentRequest
| Relationship | Type | Description | |:-|:|:| |accessPackage|[accessPackage](accesspackage.md)| The access package with this policy. Read-only. Nullable. Supports `$expand`.|
+|customExtensionHandlers|[customExtensionHandler](../resources/customextensionhandler.md) collection| The collection of stages when to execute one or more custom access package workflow extensions. Supports `$expand`.|
++ ## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "string",
- "accessPackageId": "string",
- "displayName": "string",
- "description": "string",
- "isDenyPolicy": false,
- "canExtend": false,
- "durationInDays": 365,
- "requestorSettings": {
- "scopeType": "string",
- "acceptRequests": true,
- "allowedRequestors": [{
- "@odata.type": "#microsoft.graph.userSet"
- }]
- },
- "requestApprovalSettings": {
- "isApprovalRequired": false,
- "isApprovalRequiredForExtension": false,
- "isRequestorJustificationRequired": false,
- "approvalMode": "string",
- "approvalStages": [{
- "approvalStageTimeOutInDays": 14,
- "isApproverJustificationRequired": true,
- "isEscalationEnabled": true,
- "escalationTimeInMinutes": 11520,
- "primaryApprovers": [{
- "@odata.type": "#microsoft.graph.userSet"
- }],
- "escalationApprovers": [{
- "@odata.type": "#microsoft.graph.userSet"
- }]
- }]
- },
- "accessReviewSettings": null,
- "questions": [{
- "@odata.type": "#microsoft.graph.question"
- }]
+ "@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
+ "id": "String (identifier)",
+ "accessPackageId": "String",
+ "displayName": "String",
+ "description": "String",
+ "canExtend": "Boolean",
+ "durationInDays": "Integer",
+ "expirationDateTime": "String (timestamp)",
+ "createdBy": "String",
+ "createdDateTime": "String (timestamp)",
+ "modifiedBy": "String",
+ "modifiedDateTime": "String (timestamp)",
+ "questions": [
+ {
+ "@odata.type": "microsoft.graph.accessPackageMultipleChoiceQuestion"
+ }
+ ],
+ "requestorSettings": {
+ "@odata.type": "microsoft.graph.requestorSettings"
+ },
+ "requestApprovalSettings": {
+ "@odata.type": "microsoft.graph.approvalSettings"
+ },
+ "accessReviewSettings": {
+ "@odata.type": "microsoft.graph.assignmentReviewSettings"
+ }
} ```
v1.0 Accesspackageassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageassignmentrequest.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
|:-|:|:| |completedDate|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |createdDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|customExtensionHandlerInstances|[customExtensionHandlerInstance](../resources/customextensionhandlerinstance.md) collection| A collection of [custom workflow extension](customaccesspackageworkflowextension.md) instances being run on an assignment request. Read-only. |
|id|String| Read-only.| |isValidationOnly|Boolean|True if the request is not to be processed for assignment.| |justification|String|The requestor's supplied justification.|
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
## JSON representation + The following is a JSON representation of the resource. <!-- {
The following is a JSON representation of the resource.
```json {
- "createdDateTime": "string",
- "completedDate": "string",
- "id": "string",
- "requestType": "string",
- "requestState": "string",
- "requestStatus": "string",
- "isValidationOnly": false,
- "justification": "string",
- "answers": [{
- "@odata.type": "#microsoft.graph.accessPackageAnswerString",
- "value": "string",
- "answeredQuestion": {
- "id": "string",
- "text": {
- "defaultText": "string",
- "localizedTexts": [{
- "text": "string",
- "languageCode": "string"
- }]
- },
- "isRequired": true,
- "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
- "isSingleLineQuestion": true
- }
- }]
+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequest",
+ "id": "String (identifier)",
+ "requestType": "String",
+ "requestState": "String",
+ "requestStatus": "String",
+ "isValidationOnly": "Boolean",
+ "createdDateTime": "String (timestamp)",
+ "completedDate": "String (timestamp)",
+ "expirationDateTime": "String (timestamp)",
+ "justification": "String",
+ "schedule": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "answers": [
+ {
+ "@odata.type": "microsoft.graph.accessPackageAnswerString"
+ }
+ ],
+ "customExtensionHandlerInstances": [
+ {
+ "@odata.type": "microsoft.graph.customExtensionHandlerInstance"
+ }
+ ]
} ```
v1.0 Accesspackagecatalog https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackagecatalog.md
Namespace: microsoft.graph
In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package catalog is a container for zero or more access packages. An access package catalog might also have linked resources that are used in those access packages to provide access. To view or change the membership of catalog-scoped roles, use the [role assignments](unifiedroleassignment.md) API with the entitlement management RBAC provider. - ## Methods | Method | Return Type | Description |
In [Azure AD entitlement management](entitlementmanagement-overview.md), an acce
| [Get accessPackageCatalog](../api/accesspackagecatalog-get.md) | [accessPackageCatalog](accesspackagecatalog.md) | Read properties and relationships of an accessPackageCatalog object. | | [Update accessPackageCatalog](../api/accesspackagecatalog-update.md)|None | Update the properties of an accessPackageCatalog object. | | [Delete accessPackageCatalog](../api/accesspackagecatalog-delete.md) | | Delete accessPackageCatalog. |
+| **Access package resources**| | |
| [List accessPackageCatalog resources](../api/accesspackagecatalog-list-accesspackageresources.md) | [accessPackageResource](accesspackageresource.md) collection | Retrieve a list of accessPackageResource objects in a catalog. |
+| **Access package resource roles**| | |
| [List accessPackageCatalog resource roles](../api/accesspackagecatalog-list-accesspackageresourceroles.md) | [accessPackageResourceRole](accesspackageresourcerole.md) collection | Retrieve a list of accessPackageResourceRole objects for resources in a catalog. |
+| **Custom access package package workflow extensions**| | |
+|[List customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties.|
+|[Create customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Get customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-get.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Update customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-update.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Update the properties of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Delete customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-delete.md)|None|Deletes a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
## Properties
In [Azure AD entitlement management](entitlementmanagement-overview.md), an acce
|:-|:|:| |accessPackages|[accessPackage](accesspackage.md) collection| The access packages in this catalog. Read-only. Nullable. Supports `$expand`.| |accessPackageResources|[accessPackageResource](accesspackageresource.md) collection| Read-only. Nullable.|
+|accessPackageResourceRoles|[accessPackageResourceRole](accesspackageresourcerole.md) collection|The roles in each resource in a catalog. Read-only.|
+|accessPackageResourceScopes|[accessPackageResourceScope](accesspackageresourcescope.md) collection|Read-only.|
+|customAccessPackageWorkflowExtension|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|The attributes of a logic app, which can be called at various stages of an access package request and assignment cycle. |
## JSON representation
v1.0 Accesspackageresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accesspackageresource.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Property | Type | Description | |:-|:|:|
-|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.|
|attributes|[accessPackageResourceAttribute](../resources/accesspackageresourceattribute.md) collection| Contains information about the attributes to be collected from the requestor and sent to the resource application. | |addedBy|String|The name of the user or application that first added this resource. Read-only.| |addedOn|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
| Relationship | Type | Description | |:-|:|:|
-|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](accesspackageresourceenvironment.md)| Nullable. Supports `$expand`.|
+|accessPackageResourceEnvironment|[accessPackageResourceEnvironment](../resources/accesspackageresourceenvironment.md)|Contains the environment information for the resource. This can be set using either the `@odata.bind` annotation or the environment's *originId*.Supports `$expand`.|
|accessPackageResourceRoles|[accessPackageResourceRole](accesspackageresourcerole.md) collection| Read-only. Nullable. Supports `$expand`.| |accessPackageResourceScopes|[accessPackageResourceScope](accesspackageresourcescope.md) collection| Read-only. Nullable. Supports `$expand`.|
v1.0 Accessreviewsv2 Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/accessreviewsv2-overview.md
Typical customer scenarios for access reviews include:
- Customers can review and certify employee access to Azure AD resources. - Customers can review and audit assignments to Azure AD privileged roles. This supports organizations in the management of privileged access.
-Note that the access reviews feature, including the API, is included in Azure AD Premium P2. The tenant where an access review is being created must have a valid purchased or trial Azure AD Premium P2 or EMS E5 subscription.
+Note that the access reviews feature, including the API, is included in Azure AD Premium P2. The tenant where an access review is being created must have a valid purchased or trial Azure AD Premium P2 or EMS E5 subscription. For more information about the license requirements, see [Access reviews license requirements](/azure/active-directory/governance/access-reviews-overview#license-requirements).
## Methods
v1.0 Activateservice https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/activateservice.md
Represents a service to be activated.
| Property | Type | Description | | -- | | - | | service| String | The name of the service to activate. |
-| servicePlanId | GUID | The plan identifier of the service plan to activate. |
-| skuId | GUID | The SKU identifier of the service plan. |
+| servicePlanId | Guid | The plan identifier of the service plan to activate. |
+| skuId | Guid | The SKU identifier of the service plan. |
## JSON representation
Here is a JSON representation of the resource.
```json {
- "service": "string",
- "skuId": "guid",
- "servicePlanId": "guid"
+ "service": "String",
+ "skuId": "Guid",
+ "servicePlanId": "Guid"
} ```
v1.0 Addin https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/addin.md
Here is a JSON representation of the resource.
```json {
- "id": "guid",
+ "id": "GUID",
"properties": [{"@odata.type": "microsoft.graph.keyValue"}],
- "type": "string"
+ "type": "String"
} ```
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/administrativeunit.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An administrative unit provides a conceptual container for User and Group directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users and groups contained within or scoped to an administrative unit to a regional or departmental administrator.
+An administrative unit provides a conceptual container for user, group, and device directory objects. Using administrative units, a company administrator can now delegate administrative responsibilities to manage the users, groups, and devices contained within or scoped to an administrative unit to a regional or departmental administrator.
This resource supports using [delta query](/graph/delta-query-overview) to track incremental additions, deletions, and updates, by providing a [delta](../api/administrativeunit-delta.md) function. This resource is an open type that allows other properties to be passed in.
This topic provides descriptions of the declared properties and navigation prope
| Method | Return Type | Description | |:|:--|:-|
-|[Create](../api/administrativeunit-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
-|[List](../api/administrativeunit-list.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
|[Get](../api/administrativeunit-get.md) | [administrativeUnit](administrativeunit.md) |Read properties and relationships of a specific administrativeUnit object.| |[Update](../api/administrativeunit-update.md) | [administrativeUnit](administrativeunit.md) |Update administrativeUnit object. | |[Delete](../api/administrativeunit-delete.md) | None |Delete administrativeUnit object. | |[Get delta](../api/administrativeunit-delta.md)|[administrativeUnit](administrativeunit.md)|Get newly created, updated, or deleted **administrativeUnits** without having to perform a full read of the entire resource collection.|
-|[Add a member](../api/administrativeunit-post-members.md) |[directoryObject](directoryobject.md)| Add a member (user or group).|
-|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user and group) members.|
+|[Add a member](../api/administrativeunit-post-members.md) |[directoryObject](directoryobject.md)| Add a member (user, group, or device).|
+|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user, group, and device) members.|
|[Get a member](../api/administrativeunit-get-members.md) |[directoryObject](directoryobject.md)| Get a specific member.| |[Remove a member](../api/administrativeunit-delete-members.md) |[directoryObject](directoryobject.md)| Remove a member.| |[Add scoped-role member](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Add a scoped-role member.|
This topic provides descriptions of the declared properties and navigation prope
| Property | Type |Description| |:|:--|:-|
-|description|string|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
-|displayName|string|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
-|id|string|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
-|visibility|string|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership` or `Public`. If not set, default behavior is `Public`. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
## Relationships | Relationship | Type |Description|
This topic provides descriptions of the declared properties and navigation prope
## JSON representation
-Here is a JSON representation of the resource.
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
Here is a JSON representation of the resource.
```json {
- "description": "string",
- "displayName": "string",
- "id": "string (identifier)",
- "visibility": "string"
+ "description": "String",
+ "displayName": "String",
+ "id": "String (identifier)",
+ "visibility": "String"
} ```
v1.0 Appidentity https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/appidentity.md
Indicates the identity of the application that performed the action or was chang
## Properties | Property | Type |Description| |:|:--|:-|
-|appId|String|Refers to the Unique GUID representing Application Id in the Azure Active Directory.|
+|appId|String|Refers to the unique identifier representing Application Id in the Azure Active Directory.|
|displayName|String|Refers to the Application Name displayed in the Azure Portal.|
-|servicePrincipalId|String|Refers to the Unique GUID indicating Service Principal Id in Azure Active Directory for the corresponding App.|
+|servicePrincipalId|String|Refers to the unique identifier indicating Service Principal Id in Azure Active Directory for the corresponding App.|
|servicePrincipalName|String|Refers to the Service Principal Name is the Application name in the tenant. | ## JSON representation
v1.0 Application https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/application.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|[Add key](../api/application-addkey.md)|[keyCredential](keycredential.md)|Add a key credential to an application.| |[Remove key](../api/application-removekey.md)|None|Remove a key credential from an application.| |**Extensions**| | |
-| [List extensions](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
-| [Create extension](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
-| [Delete extension](../api/application-delete-extensionproperty.md) | None | Delete an extension property from an application object. |
+| [List extensionProperties](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Create extensionProperties](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
+| [Get extensionProperty](../api/extensionproperty-delete.md) | None | Get an extension property from an application object. |
+| [Delete extensionProperty](../api/extensionproperty-delete.md) | None | Delete an extension property from an application object. |
|**Federated identity credentials**| | | | [List federatedIdentityCredential](../api/application-list-federatedidentitycredentials.md) | [federatedIdentityCredential](../resources/federatedidentitycredential.md) collection | List federated identity credentials on an application object. | | [Create federatedIdentityCredential](../api/application-post-federatedidentitycredentials.md) | [federatedIdentityCredential](../resources/federatedidentitycredential.md) | Create a federated identity credential on an application object. |
This resource supports using [delta query](/graph/delta-query-overview) to track
| verifiedPublisher | [verifiedPublisher](verifiedPublisher.md) | Specifies the verified publisher of the application. For more information about how publisher verification helps support application security, trustworthiness, and compliance, see [Publisher verification](/azure/active-directory/develop/publisher-verification-overview).| | uniqueName | String | The unique identifier that can be assigned to an application as an alternative identifier. Immutable. Read-only. | | web |[webApplication](webapplication.md)| Specifies settings for a web application. |
+| windows |[windowsApplication](windowsapplication.md)| Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store.|
### signInAudience values
The following is a JSON representation of the resource.
"tokenEncryptionKeyId": "String", "uniqueName": "String", "verifiedPublisher": {"@odata.type": "microsoft.graph.verifiedPublisher"},
- "web": {"@odata.type": "microsoft.graph.webApplication"}
+ "web": {"@odata.type": "microsoft.graph.webApplication"},
+ "windows": {"@odata.type": "microsoft.graph.windowsApplication"}
} ```
v1.0 Applicationauthenticationmethodpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/applicationauthenticationmethodpolicy.md
When both the tenant default policy and an app management policy exist, the app
The application authentication methods policy API offers the following restrictions:
-| Restriction name | Description | Examples |
-| : | :- | :- |
-| passwordAddition | Restrict password secrets on applications altogether. | Block new passwords on applications created on or after '01/01/2019'. |
-| passwordLifetime | Enforce a max lifetime range for a password secret. | Restrict all new password secrets to a maximum of 30 days for applications created after 01/01/2015. |
-| symmetricKeyAddition | Restrict symmetric keys on applications. | Block new symmetric keys on applications created on or after 01/01/2019. |
-| symmetricKeyLifetime | Enforce a max lifetime range for a symmetric key. | Restrict all new symmetric keys to a maximum of 30 days for applications created after 01/01/2019. |
-| asymmetricKeyLifetime | Enforce a max lifetime range for an asymmetric key (certificate). | Restrict all new asymmetric key secrets to a maximum of 30 days for applications created after 01/01/2019. |
+| Restriction name | Description | Examples |
+| : | : | :- |
+| passwordAddition | Restrict password secrets on applications altogether. | Block new passwords on applications created on or after '01/01/2019'. |
+| passwordLifetime | Enforce a max lifetime range for a password secret. | Restrict all new password secrets to a maximum of 30 days for applications created after 01/01/2015. |
+| customPasswordAddition | Restrict a custom password secret on application or service principal. | Restrict all new custom (non-Azure AD generated) password secrets on applications created after 01/01/2015. |
+| symmetricKeyAddition | Restrict symmetric keys on applications. | Block new symmetric keys on applications created on or after 01/01/2019. |
+| symmetricKeyLifetime | Enforce a max lifetime range for a symmetric key. | Restrict all new symmetric keys to a maximum of 30 days for applications created after 01/01/2019. |
+| asymmetricKeyLifetime | Enforce a max lifetime range for an asymmetric key (certificate). | Restrict all new asymmetric key secrets to a maximum of 30 days for applications created after 01/01/2019. |
> [!Note] > All lifetime restrictions are expressed in ISO-8601 duration format (For example: P4DT12H30M5S).
+>
+> Applying the **customPasswordAddition** restriction will block any legacy PowerShell modules that add a client-generated password secret to applications or service principals. This restriction does not block Azure AD-generated application or service principal password secrets.
### Single vs multi-tenant apps
Depending on whether your app is a single tenant or multitenant app, you apply t
### Summary of key differences between the tenant default policy and app management policies
-| Tenant default policy | App management policy |
-| | |
-| Policy always exists. | Policy objects can be created or updated to override default policy. |
-| Restrictions are disabled by default for app/SP. | Allows customization for single tenant or multi tenant(backing app in home tenant or provisioned apps). |
-| Allows only single restriction object definition for all resources.| Allows multiple policy objects to be defined, but only one can be applied to a resource. |
-|Allows distinction of restrictions for application objects vs. service principals. | Policy can be applied to either an application or service principal object. |
-| Applies all restrictions configured to all apps or service principals. | Applies only the restrictions configured in the resource policy to the specified app or service principal, and doesn't inherit from default policy. |
+| Tenant default policy | App management policy |
+| - | |
+| Policy always exists. | Policy objects can be created or updated to override default policy. |
+| Restrictions are disabled by default for app/SP. | Allows customization for single tenant or multi tenant(backing app in home tenant or provisioned apps). |
+| Allows only single restriction object definition for all resources. | Allows multiple policy objects to be defined, but only one can be applied to a resource. |
+| Allows distinction of restrictions for application objects vs. service principals. | Policy can be applied to either an application or service principal object. |
+| Applies all restrictions configured to all apps or service principals. | Applies only the restrictions configured in the resource policy to the specified app or service principal, and doesn't inherit from default policy. |
## Next steps
v1.0 Approle https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approle.md
With [appRoleAssignments](approleassignment.md), app roles can be assigned to us
|allowedMemberTypes|String collection|Specifies whether this app role can be assigned to users and groups (by setting to `["User"]`), to other application's (by setting to `["Application"]`, or both (by setting to `["User", "Application"]`). App roles supporting assignment to other applications' service principals are also known as [application permissions](/graph/auth/auth-concepts#microsoft-graph-permissions). The "Application" value is only supported for app roles defined on **application** entities. | |description|String|The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.| |displayName|String|Display name for the permission that appears in the app role assignment and consent experiences.|
-|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new Guid identifier must be provided. |
+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |
|isEnabled|Boolean|When creating or updating an app role, this must be set to **true** (which is the default). To delete a role, this must first be set to **false**. At that point, in a subsequent call, this role may be removed.| |origin|String| Specifies if the app role is defined on the [application](application.md) object or on the [servicePrincipal](serviceprincipal.md) entity. Must _not_ be included in any POST or PATCH requests. Read-only. | |value|String|Specifies the value to include in the `roles` claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are `:` `!` `#` `$` `%` `&` `'` `(` `)` `*` `+` `,` `-` `.` `/` `:` `;` <code>&lt;</code> `=` <code>&gt;</code> `?` `@` `[` `]` `^` `+` `_` <code>&#96;</code> `{` <code>&#124;</code> `}` `~`, as well as characters in the ranges `0-9`, `A-Z` and `a-z`. Any other character, including the space character, are not allowed. May not begin with `.`. |
The following is a JSON representation of the resource.
```json {
- "allowedMemberTypes": ["string"],
- "description": "string",
- "displayName": "string",
- "id": "guid",
+ "allowedMemberTypes": ["String"],
+ "description": "String",
+ "displayName": "String",
+ "id": "Guid",
"isEnabled": true,
- "origin": "string",
- "value": "string"
+ "origin": "String",
+ "value": "String"
} ```
v1.0 Approleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approleassignment.md
An app role assignment where the assigned principal is a service principal is an
| Property | Type | Description | |:|:--|:-|
-| id | String | A unique identifier for the **appRoleAssignment** Key. Not nullable. Read-only. |
-| creationTimestamp | DateTimeOffset | The time when the app role assignment was created.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
-| principalId | Guid | The unique identifier (**id**) for the [user](user.md), [group](group.md) or [service principal](serviceprincipal.md) being granted the app role. Required on create. |
-| principalType | String | The type of the assigned principal. This can either be `User`, `Group` or `ServicePrincipal`. Read-only. |
+| id | String | A unique identifier for the **appRoleAssignment** key. Not nullable. Read-only. |
+| creationTimestamp | DateTimeOffset | The time when the app role assignment was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
+| principalId | Guid | The unique identifier (**id**) for the [user](user.md), [group](group.md), or [service principal](serviceprincipal.md) being granted the app role. Required on create. |
+| principalType | String | The type of the assigned principal. This can either be `User`, `Group`, or `ServicePrincipal`. Read-only. |
| principalDisplayName | String |The display name of the user, group, or service principal that was granted the app role assignment. Read-only. Supports `$filter` (`eq` and `startswith`). | | resourceId | Guid |The unique identifier (**id**) for the resource [service principal](serviceprincipal.md) for which the assignment is made. Required on create. Supports `$filter` (`eq` only). | | resourceDisplayName | String | The display name of the resource app's service principal to which the assignment is made. |
Here is a JSON representation of the resource
```json {
- "id": "string",
+ "id": "String",
"creationTimestamp": "String (timestamp)",
- "principalDisplayName": "string",
- "principalId": "guid",
- "principalType": "string",
- "resourceDisplayName": "string",
- "resourceId": "guid",
- "appRoleId": "guid"
+ "principalDisplayName": "String",
+ "principalId": "Guid",
+ "principalType": "String",
+ "resourceDisplayName": "String",
+ "resourceId": "Guid",
+ "appRoleId": "Guid"
} ```
v1.0 Approvalstage https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approvalstage.md
Used for the **approvalStages** property of approval settings in the **requestAp
| isApproverJustificationRequired |Boolean | Indicates whether the approver is required to provide a justification for approving a request. | | isEscalationEnabled |Boolean | If true, then one or more escalation approvers are configured in this approval stage. | | escalationTimeInMinutes |Int32 | If escalation is required, the time a request can be pending a response from a primary approver. |
-| primaryApprovers | [userSet](userset.md) collection| The users who will be asked to approve requests. A collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). |
-| escalationApprovers | [userSet](userset.md) collection| If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md).|
+| primaryApprovers | [userSet](userset.md) collection| The users who will be asked to approve requests. A collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), include at least one **userSet** in this collection. |
+| escalationApprovers | [userSet](userset.md) collection| If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of [singleUser](singleuser.md), [groupMembers](groupmembers.md), [requestorManager](requestormanager.md), [internalSponsors](internalsponsors.md) and [externalSponsors](externalsponsors.md). When creating or updating a [policy](accesspackageassignmentpolicy.md), if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection.|
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/assignedlicense.md
Here is a JSON representation of the resource
```json {
- "disabledPlans": ["guid"],
- "skuId": "guid"
+ "disabledPlans": ["Guid"],
+ "skuId": "Guid"
} ```
v1.0 Assignedplan https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/assignedplan.md
The **assignedPlans** property of both the [user](user.md) entity and the [organ
|:|:--|:-| |assignedDateTime|DateTimeOffset|The date and time at which the plan was assigned; for example: 2013-01-02T19:32:30Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |capabilityStatus|[capabilityStatus](#capabilitystatus-values)|Condition of the capability assignment. The possible values are `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`.|
-|service|String|The name of the service; for example, ΓÇ£ExchangeΓÇ¥.|
-|servicePlanId|Guid|A GUID that identifies the service plan.|
+|service|String|The name of the service; for example, `exchange`.|
+|servicePlanId|Guid|A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference).|
### capabilityStatus values
Here is a JSON representation of the resource
```json { "assignedDateTime": "String (timestamp)",
- "capabilityStatus": "string",
- "service": "string",
- "servicePlanId": "guid"
+ "capabilityStatus": "String",
+ "service": "String",
+ "servicePlanId": "Guid"
} ```
v1.0 Authenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/authenticationmethodconfiguration.md
The following authentication methods are derived from the **authenticationMethod
+ [microsoftAuthenticatorAuthenticationMethodConfiguration](microsoftauthenticatorauthenticationmethodconfiguration.md) + [smsAuthenticationMethodConfiguration](smsauthenticationmethodconfiguration.md) + [temporaryAccessPassAuthenticationMethodConfiguration](smsauthenticationmethodconfiguration.md)++ [x509CertificateAuthenticationMethodConfiguration](x509certificateauthenticationmethodconfiguration.md) ## Properties |Property|Type|Description|
v1.0 Azureadtokenauthentication https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/azureadtokenauthentication.md
+
+ Title: "azureAdTokenAuthentication resource type"
+description: "Defines the Azure AD application used to authenticate with a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# azureAdTokenAuthentication resource type
+
+Namespace: microsoft.graph
++
+Defines the Azure AD application used to authenticate a logic app with a [custom access package workflow extension](customaccesspackageworkflowextension.md). Only the app ID of the application is required. Derived from [customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md).
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|resourceId|String|The **appID** of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.azureAdTokenAuthentication",
+ "baseType": "microsoft.graph.customExtensionAuthenticationConfiguration"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",
+ "resourceId": "String"
+ }
+```
v1.0 Changenotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/changenotification.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the notification sent to the subscriber.
+Represents the notification sent to the subscriber. All the properties of this resource are read-only.
For details, see [Use the Microsoft Graph API to get change notifications](webhooks.md).
None.
| clientState | string | Value of the **clientState** property sent specified in the subscription request (if any). The maximum length is 255 characters. The client can check whether the change notification came from the service by comparing the values of the **clientState** property. The value of the **clientState** property sent with the subscription is compared with the value of the **clientState** property received with each change notification. Optional. | | encryptedContent | [changeNotificationEncryptedContent](changenotificationencryptedcontent.md) | (Preview) Encrypted content attached with the change notification. Only provided if **encryptionCertificate** and **includeResourceData** were defined during the subscription request and if the resource supports it. Optional. | | id | string | Unique ID for the notification. Optional. |
-| lifecycleEvent | lifecycleEventType | The type of lifecycle notification if the current notification is a lifecycle notification. Optional. Supported values are `missed`, `subscriptionRemoved`, `reauthorizationRequired`. |
+| lifecycleEvent | lifecycleEventType | The type of lifecycle notification if the current notification is a lifecycle notification. Optional. Supported values are `missed`, `subscriptionRemoved`, `reauthorizationRequired`. Optional. |
| resource | string | The URI of the resource that emitted the change notification relative to `https://graph.microsoft.com`. Required. |
-| resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Required. |
+| resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Optional. |
| subscriptionExpirationDateTime | DateTimeOffset | The expiration time for the subscription. Required. |
-| subscriptionId | GUID | The unique identifier of the subscription that generated the notification. |
-| tenantId | GUID | The unique identifier of the tenant from which the change notification originated. |
+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification. Required.|
+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. Required.|
## Relationships None.
-## JSON representation
+## JSON representation
The following is a JSON representation of the resource.- <!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
"@odata.type": "microsoft.graph.changeNotification"
-}-->
-
-```json
+}
+-->
+``` json
{
- "subscriptionId": "76222963-cc7b-42d2-882d-8aaa69cb2ba3",
- "changeType": "created",
- "clientState": "client state provided when creating subscription",
- "id": "15ee1d1f-af7b-42d9-885b-9d00db065dd9",
- "tenantId": "2c937fad-a8a7-496c-b0e4-bf77dcc7eb2a",
- "subscriptionExpirationDateTime": "2020-04-12T23:20:50.52Z",
- "resource": "teams('d29828b8-c04d-4e2a-b2f6-07da6982f0f0')/channels('19:f127a8c55ad949d1a238464d22f0f99e@thread.skype')/messages('1565045424600')/replies('1565047490246')",
+ "@odata.type": "#microsoft.graph.changeNotification",
+ "id": "String (identifier)",
+ "subscriptionId": "Guid",
+ "subscriptionExpirationDateTime": "String (timestamp)",
+ "clientState": "String",
+ "changeType": "String",
+ "resource": "String",
+ "tenantId": "Guid",
+ "encryptedContent": {
+ "@odata.type": "microsoft.graph.changeNotificationEncryptedContent"
+ },
+ "lifecycleEvent": "String",
"resourceData": {
- "id": "1565293727947",
- "@odata.type": "#Microsoft.Graph.ChatMessage",
- "@odata.id": "teams('88cbc8fc-164b-44f0-b6a6-b59b4a1559d3')/channels('19:8d9da062ec7647d4bb1976126e788b47@thread.tacv2')/messages('1565293727947')/replies('1565293727947')"
+ "@odata.type": "microsoft.graph.resourceData"
} } ```
v1.0 Changenotificationcollection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/changenotificationcollection.md
The following is a JSON representation of the resource.
], "@odata.type": "microsoft.graph.changeNotificationCollection" }-->-
-```json
+``` json
{
- "value": [],
+ "@odata.type": "#microsoft.graph.changeNotificationCollection",
"validationTokens": [
- "eyJ0eXAiOiJKV1QiLCJhbGciOiJSU..."
+ "String"
+ ],
+ "value": [
+ {
+ "@odata.type": "microsoft.graph.changeNotification"
+ }
] } ```
v1.0 Changenotificationencryptedcontent https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/changenotificationencryptedcontent.md
The following is a JSON representation of the resource.
], "@odata.type": "microsoft.graph.changeNotificationEncryptedContent" }-->-
-```json
+``` json
{
- "data": "{encrypted data that produces a full resource}",
- "dataSignature": "<HMAC-SHA256 hash>",
- "dataKey": "{encrypted symmetric key from Microsoft Graph}",
- "encryptionCertificateId": "MySelfSignedCert/DDC9651A-D7BC-4D74-86BC-A8923584B0AB",
- "encryptionCertificateThumbprint": "07293748CC064953A3052FB978C735FB89E61C3D"
+ "@odata.type": "#microsoft.graph.changeNotificationEncryptedContent",
+ "data": "String",
+ "dataSignature": "String",
+ "dataKey": "String",
+ "encryptionCertificateId": "String",
+ "encryptionCertificateThumbprint": "String"
} ```
The following is a JSON representation of the resource.
<!-- { "type": "#page.annotation",
- "description": "changeNotificationEncryptedConent resource",
+ "description": "changeNotificationEncryptedContent resource",
"keywords": "", "section": "documentation", "tocPath": "",
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| permissionGrants| [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection| A collection of permissions granted to apps for the chat.| | operations | [teamsAsyncOperation](teamsasyncoperation.md) collection | A collection of all the Teams async operations that ran or are running on the chat. Nullable. | lastMessagePreview | [chatMessageInfo](chatmessageinfo.md)| Preview of the last message sent in the chat. Null if no messages have been sent in the chat. Currently, only the [list chats](../api/chat-list.md) operation supports this property.|
+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |
## JSON representation
v1.0 Claimsmappingpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/claimsmappingpolicy.md
Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Co
- Select which claims are included in tokens - Create claim types that do not already exist-- Choose or change the source of data emitted in specific claims
+- Choose or change the source of data emitted in specific claims
+
+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)
For more scenario and configuration details see [How to: Customize claims emitted in tokens for a specific app in a tenant](/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-properties).
The properties below form the JSON object that represents a claims-mapping polic
|:|:--|:-| |Version|Integer|Set value of 1. Required.| |IncludeBasicClaimSet|Boolean|If set to `true`, all claims in the basic claim set are emitted in tokens affected by the policy. If set to `false`, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.|
-|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
-|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. Further details are available in the [ClaimsTransformation definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
## Relationships
v1.0 Cloudpc https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpc.md
Represents a cloud-managed virtual desktop. This Cloud PC is also enrolled into
|[Bulk reprovision remote action](../api/manageddevice-bulkreprovisioncloudpc.md)|None|Bulk reprovision a set of Cloud PC devices with Intune managed device IDs.| |[Resize remote action](../api/manageddevice-resizecloudpc.md)|None|Upgrade or downgrade an existing Cloud PC to another configuration with new vCPU and storage size through Intune managed device ID.| |[Troubleshoot](../api/cloudpc-troubleshoot.md)|None|Troubleshoot a specific [cloudPC](../resources/cloudpc.md) object. Use this API to check the health status of the Cloud PC and the session host.|
+|[Restore remote action](../api/manageddevice-restorecloudpc.md)|None|Restore a Cloud PC device to a previous state from a snapshot.|
+|[Bulk restore remote action](../api/manageddevice-bulkrestorecloudpc.md)|[cloudPcBulkRemoteActionResult](../resources/cloudpcbulkremoteactionresult.md)|Restore multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices and a restore point date and time.|
## Properties
Represents a cloud-managed virtual desktop. This Cloud PC is also enrolled into
|imageDisplayName|String|Name of the OS image that's on the Cloud PC.| |lastLoginResult|[cloudPcLoginResult](../resources/cloudpcloginresult.md)|The last login result of the Cloud PC. For example, `{ "time": "2014-01-01T00:00:00Z"}`.| |lastModifiedDateTime|DateTimeOffset|The last modified date and time of the Cloud PC. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|lastRemoteActionResult|[cloudPcRemoteActionResult](../resources/cloudpcremoteactionresult.md)|The last remote action result of the enterprise Cloud PCs. The supported remote actions are: `Rename`, `Reboot`, `Reprovision`, and `Troubleshoot`.|
+|lastRemoteActionResult|[cloudPcRemoteActionResult](../resources/cloudpcremoteactionresult.md)|The last remote action result of the enterprise Cloud PCs. The supported remote actions are: `Reboot`, `Rename`, `Reprovision`, `Restore`, and `Troubleshoot`.|
|managedDeviceId|String|The Intune device ID of the Cloud PC.| |managedDeviceName|String|The Intune device name of the Cloud PC.| |onPremisesConnectionName|String|The on-premises connection that is applied during the provisioning of Cloud PCs.|
Represents a cloud-managed virtual desktop. This Cloud PC is also enrolled into
|servicePlanId|String|The service plan ID of the Cloud PC.| |servicePlanName|String|The service plan name of the Cloud PC.| |servicePlanType|[cloudPcServicePlanType](../resources/cloudpcserviceplan.md#cloudpcserviceplantype-values)|The service plan type of the Cloud PC.|
-|status|[cloudPcStatus](#cloudpcstatus-values)|The status of the Cloud PC. Possible values are: `notProvisioned`, `provisioning`, `provisioned`, `upgrading`, `inGracePeriod`, `deprovisioning`, `failed`.|
+|status|[cloudPcStatus](#cloudpcstatus-values)|The status of the Cloud PC. Possible values are: `notProvisioned`, `provisioning`, `provisioned`, `upgrading`, `inGracePeriod`, `deprovisioning`, `failed`, `restoring`.|
|statusDetails|[cloudPcStatusDetails](../resources/cloudpcstatusdetails.md)|The details of the Cloud PC status.| |userAccountType|[cloudPcUserAccountType](../resources/cloudpcorganizationsettings.md#cloudpcuseraccounttype-values)|The account type of the user on provisioned Cloud PCs. Possible values are: `standardUser`, `administrator`, and `unknownFutureValue`.| |userPrincipalName|String|The user principal name (UPN) of the user assigned to the Cloud PC.|
Represents a cloud-managed virtual desktop. This Cloud PC is also enrolled into
|provisionedWithWarnings|The Cloud PC is provisioned and can be accessed by end users but with some warnings. The user can continue to use this Cloud PC.| |resizing|The Cloud PC is resizing.| |pendingProvision|The provisioning is pending on the Cloud PC. In this case, the number of Cloud PCs in grace period is more than the number of total available licenses. |
+|restoring|The Cloud PC is restoring.|
|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.| ## Relationships
v1.0 Cloudpcbulkremoteactionresult https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcbulkremoteactionresult.md
+
+ Title: "cloudPcBulkRemoteActionResult resource type"
+description: "Represents the Cloud PC-specified bulk remote action result."
+
+ms.localizationpriority: medium
++
+# cloudPcBulkRemoteActionResult resource type
+
+Namespace: microsoft.graph
++
+Represents the Cloud PC-specified bulk remote action result.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|failedDeviceIds|String collection|A list of all the Intune managed device IDs that completed the bulk action with a failure.|
+|notFoundDeviceIds|String collection|A list of all the Intune managed device IDs that were not found when the bulk action was attempted.|
+|notSupportedDeviceIds|String collection|A list of all the Intune managed device IDs that were identified as unsupported for the bulk action.|
+|successfulDeviceIds|String collection|A list of all the Intune managed device IDs that completed the bulk action successfully.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.cloudPcBulkRemoteActionResult"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.cloudPcBulkRemoteActionResult",
+ "failedDeviceIds": [
+ "String"
+ ],
+ "notFoundDeviceIds": [
+ "String"
+ ],
+ "notSupportedDeviceIds": [
+ "String"
+ ],
+ "successfulDeviceIds": [
+ "String"
+ ]
+}
+```
+
v1.0 Cloudpcremoteactionresult https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcremoteactionresult.md
Represents the Cloud PC-specified remote action result.
|Property|Type|Description| |:|:|:|
-|actionName|String|The specified action. Supported values in the Microsoft Endpoint Manager portal are: `Reprovision`, `Resize`. Supported values in enterprise Cloud PC devices are: `Rename`, `Reboot`, `Reprovision`, `Troubleshoot`.|
+|actionName|String|The specified action. Supported values in the Microsoft Endpoint Manager portal are: `Reprovision`, `Resize`, `Restore`. Supported values in enterprise Cloud PC devices are: `Reboot`, `Rename`, `Reprovision`, `Troubleshoot`.|
|actionState|[actionState](#actionstate-values)|State of the action. Possible values are: `None`, `pending`, `canceled`, `active`, `done`, `failed`, `notSupported`. Read-only.| |cloudPcId|String|The ID of the Cloud PC device on which the remote action is performed. Read-only.| |managedDeviceId|String|The ID of the Intune managed device on which the remote action is performed. Read-only.|
v1.0 Cloudpcrestorepointsetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcrestorepointsetting.md
+
+ Title: "cloudPcRestorePointSetting resource type"
+description: "Represents specific settings of point-in-time restore."
+
+ms.localizationpriority: medium
++
+# cloudPcRestorePointSetting resource type
+
+Namespace: microsoft.graph
++
+Represents the settings of a point-in-time restore of a Cloud PC.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|frequencyInHours|Int32|The time interval in hours to take snapshots (restore points) of a Cloud PC automatically. Possible values are `4`, `6`, `12`, `16`, and `24`. The default frequency is 12 hours.|
+|userRestoreEnabled|Boolean|If `true`, the user has the ability to use snapshots to restore Cloud PCs. If `false`, non-admin users cannot use snapshots to restore the Cloud PC.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.cloudPcRestorePointSetting"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.cloudPcRestorePointSetting",
+ "frequencyInHours": "Integer",
+ "userRestoreEnabled": "Boolean"
+}
+```
v1.0 Cloudpcsnapshot https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcsnapshot.md
+
+ Title: "cloudPcSnapshot resource type"
+description: "Represents a Cloud PC snapshot."
+
+ms.localizationpriority: medium
++
+# cloudPcSnapshot resource type
+
+Namespace: microsoft.graph
++
+Represents a snapshot of the device settings of a Cloud PC that can be used to restore the device system.
++
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of the [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|
+|[Get cloudPcSnapshot](../api/cloudpcsnapshot-get.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md)|Read the properties and relationships of a [cloudPcSnapshot](../resources/cloudpcsnapshot.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|cloudPcId|String|The unique identifier for the Cloud PC.|
+|createdDateTime|DateTimeOffset|The date and time at which the snapshot was taken. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|id|String|The unique identifier for the snapshot of the Cloud PC device at a specific point in time. Inherited from [entity](../resources/entity.md).|
+|lastRestoredDateTime|DateTimeOffset|The date and time at which the snapshot was last used to restore the Cloud PC device. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|status|[cloudPcSnapshotStatus](#cloudpcsnapshotstatus-values)|The status of the Cloud PC snapshot. The possible values are: `ready`, `unknownFutureValue`.|
+
+### cloudPcSnapshotStatus values
+
+|Member|Description|
+|:|:|
+|ready|The snapshot is ready to restore the Cloud PC device.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.cloudPcSnapshot",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.cloudPcSnapshot",
+ "cloudPcId": "String",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastRestoredDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
+
v1.0 Cloudpcusersetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/cloudpcusersetting.md
Title: "cloudPcUserSetting resource type"
-description: "Represent a Cloud PC user setting"
+description: "Represents a Cloud PC user setting"
ms.localizationpriority: medium ms.prod: "cloud-pc"
Represents a Cloud PC user setting.
|displayName|String|The setting name displayed in the user interface. | |localAdminEnabled|Boolean|Indicates whether the local admin option is enabled. Default value is `false`. To enable the local admin option, change the setting to `true`. If the local admin option is enabled, the end user can be an admin of the Cloud PC device. | |selfServiceEnabled|Boolean|Indicates whether the self-service option is enabled. Default value is `false`. To enable the self-service option, change the setting to `true`. If the self-service option is enabled, the end user is allowed to perform some self-service operations, such as upgrading the Cloud PC through the end user portal.|
+|restorePointSetting|[cloudPcRestorePointSetting](../resources/cloudpcrestorepointsetting.md)|Defines how frequently a restore point is created that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.|
|lastModifiedDateTime|DateTimeOffset|The last date and time the setting was modified. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this:ΓÇ»'2014-01-01T00:00:00Z'.ΓÇ»| |createdDateTime|DateTimeOffset|The date and time the setting was created. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'.ΓÇ»|
The following is a JSON representation of the resource.
"displayName": "String", "selfServiceEnabled": "Boolean", "localAdminEnabled": "Boolean",
+ "restorePointSetting": {
+ "@odata.type": "microsoft.graph.cloudPcRestorePointSetting"
+ },
"lastModifiedDateTime": "String (timestamp)", "createdDateTime": "String (timestamp)" }
v1.0 Connectedorganization https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/connectedorganization.md
In [Azure AD entitlement management](entitlementmanagement-overview.md), a conne
|modifiedBy|String|UPN of the user who last modified this resource. Read-only.| |modifiedDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |state|connectedOrganizationState|The state of a connected organization defines whether assignment policies with requestor scope type `AllConfiguredConnectedOrganizationSubjects` are applicable or not. Possible values are: `configured`, `proposed`.|
+|identitySources|[identitySource](identitySource.md) collection| The identity sources in this connected organization, one of [azureActiveDirectoryTenant](azureactivedirectorytenant.md), [domainIdentitySource](domainidentitysource.md) or [externalDomainFederation](externaldomainfederation.md). Read-only. Nullable. Supports `$select` and `$filter`(`eq`). To filter by the derived types, you must declare the resource using its full OData cast, for example, `$filter=identitySources/any(is:is/microsoft.graph.azureActiveDirectoryTenant/tenantId eq 'bcfdfff4-cbc3-43f2-9000-ba7b7515054f')`.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|identitySources|[identitySource](identitySource.md) collection| The identity sources in this connected organization, one of [azureActiveDirectoryTenant](azureactivedirectorytenant.md), [domainIdentitySource](domainidentitysource.md) or [externalDomainFederation](externaldomainfederation.md). Read-only. Nullable. Supports `$select` and `$filter`(`eq`). To filter by the derived types, you must declare the resource using its full OData cast, for example, `microsoft.graph.azureActiveDirectoryTenant.`|
|internalSponsors| [directoryObject](directoryobject.md) collection| Nullable.| |externalSponsors| [directoryObject](directoryobject.md) collection| Nullable.|
v1.0 Contactmergesuggestions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/contactmergesuggestions.md
+
+ Title: "contactMergeSuggestions resource type"
+description: "Represents the feature to suggest merging contact items when Outlook detects duplicates in the user's contacts list"
+
+ms.localizationpriority: medium
++
+# contactMergeSuggestions resource type
+
+Namespace: microsoft.graph
++
+Represents the feature to suggest merging contact items when Outlook detects duplicates in the user's contacts list.
+
+This resource provides a means to enable or disable the feature at the user level. By default, suggestion is enabled. Duplicate contact items remain as duplicates in the contact folder unless the user selects merging them.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[Get](../api/contactmergesuggestions-get.md)|[contactMergeSuggestions](contactmergesuggestions.md)|Read the properties of a **contactMergeSuggestions** object.|
+|[Update](../api/contactmergesuggestions-update.md)|None |Update the properties of a **contactMergeSuggestions** object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|isEnabled|Boolean|`true` if the duplicate contact merge suggestions feature is enabled for the user; `false` if the feature is disabled. Default value is `true`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.contactMergeSuggestions",
+ "openType": false
+}
+-->
+``` json
+{
+ "isEnabled": "Boolean"
+}
+```
+
v1.0 Countrynamedlocation https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/countrynamedlocation.md
Inherits from [namedLocation](../resources/namedLocation.md)
| Property | Type | Description | |:-|:|:| |countriesAndRegions|String collection|List of countries and/or regions in two-letter format specified by ISO 3166-2.|
-|countryLookupMethod|countryLookupMethodType|Determines what method is used to decide which country the user is located in. Possible values are `clientIpAddress` (default) and `authenticatorAppGps`. Note: `authenticatorAppGps` is not yet supported in the Microsoft Cloud for US Government.|
+|countryLookupMethod|countryLookupMethodType|Determines what method is used to decide which country the user is located in. Possible values are `clientIpAddress` (default) and `authenticatorAppGps`.|
|createdDateTime|DateTimeOffset|The Timestamp type represents creation date and time of the location using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. Inherited from [namedLocation](../resources/namedLocation.md).| |displayName|String|Human-readable name of the location. Required. Inherited from [namedLocation](../resources/namedLocation.md).| |id|String|Identifier of a namedLocation object. Read-only. Inherited from [namedLocation](../resources/namedLocation.md).|
v1.0 Crosstenantaccesspolicy Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/crosstenantaccesspolicy-overview.md
Inbound trust settings also enable you to trust devices that are compliant, or h
The cross-tenant access settings API can be used to set up multiple configurations for allowing or blocking access to and from your organization. The following table highlights scenarios, shows an example of the API response, and what the interpretation should be of that response. **b2bSetting** is used as a placeholder for any B2B inbound (**b2bCollaborationInbound** or **b2bDirectConnectInbound**) or outbound (**b2bCollaborationOutbound** or **b2bDirectConnectOutbound**) configuration.
+<br/>
+ <table> <tr>
-<td> Scenario </td> <td> API output </td> <td> Interpretation </td>
+<th> Scenario </th> <th> API output </th> <th> Interpretation </th>
</tr> <tr> <td> Block all users and block all applications </td>
v1.0 Customaccesspackageworkflowextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customaccesspackageworkflowextension.md
+
+ Title: "customAccessPackageWorkflowExtension resource type"
+description: "Defines the attributes of a logic app, which can be called at various stages of an access package request and assignment cycle."
+
+ms.localizationpriority: medium
++
+# customAccessPackageWorkflowExtension resource type
+
+Namespace: microsoft.graph
++
+Defines the attributes of a logic app, which can be called at various stages of an access package request and assignment cycle. You can integrate logic apps with entitlement management to broaden your governance workflows beyond the core entitlement management use cases. The following use cases can be integrated with logic apps using this workflow:
+- When an [access package is requested](accesspackageassignmentrequest.md)
+- When an [access package request is granted](accesspackageassignment.md)
+- When an [access package assignment expires](accesspackageassignment.md)
+
+Inherits and derived from [customCalloutExtension](../resources/customcalloutextension.md).
++
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-list-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) collection|Get a list of the [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) objects and their properties.|
+|[Create customAccessPackageWorkflowExtensions](../api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Create a new [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Get customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-get.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Read the properties and relationships of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Update customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-update.md)|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Update the properties of a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+|[Delete customAccessPackageWorkflowExtension](../api/customaccesspackageworkflowextension-delete.md)|None|Deletes a [customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|clientConfiguration|[customExtensionClientConfiguration](../resources/customextensionclientconfiguration.md)| HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|createdDateTime|DateTimeOffset|Represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|description|String|Description for the customAccessPackageWorkflowExtension object. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Read only.|
+|displayName|String|Display name for the customAccessPackageWorkflowExtension object. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Read only. Supports `$filter` (`contains`).|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow. Inherited from [customCalloutExtension](../resources/customcalloutextension.md).|
+|id|String|Identifier for the customAccessPackageWorkflowExtension object. Inherited from [entity](../resources/entity.md).|
+|lastModifiedDateTime|DateTimeOffset|Represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customAccessPackageWorkflowExtension",
+ "baseType": "microsoft.graph.customCalloutExtension",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customAccessPackageWorkflowExtension",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "createdDateTime": "String (timestamp)",
+ "lastModifiedDateTime": "String (timestamp)",
+ "endpointConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration"
+ }
+}
+```
v1.0 Customcalloutextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customcalloutextension.md
+
+ Title: "customCalloutExtension resource type"
+description: "An abstract type that defines the configuration for logic apps that can be integrated with the customer's entitlement management use cases to implement broader governance workflows. This abstract type is inherited by the customAccessPackageWorkflowExtension resource type"
+
+ms.localizationpriority: medium
++
+# customCalloutExtension resource type
+
+Namespace: microsoft.graph
++
+An abstract type that defines the configuration for logic apps that can be integrated with the customer's entitlement management use cases to implement broader governance workflows. This abstract type is inherited by the [customAccessPackageWorkflowExtension](customaccesspackageworkflowextension.md) resource type.
+
+Inherits from [entity](entity.md).
+
+## Methods
+
+None.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow. |
+|clientConfiguration|[customExtensionClientConfiguration](../resources/customextensionclientconfiguration.md)| HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed.|
+|description|String|Description for the customCalloutExtension object.|
+|displayName|String|Display name for the customCalloutExtension object.|
+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The type and details for configuring the endpoint to call the logic app's workflow.|
+|id|String|Identifier for the customCalloutExtension object. Inherited from [entity](../resources/entity.md).|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customCalloutExtension",
+ "openType": false,
+ "abstract": true
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customCalloutExtension",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "endpointConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration"
+ },
+ "clientConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionClientConfiguration"
+ },
+ "authenticationConfiguration": {
+ "@odata.type": "microsoft.graph.customExtensionAuthenticationConfiguration"
+ }
+}
+```
+
v1.0 Customextensionauthenticationconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionauthenticationconfiguration.md
+
+ Title: "customExtensionAuthenticationConfiguration resource type"
+description: "Abstract base type that exposes the configuration for the **authenticationConfiguration** property of the derived types that inherit from the customCalloutExtension abstract type"
+
+ms.localizationpriority: medium
++
+# customExtensionAuthenticationConfiguration resource type
+
+Namespace: microsoft.graph
++
+Abstract base type that exposes the configuration for the **authenticationConfiguration** property of the derived types that inherit from the [customCalloutExtension](customcalloutextension.md) abstract type. This abstract type is inherited by the [azureAdTokenAuthentication](../resources/azureadtokenauthentication.md) resource type.
+
+## Properties
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionAuthenticationConfiguration",
+ "abstract": true
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionAuthenticationConfiguration "
+}
+```
v1.0 Customextensionclientconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionclientconfiguration.md
+
+ Title: "customExtensionClientConfiguration resource type"
+description: "HTTP connection settings that define how long Azure AD can wait for a a response from a logic app before it shuts down the connection. Only timeoutInMilliseconds is supported."
+
+ms.localizationpriority: medium
++
+# customExtensionClientConfiguration resource type
+
+Namespace: microsoft.graph
++
+HTTP connection settings that define how long Azure AD can wait for a a response from a logic app before it shuts down the connection. Only **timeoutInMilliseconds** is supported.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|timeoutInMilliseconds|Int32|The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between `200` and `2000` milliseconds. Default duration is `1000`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionClientConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionClientConfiguration",
+ "timeoutInMilliseconds": "Integer"
+}
+```
+
v1.0 Customextensionendpointconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionendpointconfiguration.md
+
+ Title: "customExtensionEndpointConfiguration resource type"
+description: "Abstract base type that exposes the derived types used to configure the endpointConfiguration property of a custom access package workflow extension object."
+
+ms.localizationpriority: medium
++
+# customExtensionEndpointConfiguration resource type
+
+Namespace: microsoft.graph
++
+Abstract base type that exposes the derived types used to configure the **endpointConfiguration** property of a [custom access package workflow extension](customaccesspackageworkflowextension.md) object. This abstract type is inherited by the [logicAppTriggerEndpointConfiguration](logicapptriggerendpointconfiguration.md) object.
+
+## Properties
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionEndpointConfiguration",
+ "abstract": true
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionEndpointConfiguration"
+}
+```
v1.0 Customextensionhandler https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionhandler.md
+
+ Title: "customExtensionHandler resource type"
+description: "Defines when to execute a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# customExtensionHandler resource type
+
+Namespace: microsoft.graph
++
+Defines when to execute a [custom access package workflow extension](customaccesspackageworkflowextension.md).
+
+Inherits from [entity](entity.md).
+
+## Methods
+None.
+
+> [!NOTE]
+>
+> 1. To read the customExtensionHandler objects on a policy, append `?$expand=customExtensionHandlers` to a [GET accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-get.md) request. For example, `GET https://graph.microsoft.com/bet#example-2-retrieve-the-custom-extension-handlers-for-a-policy).
+>
+> 2. To delete the **customExtensionHandlers** objects from a policy, call the [Update accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-update.md) and specify the customExtensionHandlers property as an empty collection. For more details, see [Example 2: Remove the customExtensionHandlers from a policy](../api/accesspackageassignmentpolicy-update.md#example-2-remove-the-customextensionhandlers-from-a-policy).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String| Identifier of the stage. Inherited from [entity](../resources/entity.md).|
+|stage|accessPackageCustomExtensionStage|Indicates the stage of the access package assignment request workflow when the access package custom extension runs. The possible values are: `assignmentRequestCreated`, `assignmentRequestApproved`, `assignmentRequestGranted`, `assignmentRequestRemoved`, `assignmentFourteenDaysBeforeExpiration`, `assignmentOneDayBeforeExpiration`, `unknownFutureValue`. |
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|customExtension|[customAccessPackageWorkflowExtension](../resources/customaccesspackageworkflowextension.md)|Indicates which custom workflow extension will be executed at this stage. Nullable. Supports `$expand`.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.customExtensionHandler",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.customExtensionHandler",
+ "id": "String (identifier)",
+ "stage": "String"
+}
+```
+
v1.0 Customextensionhandlerinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customextensionhandlerinstance.md
+
+ Title: "customExtensionHandlerInstance resource type"
+description: "Used to record the status a custom workflow extension instance being run on an access package assignment request."
+
+ms.localizationpriority: medium
++
+# customExtensionHandlerInstance resource type
+
+Namespace: microsoft.graph
++
+Used to record the status of [custom workflow extension](customaccesspackageworkflowextension.md) instance being run on an [access package assignment request](accesspackageassignmentrequest.md).
+
+## Methods
+None
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|customExtensionId|String|Identifier of the [customAccessPackageWorkflowExtension](customaccesspackageworkflowextension.md) triggered at this instance.|
+|externalCorrelationId|String|The unique run ID for the logic app.|
+|stage|accessPackageCustomExtensionStage|Indicates the stage of the request workflow when the access package custom extension runs. The possible values are: `assignmentRequestCreated`, `assignmentRequestApproved`, `assignmentRequestGranted`, `assignmentRequestRemoved`, `assignmentFourteenDaysBeforeExpiration`, `assignmentOneDayBeforeExpiration`, `unknownFutureValue`.|
+|status|accessPackageCustomExtensionHandlerStatus|Status of the request to run the access package custom extension workflow that is associated with the logic app. The possible values are: `requestSent`, `requestReceived`, `unknownFutureValue`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.customExtensionHandlerInstance"
+}
+-->
+``` json
+
+{
+ "@odata.type": "#microsoft.graph.customExtensionHandlerInstance",
+ "stage": "String",
+ "customExtensionId": "String",
+ "externalCorrelationId": "String",
+ "status": "String"
+}
+```
+
v1.0 Device https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/device.md
This resource lets you add your own data to custom properties using [extensions]
|[List devices](../api/device-list.md) | [device](device.md) collection| Retrieve a list of devices registered in the directory. | |[Update device](../api/device-update.md) | [device](device.md) |Update the properties of the device object. | |[Delete device](../api/device-delete.md) | None |Delete the device object. |
-|[List memberOf](../api/device-list-memberof.md) |[directoryObject](directoryobject.md) collection| List the groups that the device is a direct member of. |
-|[List transitive memberOf](../api/device-list-transitivememberof.md) |[directoryObject](directoryobject.md) collection| List the groups that the device is a member of. This operation is transitive. |
+|[List memberOf](../api/device-list-memberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a direct member of. |
+|[List transitive memberOf](../api/device-list-transitivememberof.md) |[directoryObject](directoryobject.md) collection| List the groups and administrative units that the device is a member of. This operation is transitive. |
|[List registeredOwners](../api/device-list-registeredowners.md) |[directoryObject](directoryobject.md) collection| Get the users that are registered owners of the device from the registeredOwners navigation property.| |[List registeredUsers](../api/device-list-registeredusers.md) |[directoryObject](directoryobject.md) collection| Get the registered users of the device from the registeredUsers navigation property.| |[List usageRights](../api/device-list-usagerights.md) | [usageRight](usageright.md) collection | Get a collection of usage rights granted to the device.|
This resource lets you add your own data to custom properties using [extensions]
|:|:--|:-| |commands | [command](command.md) collection | Set of commands sent to this device.| |extensions|[extension](extension.md) collection|The collection of open extensions defined for the device. Read-only. Nullable. |
-|memberOf|[directoryObject](directoryobject.md) collection|Groups that this device is a member of. Read-only. Nullable. Supports `$expand`. |
+|memberOf|[directoryObject](directoryobject.md) collection|Groups and administrative units that this device is a member of. Read-only. Nullable. Supports `$expand`. |
|registeredOwners|[directoryObject](directoryobject.md) collection| The user that cloud joined the device or registered their personal device. The registered owner is set at the time of registration. Currently, there can be only one owner. Read-only. Nullable. Supports `$expand`. | |registeredUsers|[directoryObject](directoryobject.md) collection| Collection of registered users of the device. For cloud joined devices and registered personal devices, registered users are set to the same value as registered owners at the time of registration. Read-only. Nullable. Supports `$expand`. |
-|transitiveMemberOf |[directoryObject](directoryobject.md) collection| Groups that this device is a member of. This operation is transitive. Supports `$expand`. |
+|transitiveMemberOf |[directoryObject](directoryobject.md) collection| Groups and administrative units that this device is a member of. This operation is transitive. Supports `$expand`. |
|usageRights|[usageRight](usageright.md) collection|Represents the usage rights a device has been granted. | ## JSON representation
v1.0 Directoryaudit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/directoryaudit.md
Represents the directory audit items and its collection.
| activityDisplayName | String | Indicates the activity name or the operation name (E.g. "Create User", "Add member to group"). For a list of activities logged, refer to [Azure Ad activity list](/azure/active-directory/active-directory-reporting-activity-audit-logs#azure-ad-audit-activity-list). | | additionalDetails | [keyValue](keyvalue.md) collection | Indicates additional details on the activity. | | category | String | Indicates which resource category that's targeted by the activity. (For example: User Management, Group Management etc..) |
-| correlationId | GUID | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
| id | String | Indicates the unique ID for the activity. | | initiatedBy | [auditActivityInitiator](auditactivityinitiator.md) | Indicates information about the user or app initiated the activity. | | loggedByService | String | Indicates information on which service initiated the activity (For example: Self-service Password Management, Core Directory, B2C, Invited Users, Microsoft Identity Manager, Privileged Identity Management. |
v1.0 Directoryobject https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/directoryobject.md
This resource supports:
| Property | Type |Description| |:|:--|:-|
+|deletedDateTime|DateTimeOffset|Date and time when this object was deleted. Always `null` when the object hasn't been deleted. |
|id|String|The unique identifier for the object. For example, 12345678-9abc-def0-1234-56789abcde. The value of the **id** property is often but not exclusively in the form of a GUID; treat it as an opaque identifier and do not rely on it being a GUID. Key. Not nullable. Read-only.| ## Relationships
v1.0 Directorysetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/directorysetting.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Directory settings can be created based on the available [directorySettingTemplates](directorysettingtemplate.md), and changed from their preset defaults. These settings can govern entity or feature behaviors, both at a tenant-wide level or at a specific entity level. When the same setting is defined at both the tenant-wide and specific entity level, the specific entity level setting may opt-out from the tenant-wide setting. For example, the tenant-wide setting may allow guests to be invited by existing members of groups, but a specific group setting may opt-out and not allow guests to be invited by members of the group. Currently system defined settings are only govern Office groups behavior.
+Directory settings define the configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior. For examples, you can block word lists for group display names or define whether guest users are allowed to be group owners.
-> **Note**: The /beta version of the directorySetting resource type only applies to groups. The /v1.0 version has been renamed to groupSetting.
+By default, all entities inherit the preset defaults. To change the default settings, you must create a new settings object using the [directorySettingTemplates](directorysettingtemplate.md). When the same setting is defined at both the tenant-wide and to a specific group, the entity-level setting overrides the tenant-wide setting. For example, the tenant-wide setting may allow guests to be invited by existing members of groups, but an individual group setting can override and not allow guests to be invited by members of the group.
+
+> [!TIP]
+> The `/v1.0` version of this resource is named [groupSetting](/graph/api/resources/groupsetting?view=graph-rest-1.0&preserve-view=true).
## Methods | Method | Return Type |Description| |:|:--|:-|
-|[Create setting](../api/directorysetting-post-settings.md) | [directorySetting](directorysetting.md) |Create a setting object based on a directorySettingTemplate. The POST request must provide settingValues for all the settings defined in the template.|
+|[Create setting](../api/group-post-settings.md) | [directorySetting](directorysetting.md) |Create a setting object based on a directorySettingTemplate.|
|[Get setting](../api/directorysetting-get.md) | [directorySetting](directorysetting.md) |Read properties of a specific setting object.|
-|[List settings](../api/directorysetting-list.md) | [directorySetting](directorysetting.md) collection |List properties of all setting objects.|
+|[List settings](../api/group-list-settings.md) | [directorySetting](directorysetting.md) collection |List properties of all setting objects.|
|[Update setting](../api/directorysetting-update.md) | [directorySetting](directorysetting.md) |Update a setting object. Only settingValues can be changed in an update.| |[Delete setting](../api/directorysetting-delete.md) | None |Delete a setting object. |
Directory settings can be created based on the available [directorySettingTempla
|displayName|string|Display name of this group of settings, which comes from the associated template. Read-only.| |id|string| Unique identifier for these settings. Read-only.| |templateId|string| Unique identifier for the template used to create this group of settings. Read-only.|
-|values|[settingValue](settingvalue.md) collection| Collection of name value pairs. Must contain and set all the settings defined in the template.|
+|values|[settingValue](settingvalue.md) collection| Collection of name-value pairs corresponding to the name and defaultValue properties in the referenced [directorySettingTemplates](directorysettingtemplate.md) object.|
## Relationships None
v1.0 Directorysettingtemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/directorysettingtemplate.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Directory setting templates represent system-defined settings available to the tenant. [Directory settings](directorysetting.md) can be created based on the available directorySettingTemplates, and values changed from their preset defaults. Directory setting templates cannot be created, updated or deleted. These settings can represent tenant-wide settings, or can represent specific entity settings. Currently, the only templates available apply to Office groups, and include settings such as whether users can create groups or invite guests from outside the organization to become members of a group.
+Directory setting templates represent system-defined settings available to the tenant. [Directory settings](directorysetting.md) can be created based on the available **directorySettingTemplates**, and values changed from their preset defaults. Directory setting templates cannot be created, updated or deleted. These settings can represent tenant-wide settings, or can represent specific entity settings. Currently, the only templates available for groups apply to Microsoft 365 groups, and include settings such as whether users can create groups or invite guests from outside the organization to become members of a group.
-> **Note**: The /beta version of the directorySettingTemplate resource type only applies to groups. The /v1.0 version has been renamed to groupSettingTemplate.
+For more information about the available Microsoft 365 group settings, see [Template settings](/azure/active-directory/enterprise-users/groups-settings-cmdlets).
+
+> [!TIP]
+> The `/v1.0` version of this resource is named [groupSettingTemplate](/graph/api/resources/groupsettingtemplate?view=graph-rest-1.0&preserve-view=true).
## Methods
v1.0 Educationsynchronizationprofile https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/educationsynchronizationprofile.md
Represents a set of configurations used to synchronize education entities and ro
| id | String | The unique identifier for the resource. (read-only) | | displayName | String | Name of the configuration profile for syncing identities. | | dataProvider | [educationSynchronizationDataProvider] | The data provider used for the profile. |
-| expirationDate | Date | The date the profile should be considered expired and cease syncing. When `null`. the profile will never expire. (optional) |
+| expirationDate | Date | The date the profile should be considered expired and cease syncing. Provide the date in `YYYY-MM-DD` format, following [ISO 8601](https://www.iso.org/iso-8601-date-and-time-format.html). Maximum value is 18 months from profile creation. (optional) |
| handleSpecialCharacterConstraint | Bool | Determines if School Data Sync should automatically replace unsupported special characters while syncing from source. | | identitySynchronizationConfiguration | [educationIdentitySynchronizationConfiguration] | Determines how the Profile should [create new][fullsync] or [match existing][dirsync] AAD Users. | | licensesToAssign | [educationSynchronizationLicenseAssignment] collection | License setup configuration. |
v1.0 Enums Search https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/enums-search.md
+
+ Title: "Search enum values"
+description: "Microsoft Graph search enumeration values."
+ms.localizationpriority: medium
+++
+# Search enum values
+
+Namespace: microsoft.graph.search
++
+### answerState values
+
+|Member|
+|:|
+|Published|
+|Draft|
+|Excluded|
+|unknownFutureValue|
+
+<!--
+{
+ "type": "#page.annotation",
+ "namespace": "microsoft.graph.search"
+}
+-->
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
+### accessPackageCustomExtensionHandlerStatus values
+
+|Member|
+|:|
+|requestSent|
+|requestReceived|
+|unknownFutureValue|
+
+### accessPackageCustomExtensionStage values
+
+|Member|
+|:|
+|assignmentRequestCreated|
+|assignmentRequestApproved|
+|assignmentRequestGranted|
+|assignmentRequestRemoved|
+|assignmentFourteenDaysBeforeExpiration|
+|assignmentOneDayBeforeExpiration|
+|unknownFutureValue|
+
+### accessReviewHistoryStatus values
+
+| Member|
+|:--|
+|done|
+|inprogress|
+|error|
+|requested|
+|unknownFutureValue|
+
+### accessReviewHistoryDecisionFilter values
+
+| Member|
+|:--|
+|approve|
+|deny|
+|notReviewed|
+|dontKnow|
+|notNotified|
+|unknownFutureValue|
++ ### accessReviewHistoryStatus values |Member|
Namespace: microsoft.graph
### appCredentialRestrictionType values
-|Member|
-|:--|
-|passwordAddition|
-|passwordLifetime|
-|symmetricKeyAddition|
-|symmetricKeyLifetime|
-|unknownFutureValue|
+| Member |
+| : |
+| passwordAddition |
+| passwordLifetime |
+| symmetricKeyAddition |
+| symmetricKeyLifetime |
+| customPasswordAddition |
+| unknownFutureValue |
### appKeyCredentialRestrictionType values
Namespace: microsoft.graph
### searchAlterationType values
-| Member | Description |
-|:|:-|
-|suggestion|Get search results for original user query and the suggested spelling correction information for typos in the query.|
-|modification|Get search results for corrected alterate query and the spelling correction information for typos.|
+| Member |
+|:|
+|modification|
+|suggestion|
### bucketAggregationSortProperty values
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/extensionproperty.md
Represents a directory extension that can be used to add a custom property to di
Extensions can be added to [user](user.md), [group](group.md), [organization](organization.md), [device](device.md), [application](application.md) resources. Only 100 extension values, across *all* types and *all* applications, can be written to any single Azure AD resource.
+Inherits from [directoryObject](directoryobject.md).
+ > [!IMPORTANT] > Azure AD schema extensions described here are available in Microsoft Graph for backwards compatibility reasons only. > It allows you to use Microsoft Graph to continue to manage extension properties added through Azure AD Graph (deprecated) or [Azure AD Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect).
Extensions can be added to [user](user.md), [group](group.md), [organization](or
| Method | Return Type | Description | |:-|:|:|
-| [List extensions](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
-| [Create extension](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
-| [Delete extension](../api/application-delete-extensionproperty.md) | None | Delete an extension property from an application object. |
+| [Create extensionProperties](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
+| [List extensionProperties](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Get extensionProperty](../api/extensionproperty-get.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Delete extensionProperty](../api/extensionproperty-delete.md) | None | Delete an extension property from an application object. |
+
+> [!TIP]
+> 1. To set a value for the extension property to an instance of a resource that is specified in **targetObjects**, use the Update operation of the resource. For example, the [Update user](../api/user-update.md) API to set the value for a user.
+> 2. To remove the extension property and its value from an instance of a resource that is specified in **targetObjects**, set the value of the extension property to `null`.
## Properties
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
+|deletedDateTime|DateTimeOffset|Date and time when this object was deleted. Always `null` when the object hasn't been deleted. Inherited from [directoryObject](directoryobject.md).|
|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. | |name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
+ "keyProperty": "id",
"@odata.type": "microsoft.graph.extensionProperty",
- "keyProperty": "id"
-}-->
-
-```json
+ "baseType": "microsoft.graph.directoryObject",
+ "openType": true
+}
+-->
+``` json
{
+ "@odata.type": "#microsoft.graph.extensionProperty",
+ "id": "String (identifier)",
+ "deletedDateTime": "String (timestamp)",
"appDisplayName": "String",
- "dataType": "String",
- "isSyncedFromOnPremises": true,
"name": "String",
- "targetObjects": ["String"]
+ "dataType": "String",
+ "isSyncedFromOnPremises": "Boolean",
+ "targetObjects": [
+ "String"
+ ]
} ```
v1.0 Group https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/group.md
This resource supports:
| [delta](../api/group-delta.md) | group collection | Get incremental changes for groups. | | [Add members](../api/group-post-members.md) | [directoryObject](directoryobject.md) | Add a user or group to this group by posting to the **members** navigation property (supported for security groups and Microsoft 365 groups only). | | [Add owners](../api/group-post-owners.md) | [directoryObject](directoryobject.md) | Add a new owner for the group by posting to the **owners** navigation property (supported for security groups and Microsoft 365 groups only). |
-| [Create setting](../api/directorysetting-post-settings.md) | [directorySetting](directorysetting.md) | Create a setting object based on a directorySettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
+| [Create setting](../api/group-post-settings.md) | [directorySetting](directorysetting.md) | Create a setting object based on a directorySettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
| [Delete setting](../api/directorysetting-delete.md) | None | Delete a setting object. | | [Get endpoint](../api/endpoint-get.md) | [endpoint](endpoint.md) | Read properties and relationships of an endpoint object. | | [Get setting](../api/directorysetting-get.md) | [directorySetting](directorysetting.md) | Read properties of a specific setting object. |
This resource supports:
| [List memberOf](../api/group-list-memberof.md) | [directoryObject](directoryobject.md) collection | Get the groups and administrative units that this group is a direct member of from the memberOf navigation property. | | [List groupLifecyclePolicies](../api/group-list-grouplifecyclepolicies.md) | [groupLifecyclePolicy](grouplifecyclepolicy.md) collection | List group lifecycle policies. | | [List owners](../api/group-list-owners.md) | [directoryObject](directoryobject.md) collection | Get the owners of the group from the **owners** navigation property. |
-| [List settings](../api/directorysetting-list.md) | [directorySetting](directorysetting.md) collection | List properties of all setting objects. |
+| [List settings](../api/group-list-settings.md) | [directorySetting](directorysetting.md) collection | List properties of all setting objects. |
| [List transitive members](../api/group-list-transitivemembers.md) | [directoryObject](directoryobject.md) collection | Get the users, groups, devices, and service principals that are members, including nested members of this group. | | [List transitive memberOf](../api/group-list-transitivememberof.md) | [directoryObject](directoryobject.md) collection | List the groups and administrative units that this group is a member of. This operation is transitive and includes the groups that this group is a nested member of. | | [Remove owner](../api/group-delete-owners.md) | None | Remove an owner from a Microsoft 365 group or a security group through the **owners** navigation property. |
v1.0 Grouplifecyclepolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/grouplifecyclepolicy.md
Here is a JSON representation of the resource.
{ "alternateNotificationEmails": "String", "groupLifetimeInDays": 180,
- "id": "Guid (identifier)",
+ "id": "String (identifier)",
"managedGroupTypes": "String" } ```
v1.0 List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/list.md
description: "The list resource represents a list in a site." Previously updated : 09/11/2017 Title: List
+ Title: List resource
ms.localizationpriority: medium ms.prod: "sharepoint" doc_type: resourcePageType + # List resource Namespace: microsoft.graph
All examples below are relative to a site, for example, `https://graph.microsoft
[List columns]: ../api/list-list-columns.md [Create column]: ../api/list-post-columns.md
-## JSON representation
-
-Here is a JSON representation of a **list** resource.
-
-<!-- { "blockType": "resource",
- "@odata.type": "microsoft.graph.list",
- "keyProperty": "id",
- "optionalProperties": [ "items", "drive"] } -->
-
-```json
-{
- "activities": [{"@odata.type": "microsoft.graph.itemActivity"}],
- "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
- "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
- "displayName": "title of list",
- "drive": { "@odata.type": "microsoft.graph.drive" },
- "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
- "list": {
- "@odata.type": "microsoft.graph.listInfo",
- "hidden": false,
- "template": "documentLibrary | genericList | survey | links | announcements | contacts ..."
- },
- "system": false,
- "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
-
- /* inherited from baseItem */
- "id": "string",
- "name": "name of list",
- "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
- "createdDateTime": "timestamp",
- "description": "description of list",
- "eTag": "string",
- "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
- "lastModifiedDateTime": "timestamp",
- "webUrl": "url to visit the list in a browser"
-}
-```
- ## Properties The **list** resource has the following properties.
The **list** resource has the following relationships to other resources.
[systemFacet]: systemfacet.md [subscription]: subscription.md
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- { "blockType": "resource",
+ "@odata.type": "microsoft.graph.list",
+ "keyProperty": "id",
+ "optionalProperties": [ "items", "drive"] } -->
+
+```json
+{
+ "activities": [{"@odata.type": "microsoft.graph.itemActivity"}],
+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
+ "displayName": "title of list",
+ "drive": { "@odata.type": "microsoft.graph.drive" },
+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
+ "list": {
+ "@odata.type": "microsoft.graph.listInfo",
+ "hidden": false,
+ "template": "documentLibrary | genericList | survey | links | announcements | contacts ..."
+ },
+ "system": false,
+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
+
+ /* inherited from baseItem */
+ "id": "string",
+ "name": "name of list",
+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "createdDateTime": "timestamp",
+ "description": "description of list",
+ "eTag": "string",
+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "lastModifiedDateTime": "timestamp",
+ "webUrl": "url to visit the list in a browser"
+}
+```
+ <!-- { "type": "#page.annotation",
v1.0 Logicapptriggerendpointconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/logicapptriggerendpointconfiguration.md
+
+ Title: "logicAppTriggerEndpointConfiguration resource type"
+description: "The configuration details for the logic app's endpoint that is associated with a custom access package workflow extension."
+
+ms.localizationpriority: medium
++
+# logicAppTriggerEndpointConfiguration resource type
+
+Namespace: microsoft.graph
++
+The configuration details for the logic app's endpoint that is associated with a custom access package workflow extension. Derived from the [customExtensionEndpointConfiguration](customextensionendpointconfiguration.md) abstract type.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|logicAppWorkflowName|String|The name of the logic app.|
+|resourceGroupName|String|The Azure resource group name for the logic app.|
+|subscriptionId|String|Identifier of the Azure subscription for the logic app.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "baseType": "microsoft.graph.customExtensionEndpointConfiguration"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",
+ "subscriptionId": "String",
+ "resourceGroupName": "String",
+ "logicAppWorkflowName": "String"
+}
+```
v1.0 Onpremisesextensionattributes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/onpremisesextensionattributes.md
Namespace: microsoft.graph
The return type of the **onPremisesExtensionAttributes** property of the [user](user.md) object and **extensionAttributes** property of the [device](device.md) object. Returns fifteen custom extension attribute properties.
-On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
+On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false` or `null`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
The **extensionAttributes** property of the [device](device.md) entity is managed only in Azure AD during device [creation](../api/device-post-devices.md) or [update](../api/device-update.md).
v1.0 Passwordcredentialconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/passwordcredentialconfiguration.md
Password credential configuration object that contains properties to configure r
## Properties
-| Property | Type | Description |
-| :- | : | :-- |
-| restrictionType | appCredentialRestrictionType | The type of restriction being applied. The possible values are: `passwordAddition`, `passwordLifetime`, `symmetricKeyAddition`, `symmetricKeyLifetime`, `unknownFutureValue`. Each value of restrictionType can be used only once per policy. |
-| maxLifeTime | Duration | Value that can be used as the maximum number for setting password expiration time in days, hours, minutes or seconds. Defined in ISO 8601 format for Durations. For example, "P4DT12H30M5S" represents a duration of four days, twelve hours, thirty minutes, and five seconds. This property is required when restriction type is set to `passwordLifetime`. |
-| restrictForAppsCreatedAfterDateTime | DateTimeOffset | Enforces the policy for an app created on or after the enforcement date. For existing applications, the enforcement date would be back dated. To apply to all applications, enforcement datetime would be null. |
+| Property | Type | Description |
+| :- | : | : |
+| restrictionType | appCredentialRestrictionType | The type of restriction being applied. The possible values are: `passwordAddition`, `passwordLifetime`, `symmetricKeyAddition`, `symmetricKeyLifetime`,`customPasswordAddition`, `unknownFutureValue`. Each value of restrictionType can be used only once per policy. |
+| maxLifeTime | Duration | Value that can be used as the maximum number for setting password expiration time in days, hours, minutes or seconds. Defined in ISO 8601 format for Durations. For example, "P4DT12H30M5S" represents a duration of four days, twelve hours, thirty minutes, and five seconds. This property is required when restriction type is set to `passwordLifetime`. |
+| restrictForAppsCreatedAfterDateTime | DateTimeOffset | Enforces the policy for an app created on or after the enforcement date. For existing applications, the enforcement date would be backdated. To apply to all applications, this date would be `null`. |
## Relationships
v1.0 Permissionscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/permissionscope.md
Here is a JSON representation of the resource
```json {
- "id": "guid",
- "adminConsentDisplayName": "string",
- "adminConsentDescription": "string",
- "userConsentDisplayName": "string",
- "userConsentDescription": "string",
- "value": "string",
- "type": "string",
+ "id": "Guid",
+ "adminConsentDisplayName": "String",
+ "adminConsentDescription": "String",
+ "userConsentDisplayName": "String",
+ "userConsentDescription": "String",
+ "value": "String",
+ "type": "String",
"isEnabled": true } ```
v1.0 Plannertaskdetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/plannertaskdetails.md
Title: "plannerTaskDetails resource type"
-description: "The **plannerTaskDetails** resource represents the additional information about a task. Each task object has a details object."
+description: "Represents the additional information about a task. Each task object has a details object."
ms.localizationpriority: medium ms.prod: "planner"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-The **plannerTaskDetails** resource represents the additional information about a task. Each [task](plannertask.md) object has a details object.
+Represents the additional information about a task. Each [task](plannertask.md) object has a details object.
## Methods
The **plannerTaskDetails** resource represents the additional information about
| Property | Type |Description| |:|:--|:-| |checklist|[plannerChecklistItems](plannerchecklistitems.md)|The collection of checklist items on the task.|
-|description|String|Description of the task|
+|description|String|Description of the task.|
|id|String| Read-only. ID of the task details. It is 28 characters long and case-sensitive. [Format validation](tasks-identifiers-disclaimer.md) is done on the service.| |previewType|string|This sets the type of preview that shows up on the task. Possible values are: `automatic`, `noPreview`, `checklist`, `description`, `reference`. When set to `automatic` the displayed preview is chosen by the app viewing the task.| |references|[plannerExternalReferences](plannerexternalreferences.md)|The collection of references on the task.| ## Relationships
-None
+None.
## JSON representation
-Here is a JSON representation of the resource.
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
Here is a JSON representation of the resource.
"previewType": "string", "references": {"@odata.type": "microsoft.graph.plannerExternalReferences"} }- ``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 Presence https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/presence.md
This resource supports subscribing to [change notifications](/graph/webhooks).
## Properties
-| Relationship | Type | Description |
+| Property | Type | Description |
| : | :-- | : | | id | string | The user object id | | availability | string collection | The base presence information for a user. Possible values are `Available`, `AvailableIdle`, `Away`, `BeRightBack`, `Busy`, `BusyIdle`, `DoNotDisturb`, `Offline`, `PresenceUnknown` |
v1.0 Rbacapplication https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/rbacapplication.md
Role management container for unified role definitions and role assignments for
|:-|:|:| | [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Create a new unifiedRoleAssignment by posting to the roleAssignments collection. | | [List roleAssignments](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get a unifiedRoleAssignment object collection. Only specific instances can be queried, by filtering on roleDefitionId or principalId. |
+| [List transitiveRoleAssignments](../api/rbacapplication-list-transitiveroleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
| [Create unifiedRoleDefinition](../api/rbacapplication-post-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) | Create a new unifiedRoleDefinition by posting to the roleDefinitions collection. | | [List roleDefinitions](../api/rbacapplication-list-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) collection | Get a unifiedRoleDefinition object collection. | | [roleSchedules](../api/rbacapplication-roleschedules.md) | [unifiedRoleScheduleBase](unifiedroleschedulebase.md) collection | Function to retrieve a collection of unifiedRoleScheduleBase objects. |
None
## Relationships |Relationship|Type|Description| |:|:|:|
+|resourceNamespaces|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Resource that represents a collection of related actions.|
|roleAssignments|[unifiedRoleAssignment](../resources/unifiedroleassignment.md) collection| Resource to grant access to users or groups. | |roleDefinitions|[unifiedRoleDefinition](../resources/unifiedroledefinition.md) collection| Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. | |roleAssignmentApprovals|[approval](../resources/approval.md) collection| Decisions associated with a role assignment approval.|
None
|roleEligibilityScheduleInstances|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedRoleEligibilityScheduleInstance.md) collection| Instances of eligible role assignments through Azure AD Privileged Identity Management. | |roleEligibilityScheduleRequests|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) collection| Requests for eligible role assignments through Azure AD Privileged Identity Management. | |roleEligibilitySchedules|[unifiedRoleEligibilitySchedule](../resources/unifiedRoleEligibilitySchedule.md) collection| Schedule for eligible role assignments through Azure AD Privileged Identity Management. |-
+|transitiveRoleAssignments|[unifiedRoleAssignment](../resources/unifiedroleassignment.md) collection| Resource to grant access to users or groups that are transitive. |
## JSON representation
v1.0 Rbacapplicationmultiple https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/rbacapplicationmultiple.md
None
|Relationship|Type|Description| |:|:|:|
+|resourceNamespaces|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Resource that represents a collection of related actions.|
|roleAssignments|[unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) collection| Resource to grant access to users or groups. | |roleDefinitions|[unifiedRoleDefinition](../resources/unifiedroledefinition.md) collection| Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles. |
v1.0 Resourceaccess https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/resourceaccess.md
Namespace: microsoft.graph
Object used to specify an OAuth 2.0 permission scope or an app role that an application requires, through the **resourceAccess** property of the [requiredResourceAccess](requiredresourceaccess.md) resource type. ## Properties+ | Property | Type |Description| |:|:--|:-|
-|id|GUID|The unique identifier for one of the [oauth2PermissionScopes](permissionscope.md) or [appRole](approle.md) instances that the resource application exposes.|
-|type|String|Specifies whether the **id** property references an [oauth2PermissionScopes](permissionscope.md) or an [appRole](approle.md). The possible values are: `Scope` (for OAuth 2.0 permission scopes) or `Role` (for app roles).|
+|id|Guid|The unique identifier of an [app role](approle.md) or [delegated permission](permissionScope.md) exposed by the resource application. For delegated permissions, this should match the **id** property of one of the [delegated permissions](permissionscope.md) in the **oauth2PermissionScopes** collection of the resource application's [service principal](serviceprincipal.md). For app roles (application permissions), this should match the **id** property of an [app role](approle.md) in the **appRoles** collection of the resource application's [service principal](serviceprincipal.md).|
+|type|String|Specifies whether the **id** property references a [delegated permission](permissionscope.md) or an [app role](approle.md) (application permission). The possible values are: `Scope` (for delegated permissions) or `Role` (for app roles).|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "GUID",
+ "id": "Guid",
"type": "String" }
v1.0 Resourcedata https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/resourcedata.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the resouce data attached to the change notification sent to the subscriber.
+Represents the resouce data attached to the change notification sent to the subscriber. This resource is an open type and allows other properties to be passed in.
For details, see [Use the Microsoft Graph API to get change notifications](webhooks.md).
None.
## Properties
-For Outlook resources, **resourceData** contains the following fields:
+None except for Outlook resources where **resourceData** contains the following fields:
| Property | Type | Description | |:|:--|:|
-| @odata.type | string | The OData entity type in Microsoft Graph that describes the represented object. |
-| @odata.id | string | The OData identifier of the object. |
-| @odata.etag | string | The HTTP entity tag that represents the version of the object. |
-| id | string | The identifier of the object. |
+| @odata.type | String | The OData entity type in Microsoft Graph that describes the represented object. |
+| @odata.id | String | The OData identifier of the object. |
+| @odata.etag | String | The HTTP entity tag that represents the version of the object. |
+| id | String | The identifier of the object. |
-> **Note:** The `id` value provided in **resourceData** is valid at the time the change notification was generated. Some actions, such as moving a message to another folder, might result in the `id` no longer being valid when the change notification is processed.
+> **Note:** The **id** value provided in **resourceData** is valid at the time the change notification was generated. Some actions, such as moving a message to another folder, might result in the `id` no longer being valid when the change notification is processed.
## Relationships
The following is a JSON representation of the resource.
<!-- { "blockType": "resource", "optionalProperties": [-
+ "@odata.type",
+ "@odata.id",
+ "@odata.etag",
+ "id"
], "@odata.type": "microsoft.graph.resourceData" }--> ```json {
- "id": "1565293727947",
- "@odata.type": "#Microsoft.Graph.ChatMessage",
- "@odata.id": "teams('88cbc8fc-164b-44f0-b6a6-b59b4a1559d3')/channels('19:8d9da062ec7647d4bb1976126e788b47@thread.tacv2')/messages('1565293727947')/replies('1565293727947')"
+ "@odata.type": "#microsoft.graph.resourceData"
} ```
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/riskdetection.md
For more information about risk events, see [Azure Active Directory Identity Pro
|id|string|Unique ID of the risk detection. | |requestId|string|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.| |correlationId|string|Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in. |
-|riskEventType|string|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. |
+|riskEventType|string|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. <br/> For more information about each value, see [riskEventType values](#riskeventtype-values).|
|riskState|riskState|The state of a detected risky user or sign-in. The possible values are `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, and `unknownFutureValue`. | |riskLevel|riskLevel|Level of the detected risk. The possible values are `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`.| |riskDetail|riskDetail|Details of the detected risk. The possible values are `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`. <br />**Note:** Details for this property are only available for Azure AD Premium P2 customers. P1 customers will be returned `hidden`.|
For more information about risk events, see [Azure Active Directory Identity Pro
|additionalInfo|string|Additional information associated with the risk detection in JSON format. | |riskType (deprecated)|riskEventType|List of risk event types.<br />**Note:** This property is deprecated. Use **riskEventType** instead. |
+### riskEventType values
+
+| Member | Description |
+|--|--|
+| unlikelyTravel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |
+| anonymizedIPAddress | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |
+| maliciousIPAddress | Indicates sign-ins from IP addresses known to be malicious. Deprecated and no longer generated for new detections. |
+| unfamiliarFeatures | Indicates sign-ins with characteristics that deviate from past sign-in properties. |
+| malwareInfectedIPAddress | Indicates sign-ins from IP addresses infected with malware |
+| suspiciousIPAddress | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |
+| leakedCredentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |
+| investigationsThreatIntelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |
+| generic | Indicates that the user was not enabled for Identity Protection. |
+| adminConfirmedUserCompromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyusers-confirmcompromised.md). |
+| mcasImpossibleTravel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |
+| mcasSuspiciousInboxManipulationRules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|
+| investigationsThreatIntelligenceSigninLinked | Identifies activity that is unusual with known attack patterns based on threat intelligence |
+| maliciousIPAddressValidCredentialsBlockedIP | Indicates that sign-in was made with valid credentials from a malicious IP address. |
+| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |
++ ## JSON representation The following is a JSON representation of the resource.
v1.0 Schemaextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/schemaextension.md
See the [schema extension example](/graph/extensibility-schema-groups) to learn
| Property | Type |Description| |:|:--|:-| |description|String|Description for the schema extension. Supports `$filter` (`eq`).|
-|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). |
+|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). <br/><br> **Note:** We recommend that your **id** starts with an alphabetic letter between A-Z because query capabilities might be limited for IDs that begin with integers. |
|owner|String| The `appId` of the application that is the owner of the schema extension. This property can be supplied on creation, to set the owner. If not supplied, then the calling application's `appId` will be set as the owner. In either case, the signed-in user must be the owner of the application. So, for example, if creating a new schema extension definition using Graph Explorer, you **must** supply the owner property. Once set, this property is read-only and cannot be changed. Supports `$filter` (`eq`).| |properties|[extensionSchemaProperty](extensionschemaproperty.md) collection|The collection of property names and types that make up the schema extension definition.| |status|String|The lifecycle state of the schema extension. Possible states are **InDevelopment**, **Available**, and **Deprecated**. Automatically set to **InDevelopment** on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|
v1.0 Search Acronym https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-acronym.md
+
+ Title: "acronym resource type"
+description: "An acronym is an administrative answer in Microsoft Search results to define common acronyms in a organization."
+
+ms.localizationpriority: medium
++
+# acronym resource type
+
+Namespace: microsoft.graph.search
++
+An acronym is an administrative answer in Microsoft Search results to define common acronyms in an organization.
+
+Inherits from [searchAnswer](../resources/search-searchAnswer.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List acronyms](../api/search-searchentity-list-acronyms.md)|[microsoft.graph.search.acronym](../resources/search-acronym.md) collection|Get a list of the [acronym](../resources/search-acronym.md) objects and their properties.|
+|[Create acronym](../api/search-searchentity-post-acronyms.md)|[microsoft.graph.search.acronym](../resources/search-acronym.md)|Create a new [acronym](../resources/search-acronym.md) object.|
+|[Get acronym](../api/search-acronym-get.md)|[microsoft.graph.search.acronym](../resources/search-acronym.md)|Read the properties and relationships of an [acronym](../resources/search-acronym.md) object.|
+|[Update acronym](../api/search-acronym-update.md)|[microsoft.graph.search.acronym](../resources/search-acronym.md)|Update the properties of an [acronym](../resources/search-acronym.md) object.|
+|[Delete acronym](../api/search-acronym-delete.md)|None|Deletes an [acronym](../resources/search-acronym.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|description|String|A brief description of the acronym that gives users more info about the acronym and what it stands for. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|displayName|String|The actual short form or acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|id|String|The unique identifier (GUID) for the acronym. Inherited from [entity](../resources/entity.md).|
+|lastModifiedBy|[microsoft.graph.identitySet](../resources/identityset.md)|Details of the user that created or last modified the acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only.|
+|lastModifiedDateTime|DateTimeOffset|Timestamp of when the acronym is created or edited. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only.|
+|standsFor|String collection|What the acronym stands for.|
+|state|microsoft.graph.search.answerState|State of the acronym. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|webUrl|String|The URL of the page or website where users can go for more information about the acronym. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.search.acronym",
+ "baseType": "microsoft.graph.search.searchAnswer",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.acronym",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "webUrl": "String",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
+ "lastModifiedDateTime": "String (timestamp)",
+ "standsFor": [
+ "String"
+ ],
+ "state": "String"
+}
+```
+
v1.0 Search Answerkeyword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-answerkeyword.md
+
+ Title: "answerKeyword resource type"
+description: "Answer keywords allow users to define words and phrases that will trigger an administrative search answer to appear in search results."
+
+ms.localizationpriority: medium
++
+# answerKeyword resource type
+
+Namespace: microsoft.graph.search
++
+An answer keyword is used to configure words and phrases that will trigger an administrative search answer to appear in search results.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|keywords|String collection|A collection of keywords used to trigger the search answer.|
+|matchSimilarKeywords|Boolean|If `true`, indicates that the search term contains similar words to the keywords that should trigger the search answer.|
+|reservedKeywords|String collection|Unique keywords that will guarantee the search answer is triggered.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.search.answerKeyword"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.answerKeyword",
+ "keywords": [
+ "String"
+ ],
+ "reservedKeywords": [
+ "String"
+ ],
+ "matchSimilarKeywords": "Boolean"
+}
+```
+
v1.0 Search Answervariant https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-answervariant.md
+
+ Title: "answerVariant resource type"
+description: "An answer variant can be used to change certain properties of a search answer based on country or platform."
+
+ms.localizationpriority: medium
++
+# answerVariant resource type
+
+Namespace: microsoft.graph.search
++
+An answer variant can be used to change certain fields of a search answer based on country or platform.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|description|String|Answer variation description shown on search results page.|
+|displayName|String|Answer variation name displayed in search results.|
+|webUrl|String|Answer variation URL link. When users click this answer variation in search results, they will go to this URL.|
+|languageTags|String collection|List of countries or regions able to view this search answer.|
+|platforms|microsoft.graph.platform collection|List of devices and operating systems able to view this answer variation. Possible values are: `unknown`, `ios`, `android`, `windows`, `windowsMobile`, `macOS`.|
++
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.search.answerVariant"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.answerVariant",
+ "displayName": "String",
+ "webUrl": "String",
+ "description": "String",
+ "languageTags": ["String"],
+ "platforms": ["String"]
+}
+```
+
v1.0 Search Api Answers Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-api-answers-overview.md
+
+ Title: "Use the Microsoft Search API to manage administrative answers"
+description: "Use Microsoft Graph to manage administrative search answers in the Microsoft Search experience."
+ms.localizationpriority: high
+++
+# Use the Microsoft Search API to manage administrative answers
++
+You can use Microsoft Graph to manage administrative search answer results in the [Microsoft Search](/microsoftsearch/overview-microsoft-search) experience.
+
+Requests to manage administrative search answers are performed by global administrators, search administrators, search editors, or are performed on behalf of an application without the presence of a signed-in user, identified using an [access token with application permission](/graph/auth-v2-service).
+
+## Common use cases
+
+The use cases for the APIs in this section involve managing administrative answers such as acronyms, bookmarks, and QnAs for an organization.
+
+| Use cases | REST resources |
+|:-|:--|
+| **Search answer actions** | |
+| Create, update, or delete a search answer | [acronym](search-acronym.md), [bookmark](search-bookmark.md), [qna](search-qna.md) |
+
+## Supported language tags
+A language tag of a [bookmark](search-bookmark.md) or [qna](search-qna.md) represents a geographically specific language in which that search answer (**bookmark** or **qna**) can be viewed. A language tag follows the pattern {language}-{REGION}. For more information on the pattern, see [RFC 4646](https://datatracker.ietf.org/doc/html/rfc4646).
+
+The following table lists the language tags, locales, and the corresponding country or region that you can set in the [Microsoft 365 admin center](https://admin.microsoft.com/) to publish a search answer. The **Locale** column describes the language as used in that country or region.
+
+| Supported language tag | Locale | Choice of country or region in Microsoft 365 admin center |
+| -- | - | - |
+|`es-AR`| Spanish (Argentina) | Argentina |
+|`en-AU`| English (Australia) | Australia |
+|`de-AT`| German (Austria) |Austria |
+|`fr-BE`| French (Belgium) |Belgium - French |
+|`nl-BE`| Dutch (Belgium) | Belgium - Dutch |
+|`en-CA`| English (Canada) | Canada - English |
+|`fr-CA`| French (Canada) | Canada - French |
+|`fr-FR`| French (France) | France |
+|`de-DE`| German (Germany) | Germany |
+|`zh-HK`| Chinese (Hong Kong) | Hong Kong |
+|`en-IN`| English (India) | India |
+|`it-IT`| Italian (Italy) | Italy |
+|`pt-BR`| Portuguese (Brazil) | Brazil |
+|`en-ID`| English (Indonesia) | Indonesia |
+|`ja-JP`| Japanese (Japan) | Japan |
+|`ko-KR`| Korean (South Korea) | Korea |
+|`en-MY`| English (Malaysia) | Malaysia |
+|`es-MX`| Spanish (Mexico) | Mexico |
+|`nl-NL`| Dutch (Netherlands) | Netherlands |
+|`nb-NO`| Norwegian Bokmål (Norway) | Norway |
+|`zh-CN`| Chinese (China) | People's Republic of China |
+|`pl-PL`| Polish (Poland) | Poland |
+|`ru-RU`| Russian (Russia) | Russia |
+|`ar-SA`| Arabic (Saudi Arabia) | Saudi Arabia |
+|`sv-SE`| Swedish (Sweden) | Sweden |
+|`es-ES`| Spanish (Spain) | Spain |
+|`fr-CH`| French (Switzerland) | Switzerland - French |
+|`de-CH`| German (Switzerland) | Switzerland - German |
+|`en-ZA`| English (South Africa) | South Africa |
+|`zh-TW`| Chinese (Taiwan) | Taiwan |
+|`tr-TR`| Turkish (Turkey) | Turkey |
+|`en-GB`| English (United Kingdom) | United Kingdom |
+|`en-US`| English (United States) | United States - English |
+|`es-US`| Spanish (United States) | United States - Spanish |
+
+## What's new
+Find out about the [latest new features and updates](/graph/whats-new-overview) for this API set.
+
+## Next steps
+
+- See the [Microsoft Search API overview](/graph/search-concept-overview).
+- Drill down on the methods, properties, and relationships of the answer type resources: [bookmarks](search-bookmark.md), [acronyms](search-acronym.md), and [QnAs](search-qna.md).
+
v1.0 Search Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-api-overview.md
Search requests run in the context of the signed-in user, identified using an [a
## Common use cases
-The Microsoft Search API provides a [query](../api/search-query.md) method to search across your data in Microsoft Search, where you pass a [searchRequest](searchRequest.md) in the request body, defining the specifics of your search.
+The Microsoft Search API provides a [query](../api/search-query.md) method to search across your data in Microsoft Search, where you pass a [searchRequest](searchrequest.md) in the request body, defining the specifics of your search.
-This section lists the common use cases of the **query** method, based on the properties and parameters you set in the **query** [searchRequest](searchRequest.md) body.
+This section lists the common use cases of the **query** method, based on the properties and parameters you set in the **query** [searchRequest](searchrequest.md) body.
Search requests run on behalf of the user. Search results are scoped to enforce any access control applied to the items. For example, in the context of files, permissions on the files are evaluated as part of the search request. Users cannot access more items in a search than they can otherwise obtain from a corresponding GET operation with the same permissions and access control.
See [refine search results](/graph/search-concept-aggregation) for examples that
## Request spelling correction
-Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchresponse](searchresponse.md).
+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).
In the [searchRequest](./searchrequest.md), specify the **queryAlterationOptions** that should be applied to the query for spelling corrections. For details about the **queryAlterationOptions** property, see [searchAlterationOptions](./searchalterationoptions.md).
For examples that show how to use spelling corrections, see [Request spelling co
The search API allows you to render search results from [connectors](/microsoftsearch/connectors-overview), by using the display layout or result template configured by the IT admin for each connector. The result templates are [Adaptive Cards](https://adaptivecards.io/), which are a semantically meaningful combination of layout and data.
-To get the result template in the [searchresponse](searchresponse.md), you have to set **true** the **enableResultTemplate** property, defined in the [resultTemplateOptions](./resulttemplateoption.md), in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [search hit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is included in the response.
+To get the result template in the [searchResponse](searchresponse.md), you have to set **true** the **enableResultTemplate** property, defined in the [resultTemplateOptions](./resulttemplateoption.md), in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [search hit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is included in the response.
See [Use search display layout](/graph/search-concept-display-layout) for examples.
v1.0 Search Bookmark https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-bookmark.md
+
+ Title: "bookmark resource type"
+description: "A bookmark is an administrative answer in Microsoft Search results for common search queries in an organization. A bookmark has many properties which allow administrators to make common resources more accessible in their organization."
+
+ms.localizationpriority: medium
++
+# bookmark resource type
+
+Namespace: microsoft.graph.search
++
+A bookmark is an administrative answer in Microsoft Search results for common search queries in an organization. A bookmark has many properties which allow administrators to make common resources more accessible in their organization.
+
+Inherits from [searchAnswer](../resources/search-searchAnswer.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List bookmarks](../api/search-searchentity-list-bookmarks.md)|[microsoft.graph.search.bookmark](../resources/search-bookmark.md) collection|Get a list of the [bookmark](../resources/search-bookmark.md) objects and their properties.|
+|[Create bookmark](../api/search-searchentity-post-bookmarks.md)|[microsoft.graph.search.bookmark](../resources/search-bookmark.md)|Create a new [bookmark](../resources/search-bookmark.md) object.|
+|[Get bookmark](../api/search-bookmark-get.md)|[microsoft.graph.search.bookmark](../resources/search-bookmark.md)|Read the properties and relationships of a [bookmark](../resources/search-bookmark.md) object.|
+|[Update bookmark](../api/search-bookmark-update.md)|[microsoft.graph.search.bookmark](../resources/search-bookmark.md)|Update the properties of a [bookmark](../resources/search-bookmark.md) object.|
+|[Delete bookmark](../api/search-bookmark-delete.md)|None|Deletes a [bookmark](../resources/search-bookmark.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier (GUID) for the bookmark. Inherited from [entity](../resources/entity.md).|
+|displayName|String|Bookmark name displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Bookmark description shown on search results page. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Bookmark URL link. When users click this bookmark in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|lastModifiedBy|[microsoft.graph.identitySet](../resources/identityset.md)|Details of the user that created or last modified the bookmark. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only.|
+|lastModifiedDateTime|DateTimeOffset|Timestamp of when the bookmark is created or edited. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only. |
+|categories|String collection|Categories commonly used to describe this bookmark. For example, IT and HR.|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the bookmark will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the bookmark will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|A list of language names that are geographically specific and that this bookmark can be viewed in. Each language tag value follows the pattern {language}-{REGION}. As an example, `en-US` is English as used in the United States. See [supported language tags](search-api-answers-overview.md#supported-language-tags) for the list of possible values.|
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this bookmark. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a bookmark for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|powerAppIds|String collection|List of Power Apps associated with this bookmark. If users add existing Power Apps to a bookmark, they can complete tasks, such as to enter vacation time or to report expenses on the search results page.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this bookmark to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the bookmark. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|isSuggested|Boolean|True if this bookmark was suggested to the admin by a user or was mined and suggested by Microsoft. Read-only.|
+|groupIds|String collection|List of security groups able to view this bookmark.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.search.bookmark",
+ "baseType": "microsoft.graph.search.searchAnswer",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.bookmark",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "webUrl": "String",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
+ "lastModifiedDateTime": "String (timestamp)",
+ "categories": [
+ "String"
+ ],
+ "availabilityStartDateTime": "String (timestamp)",
+ "availabilityEndDateTime": "String (timestamp)",
+ "languageTags": [
+ "String"
+ ],
+ "platforms": [
+ "String"
+ ],
+ "targetedVariations": [
+ {
+ "@odata.type": "microsoft.graph.search.answerVariant"
+ }
+ ],
+ "powerAppIds": [
+ "String"
+ ],
+ "keywords": {
+ "@odata.type": "microsoft.graph.search.answerKeyword"
+ },
+ "state": "String",
+ "isSuggested": "Boolean",
+ "groupIds": [
+ "String"
+ ]
+}
+```
+
v1.0 Search Qna https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-qna.md
+
+ Title: "qna resource type"
+description: "Represents a question and answer (Q&A) in Microsoft Search."
+
+ms.localizationpriority: medium
++
+# qna resource type
+
+Namespace: microsoft.graph.search
++
+Q&As are administrative answer results in the search results page which provide answers for specific search keywords. Q&As allow administrators to answer the user's questions directly in search instead of providing a link to a webpage. A Q&A has many properties which allow administrators to make common resources more accessible in their organization.
+
+Inherits from [searchAnswer](../resources/search-searchAnswer.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List qnas](../api/search-searchentity-list-qnas.md)|[microsoft.graph.search.qna](../resources/search-qna.md) collection|Get a list of the [qna](../resources/search-qna.md) objects and their properties.|
+|[Create qna](../api/search-searchentity-post-qnas.md)|[microsoft.graph.search.qna](../resources/search-qna.md)|Create a new [qna](../resources/search-qna.md) object.|
+|[Get qna](../api/search-qna-get.md)|[microsoft.graph.search.qna](../resources/search-qna.md)|Read the properties and relationships of a [qna](../resources/search-qna.md) object.|
+|[Update qna](../api/search-qna-update.md)|[microsoft.graph.search.qna](../resources/search-qna.md)|Update the properties of a [qna](../resources/search-qna.md) object.|
+|[Delete qna](../api/search-qna-delete.md)|None|Deletes a [qna](../resources/search-qna.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier (GUID) for the qna. Inherited from [entity](../resources/entity.md).|
+|displayName|String|Question displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|description|String|Answer displayed in search results. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|webUrl|String|Qna URL link. When users click this qna in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|
+|lastModifiedBy|[microsoft.graph.identitySet](../resources/identityset.md)|Details of the user that created or last modified the qna. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only. |
+|lastModifiedDateTime|DateTimeOffset| Timestamp of when the qna is created or edited. Inherited from [searchAnswer](../resources/search-searchAnswer.md). Read-only.|
+|availabilityStartDateTime|DateTimeOffset|Timestamp of when the qna will start to appear as a search result. Set as `null` for always available.|
+|availabilityEndDateTime|DateTimeOffset|Timestamp of when the qna will stop to appear as a search result. Set as `null` for always available.|
+|languageTags|String collection|A list of language names that are geographically specific and that this QnA can be viewed in. Each language tag value follows the pattern {language}-{REGION}. As an example, `en-US` is English as used in the United States. See [supported language tags](search-api-answers-overview.md#supported-language-tags) for the list of possible values. |
+|platforms|microsoft.graph.devicePlatformType collection|List of devices and operating systems able to view this qna. Possible values are: `unknown`, `android`, `androidForWork`, `ios`, `macOS`, `windowsPhone81`, `windowsPhone81AndLater`, `windows10AndLater`, `androidWorkProfile`, `androidASOP`.|
+|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a qna for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|
+|keywords|[microsoft.graph.search.answerKeyword](../resources/search-answerKeyword.md)|Keywords that trigger this qna to appear in search results.|
+|state|microsoft.graph.search.answerState|State of the qna. Possible values are: `published`, `draft`, `excluded`, or `unknownFutureValue`.|
+|isSuggested|Boolean| True if this qna was suggested to the admin by a user or was mined and suggested by Microsoft. Read-only.|
+|groupIds|String collection|List of security groups able to view this qna.|
++
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.search.qna",
+ "baseType": "microsoft.graph.search.searchAnswer",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.qna",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "webUrl": "String",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
+ "lastModifiedDateTime": "String (timestamp)",
+ "availabilityStartDateTime": "String (timestamp)",
+ "availabilityEndDateTime": "String (timestamp)",
+ "languageTags": [
+ "String"
+ ],
+ "platforms": [
+ "String"
+ ],
+ "targetedVariations": [
+ {
+ "@odata.type": "microsoft.graph.search.answerVariant"
+ }
+ ],
+ "keywords": {
+ "@odata.type": "microsoft.graph.search.answerKeyword"
+ },
+ "state": "String",
+ "isSuggested": "Boolean",
+ "groupIds": [
+ "String"
+ ]
+}
+```
+
v1.0 Search Searchanswer https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/search-searchanswer.md
+
+ Title: "searchAnswer resource type"
+description: "The search answer is a base type for other search answers."
+
+ms.localizationpriority: medium
++
+# searchAnswer resource type
+
+Namespace: microsoft.graph.search
++
+The search answer is a base type for other search answers, such as [acronym](../resources/search-acronym.md), [bookmark](../resources/search-bookmark.md), and [QnA](../resources/search-qna.md) resources. Includes properties that apply to other search answer entities.
++
+Inherits from [entity](../resources/entity.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier (GUID) for the search answer. Inherited from [entity](../resources/entity.md).|
+|displayName|String|Search answer name displayed in search results.|
+|description|String|Search answer description shown on search results page.|
+|webUrl|String|Search answer URL link. When users click this search answer in search results, they will go to this URL.|
+|lastModifiedBy|[microsoft.graph.identitySet](../resources/identityset.md)|Details of the user that created or last modified the search answer. Read-only.|
+|lastModifiedDateTime|DateTimeOffset|Timestamp of when the search answer is created or edited. Read-only.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.search.searchAnswer",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.search.searchAnswer",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "webUrl": "String",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
+ "lastModifiedDateTime": "String (timestamp)"
+}
+```
+
v1.0 Searchalterationoptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/searchalterationoptions.md
Provides the search alteration options for spelling correction.
| Property | Type | Description | |:-|:|:|
-|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, user will get the search results for original search query and suggesting spelling correction in **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true) for typos in query. Optional.|
|enableModification|Boolean|Indicates whether spelling modifications are enabled. If enabled, user will get the search results for corrected query **when there are no results** for the original query with typos and get the spelling modification information in **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true). Optional.|
+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse?view=graph-rest-beta&preserve-view=true) for the typos in the query. Optional.|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "enableSuggestion": true,
- "enableModification": true
+ "enableModification": "Boolean",
+ "enableSuggestion": "Boolean"
} ```
v1.0 Searchentity https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/searchentity.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A top-level object that represents the Microsoft Search API endpoint. This resource serves as an anchor to the [query](../api/search-query.md) action.
+A top level object that represents the Microsoft Search API endpoint.
+
+It serves as an anchor to the [query](../api/search-query.md) action and search answer relationships such as [acronyms](../resources/search-acronym.md), [bookmarks](../resources/search-bookmark.md), and [qnas](../resources/search-qna.md).
[!INCLUDE [search-api-preview](../../includes/search-api-preview-signup.md)]
A top-level object that represents the Microsoft Search API endpoint. This resou
None. ## Relationships
-None.
+| Relationship | Type |Description|
+|:|:--|:-|
+| acronyms | [microsoft.graph.search.acronym](../resources/search-acronym.md) collection | Administrative answer in Microsoft Search results to define common acronyms in a organization. |
+| bookmarks | [microsoft.graph.search.bookmark](../resources/search-bookmark.md) collection | Administrative answer in Microsoft Search results for common search queries in an organization. |
+| qnas | [microsoft.graph.search.qna](../resources/search-qna.md) collection | Administrative answer in Microsoft Search results which provide answers for specific search keywords in an organization. |
+ ## JSON representation The following is a JSON representation of the resource.
v1.0 Serviceannouncement https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceannouncement.md
A top-level container for service communications resources.
None. ## Relationships
-|Property|Type|Description|
+|Relationship|Type|Description|
|-|-|-| |messages|Collection([serviceUpdateMessage](serviceupdatemessage.md))|A collection of service messages for tenant. This property is a contained navigation property, it is nullable and readonly.| |healthOverviews|Collection([serviceHealth](servicehealth.md))|A collection of service health information for tenant. This property is a contained navigation property, it is nullable and readonly.|
v1.0 Serviceplaninfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceplaninfo.md
Here is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "provisioningStatus": "string",
- "servicePlanId": "guid",
- "servicePlanName": "string"
+ "appliesTo": "String",
+ "provisioningStatus": "String",
+ "servicePlanId": "Guid",
+ "servicePlanName": "String"
} ```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|appDisplayName|String|The display name exposed by the associated application.| |appId|String|The unique identifier for the associated application (its **appId** property). Supports `$filter` (`eq`, `ne`, `not`, `in`, `startsWith`).| |applicationTemplateId|String|Unique identifier of the applicationTemplate that the servicePrincipal was created from. Read-only. Supports `$filter` (`eq`, `ne`, `NOT`, `startsWith`).|
-|appOwnerOrganizationId|String|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications.Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications.Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
|appRoleAssignmentRequired|Boolean|Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is `false`. Not nullable. <br><br>Supports `$filter` (`eq`, `ne`, `NOT`). | |appRoles|[appRole](approle.md) collection|The roles exposed by the application which this service principal represents. For more information see the **appRoles** property definition on the [application](application.md) entity. Not nullable. | |customSecurityAttributes|[customSecurityAttributeValue](../resources/customsecurityattributevalue.md)|An open complex type that holds the value of a custom security attribute that is assigned to a directory object. Nullable. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `startsWith`).|
This resource supports using [delta query](/graph/delta-query-overview) to track
{ "accountEnabled": true, "addIns": [{"@odata.type": "microsoft.graph.addIn"}],
- "alternativeNames": "string",
- "appDisplayName": "string",
- "appId": "string",
- "appOwnerOrganizationId": "guid",
- "applicationTemplateId": "string",
+ "alternativeNames": "String",
+ "appDisplayName": "String",
+ "appId": "String",
+ "appOwnerOrganizationId": "Guid",
+ "applicationTemplateId": "String",
"appRoleAssignmentRequired": true, "appRoles": [{"@odata.type": "microsoft.graph.appRole"}], "customSecurityAttributes": { "@odata.type": "microsoft.graph.customSecurityAttributeValue" },
- "disabledByMicrosoftStatus": "string",
- "displayName": "string",
- "errorUrl": "string",
- "homepage": "string",
- "id": "string (identifier)",
+ "disabledByMicrosoftStatus": "String",
+ "displayName": "String",
+ "errorUrl": "String",
+ "homepage": "String",
+ "id": "String (identifier)",
"info": {"@odata.type": "microsoft.graph.informationalUrl"}, "keyCredentials": [{"@odata.type": "microsoft.graph.keyCredential"}],
- "loginUrl": "string",
- "logoutUrl": "string",
+ "loginUrl": "String",
+ "logoutUrl": "String",
"notes": "String",
- "notificationEmailAddresses": ["string"],
+ "notificationEmailAddresses": ["String"],
"publishedPermissionScopes": [{"@odata.type": "microsoft.graph.permissionScope"}], "passwordCredentials": [{"@odata.type": "microsoft.graph.passwordCredential"}], "passwordSingleSignOnSettings": {"@odata.type": "microsoft.graph.passwordSingleSignOnSettings"},
- "preferredSingleSignOnMode": "string",
+ "preferredSingleSignOnMode": "String",
"preferredTokenSigningKeyEndDateTime": "DateTime",
- "preferredTokenSigningKeyThumbprint": "string",
- "replyUrls": ["string"],
- "samlMetadataUrl": "string",
+ "preferredTokenSigningKeyThumbprint": "String",
+ "replyUrls": ["String"],
+ "samlMetadataUrl": "String",
"samlSingleSignOnSettings": "microsoft.DirectoryServices.SamlSingleSignOnSettings",
- "servicePrincipalNames": ["string"],
- "servicePrincipalType": "string",
+ "servicePrincipalNames": ["String"],
+ "servicePrincipalType": "String",
"signInAudience": "String",
- "tags": ["string"],
+ "tags": ["String"],
"tokenEncryptionKeyId": "String", "useCustomTokenSigningKey": false, "verifiedPublisher": {"@odata.type": "microsoft.graph.verifiedPublisher"}
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/subscribedsku.md
The following is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "capabilityStatus": "string",
+ "appliesTo": "String",
+ "capabilityStatus": "String",
"consumedUnits": 1024,
- "id": "string (identifier)",
+ "id": "String (identifier)",
"prepaidUnits": {"@odata.type": "microsoft.graph.licenseUnitsDetail"}, "servicePlans": [{"@odata.type": "microsoft.graph.servicePlanInfo"}],
- "skuId": "guid",
- "skuPartNumber": "string"
+ "skuId": "Guid",
+ "skuPartNumber": "String"
} ```
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/subscription.md
For the possible resource path values for each supported resource and to learn h
| Property | Type | Description | Supported Resources | |:|:--|:|:--|
-| applicationId | String | Identifier of the application used to create the subscription. Read-only. | All |
+| applicationId | String | Optional. Identifier of the application used to create the subscription. Read-only. | All |
| changeType | String | Required. Indicates the type of change in the subscribed resource that will raise a change notification. The supported values are: `created`, `updated`, `deleted`. Multiple values can be combined using a comma-separated list. <br><br>**Note:** <li> Drive root item and list change notifications support only the `updated` changeType. <li>[User](../resources/user.md) and [group](../resources/user.md) change notifications support `updated` and `deleted` changeType. | All | | clientState | String | Optional. Specifies the value of the **clientState** property sent by the service in each change notification. The maximum length is 255 characters. The client can check that the change notification came from the service by comparing the value of the **clientState** property sent with the subscription with the value of the **clientState** property received with each change notification. | All |
-| creatorId | String | Identifier of the user or service principal that created the subscription. If the app used delegated permissions to create the subscription, this field contains the ID of the signed-in user the app called on behalf of. If the app used application permissions, this field contains the ID of the service principal corresponding to the app. Read-only. | All |
-| encryptionCertificate | String | A base64-encoded representation of a certificate with a public key used to encrypt resource data in change notifications. Optional but required when **includeResourceData** is `true`. | All |
+| creatorId | String | Optional. Identifier of the user or service principal that created the subscription. If the app used delegated permissions to create the subscription, this field contains the ID of the signed-in user the app called on behalf of. If the app used application permissions, this field contains the ID of the service principal corresponding to the app. Read-only. | All |
+| encryptionCertificate | String | Optional. A base64-encoded representation of a certificate with a public key used to encrypt resource data in change notifications. Optional but required when **includeResourceData** is `true`. | All |
| encryptionCertificateId | String | Optional. A custom app-provided identifier to help identify the certificate needed to decrypt resource data. Required when **includeResourceData** is `true`. | All | | expirationDateTime | DateTimeOffset | Required. Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to. For the maximum supported subscription length of time, see [the table below](#maximum-length-of-subscription-per-resource-type). | All |
-| id | String | Unique identifier for the subscription. Read-only. | All |
+| id | String | Optional. Unique identifier for the subscription. Read-only. | All |
| includeResourceData | Boolean | Optional. When set to `true`, change notifications [include resource data](/graph/webhooks-with-resource-data) (such as content of a chat message). | All |
-| latestSupportedTlsVersion | String | Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All |
+| latestSupportedTlsVersion | String | Optional. Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All |
| lifecycleNotificationUrl | String | Optional. The URL of the endpoint that receives lifecycle notifications, including `subscriptionRemoved` and `missed` notifications. This URL must make use of the HTTPS protocol. | All |
-| notificationContentType | String | Desired **content-type** for Microsoft Graph change notifications for supported resource types. The default content-type is `application/json`. | All |
-| notificationQueryOptions | String | OData query options for specifying the value for the targeting resource. Clients receive notifications when the resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the **notificationQueryOptions** property. For example, when the print job is completed or when a print job resource `isFetchable` property value becomes `true` etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
+| notificationContentType | String | Optional. Desired **content-type** for Microsoft Graph change notifications for supported resource types. The default content-type is `application/json`. | All |
+| notificationQueryOptions | String |Optional. OData query options for specifying the value for the targeting resource. Clients receive notifications when the resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the **notificationQueryOptions** property. For example, when the print job is completed or when a print job resource `isFetchable` property value becomes `true` etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
| notificationUrl | String | Required. The URL of the endpoint that receives the change notifications. This URL must make use of the HTTPS protocol. | All |
+| notificationUrlAppId| String | Optional. The app ID that the subscription service can use to generate the validation token. This allows the client to validate the authenticity of the notification received. | All |
| resource | String | Required. Specifies the resource that will be monitored for changes. Do not include the base URL (`https://graph.microsoft.com/bet) for each supported resource. | All | ### Maximum length of subscription per resource type
Here is a JSON representation of the resource.
] }-->
-```json
+``` json
{
+ "@odata.type": "#microsoft.graph.subscription",
+ "id": "String (identifier)",
+ "resource": "String",
"changeType": "String",
+ "clientState": "String",
"notificationUrl": "String",
- "lifecycleNotificationUrl": "String",
- "resource": "String",
- "applicationId" : "String",
"expirationDateTime": "String (timestamp)",
- "id": "String (identifier)",
- "clientState": "String",
+ "applicationId": "String",
"creatorId": "String", "includeResourceData": "Boolean",
+ "lifecycleNotificationUrl": "String",
"encryptionCertificate": "String", "encryptionCertificateId": "String", "latestSupportedTlsVersion": "String",
+ "notificationQueryOptions": "String",
"notificationContentType": "String",
- "notificationQueryOptions": "String"
+ "notificationUrlAppId": "String"
} ```
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/team.md
Namespace: microsoft.graph
A team in Microsoft Teams is a collection of [channel](channel.md) objects. A channel represents a topic, and therefore a logical isolation of discussion, within a team.
-Every team is associated with a [group](../resources/group.md). The group has the same ID as the team - for example, `/groups/{id}/team` is the same as `/teams/{id}`. For more information about working with groups and members in teams, see [Use the Microsoft Graph REST API to work with Microsoft Teams](teams-api-overview.md).
+Every team is associated with a [Microsoft 365 group](../resources/group.md). The group has the same ID as the team - for example, `/groups/{id}/team` is the same as `/teams/{id}`. For more information about working with groups and members in teams, see [Use the Microsoft Graph REST API to work with Microsoft Teams](teams-api-overview.md).
## Methods | Method | Return Type |Description| |:|:--|:-| |[Create team](../api/team-post.md) | [teamsAsyncOperation](teamsasyncoperation.md) | Create a team from scratch. |
-|[Create team from group](../api/team-put-teams.md) | [team](team.md) | Create a new team, or add a team to an existing group.|
+|[Create team from group](../api/team-put-teams.md) | [team](team.md) | Create a new team, or add a team to an existing Microsoft 365 group.|
|[Get team](../api/team-get.md) | [team](team.md) | Retrieve the properties and relationships of the specified team.| |[Update team](../api/team-update.md) | [team](team.md) |Update the properties of the specified team. | |[Delete team](../api/group-delete.md) | None |Delete the team and its associated group. |
v1.0 Unifiedrbacresourceaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrbacresourceaction.md
+
+ Title: "unifiedRbacResourceAction resource type"
+description: "Represents an operation that an authorized principal is allowed to perform."
+
+ms.localizationpriority: medium
++
+# unifiedRbacResourceAction resource type
+
+Namespace: microsoft.graph
++
+Represents an operation that an authorized principal is allowed to perform.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRbacResourceActions](../api/unifiedrbacresourcenamespace-list-resourceactions.md)|[unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) collection|Get a list of the [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) objects and their properties.|
+|[Get unifiedRbacResourceAction](../api/unifiedrbacresourceaction-get.md)|[unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md)|Read the properties and relationships of an [unifiedRbacResourceAction](../resources/unifiedrbacresourceaction.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|actionVerb|String|HTTP method for the action, such as `DELETE`, `GET`, `PATCH`, `POST`, `PUT`, or `null`. Supports `$filter` (`eq`) but not for `null` values. |
+|description|String|Description for the action. Supports `$filter` (`eq`). |
+|id|String|Unique identifier for an action within the resource namespace, such as `microsoft.insights-programs-update-patch`. Cannot include slash character (`/`). Case insensitive. Required. Supports `$filter` (`eq`). |
+|name|String|Name for the action within the resource namespace, such as `microsoft.insights/programs/update`. Can include slash character (`/`). Case insensitive. Required. Supports `$filter` (`eq`). |
+|resourceScopeId|String|Not implemented.|
+
+## Relationships
+
+None.
+
+<!-- The resourceScope relationship hasn't been implemented but is in the public schema. To unhide this and its related entities and methods once it's implemented.
+|Relationship|Type|Description|
+|:|:|:|
+|resourceScope| [unifiedRbacResourceScope](unifiedrbacresourcescope.md) |Not implemented.|
+-->
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRbacResourceAction",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRbacResourceAction",
+ "id": "String (identifier)",
+ "actionVerb": "String",
+ "description": "String",
+ "name": "String",
+ "resourceScopeId": "String"
+}
+```
v1.0 Unifiedrbacresourcenamespace https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrbacresourcenamespace.md
+
+ Title: "unifiedRbacResourceNamespace resource type"
+description: "Represents the namespace of the area to which the role permission belongs to."
+
+ms.localizationpriority: medium
++
+# unifiedRbacResourceNamespace resource type
+
+Namespace: microsoft.graph
++
+Represents the namespace of the area or service such as Azure AD, Intune, and Exchange that defines role permissions.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRbacResourceNamespaces](../api/rbacapplicationmultiple-list-resourcenamespaces.md)|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) collection|Get a list of the [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) objects and their properties.|
+|[Get unifiedRbacResourceNamespace](../api/unifiedrbacresourcenamespace-get.md)|[unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md)|Read the properties and relationships of an [unifiedRbacResourceNamespace](../resources/unifiedrbacresourcenamespace.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier of the resource namespace that defines permissions, such as `microsoft.aad.b2c`. Required.|
+|name|String|Name of the resource namespace. Typically, the same name as the **id** property, such as `microsoft.aad.b2c`. Required. Supports `$filter` (`eq`, `startsWith`).|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|resourceActions|[unifiedRbacResourceAction](unifiedrbacresourceaction.md) collection|Operations that an authorized principal are allowed to perform.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRbacResourceNamespace",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRbacResourceNamespace",
+ "id": "String (identifier)",
+ "name": "String"
+}
+```
v1.0 Unifiedroleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleassignment.md
Providing either a directoryScopeId or an appScopeId is required.
| Method | Return Type | Description | |:-|:|:| | [List unifiedRoleAssignment](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read a list of unifiedRoleAssignment objects and their properties. |
+| [List transitiveRoleAssignments](../api/rbacapplication-list-transitiveroleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) collection | Get direct and transitive unifiedRoleAssignments assigned to a specific principal. Specifying principalId is required. |
| [Get unifiedRoleAssignment](../api/unifiedroleassignment-get.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read properties and relationships of unifiedRoleAssignment object. | | [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Create a new unifiedRoleAssignment by posting to the roleAssignment collection. | | [Delete unifiedRoleAssignment](../api/unifiedroleassignment-delete.md) | None | Delete unifiedRoleAssignment object. |
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/user.md
For example: Cameron is administrator of a directory for an elementary school in
|teamwork|[userTeamwork](userteamwork.md)| A container for Microsoft Teams features available for the user. Read-only. Nullable.| |todo|[todo](todo.md)|Represents the To Do services available to a user. | |transitiveReports|[directoryObject](directoryobject.md) collection | The transitive reports for a user. Read-only.|
-|usageRight|[usageRight](usageright.md) collection|Represents the usage rights a user has been granted. |
+|usageRights|[usageRight](usageright.md) collection|Represents the usage rights a user has been granted. |
## JSON representation
v1.0 Usersettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/usersettings.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Settings that represent a userΓÇÖs preferences for [regional locale and languages](../resources/regionalandlanguagesettings.md), for [shift scheduling](../resources/shiftpreferences.md), for Delve and for [item insights](../resources/officegraphinsights.md).
+Settings that represent a userΓÇÖs preferences for the following:
+- Access to Delve
+- [Item insights](../resources/officegraphinsights.md)
+- [Regional locale and languages](../resources/regionalandlanguagesettings.md)
+- [Shift scheduling](../resources/shiftpreferences.md)
+- [Suggestions to merge duplicate contacts](../resources/contactmergesuggestions.md).
+
+Manage Delve accessibility:
+ - Checking whether a user and the user's organization have access to Office Delve.
+ - Disabling or enabling documents in Office Delve for specific users.
+
+Configure the visibility of [itemInsights](../resources/iteminsights.md) and [meeting hours insights](https://support.microsoft.com/office/update-your-meeting-hours-using-the-profile-card-0613d113-d7c1-4faa-bb11-c8ba30a78ef1). ItemInsights are derived between users and other items (such as documents or sites) in Microsoft 365:
+ - Checking whether a user's item and meeting hours insights are enabled.
+ - Disabling or enabling item and meeting hours insights for specific user.
Manage user's locale-based preferences: - Determining what language and regional formatting a user prefers to view applications with.
Manage user's work shift preferences:
- Checking whether a user can be assigned to shifts in a schedule. - Updating a user's shift preferences.
-Manage Delve accessibility:
- - Checking whether a user and the user's organization have access to Office Delve.
- - Disabling or enabling documents in Office Delve for specific users.
-
-Configure the visibility of [itemInsights](../resources/iteminsights.md) and [meeting hours insights](https://support.microsoft.com/office/update-your-meeting-hours-using-the-profile-card-0613d113-d7c1-4faa-bb11-c8ba30a78ef1). ItemInsights are derived between users and other items (such as documents or sites) in Microsoft 365:
- - Checking whether a user's item and meeting hours insights are enabled.
- - Disabling or enabling item and meeting hours insights for specific user.
+Configure [contactMergeSuggestions](../resources/contactmergesuggestions.md):
+ - Determining whether suggestion to merge duplicate contacts for a user is enabled.
+ - Disabling or enabling suggestion to merge duplicate contacts for a user.
To learn how to get or update user settings, see [Get settings](../api/usersettings-get.md) and [Update settings](../api/usersettings-update.md). > [!NOTE]
-> This endpoint works only with users. You can't use this endpoint with contacts.
+> This endpoint works only with the [user](user.md) resource.
## Methods | Method | Return Type |Description|
To learn how to get or update user settings, see [Get settings](../api/usersetti
| Relationship | Type | Description | |:|:--|:-|
-|shiftPreferences|[shiftPreferences](shiftpreferences.md)| The shift preferences for the user. |
-|regionalAndLanguageSettings|[regionalAndLanguageSettings](regionalandlanguagesettings.md)| The user's preferences for languages, regional locale and date/time formatting. |
+|contactMergeSuggestions|[contactMergeSuggestions](contactmergesuggestions.md)| The user's settings for the visibility of merge suggestion for the duplicate contacts in the user's contact list.|
|itemInsights|[userInsightsSettings](userinsightssettings.md)| The user's settings for the visibility of meeting hour insights, and insights derived between a user and other items in Microsoft 365, such as documents or sites. [Get userInsightsSettings](../api/userinsightssettings-get.md) through this navigation property. |
+|regionalAndLanguageSettings|[regionalAndLanguageSettings](regionalandlanguagesettings.md)| The user's preferences for languages, regional locale and date/time formatting. |
+|shiftPreferences|[shiftPreferences](shiftpreferences.md)| The shift preferences for the user. |
++ ## JSON representation
v1.0 Virtualendpoint https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/virtualendpoint.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents a container for APIs to manage Cloud PC.
+Represents a container for APIs to manage Cloud PCs.
-Use the Cloud PC API to provision and manage virtual desktops for employees in an organization. Use it in conjunction with the [Intune API](../resources/intune-graph-overview.md) to manage physical and virtual endpoints.
+Use the Cloud PC API to provision and manage virtual desktops for employees in an organization, or along with the [Intune API](../resources/intune-graph-overview.md) to manage physical and virtual endpoints.
## Methods
Use the Cloud PC API to provision and manage virtual desktops for employees in a
|[List auditEvents](../api/virtualendpoint-list-auditevents.md)|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|List properties and relationships of the [cloudPcAuditEvent](../resources/cloudpcauditevent.md) objects.| |[List supportedRegions](../api/virtualendpoint-list-supportedregions.md)|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|List properties and relationships of the [cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) objects.| |[List servicePlans](../api/virtualendpoint-list-serviceplans.md)|[cloudPcServicePlan](../resources/cloudpcserviceplan.md) collection|List properties and relationships of the [cloudPcServicePlan](../resources/cloudpcserviceplan.md) objects.|
+|[List snapshots](../api/virtualendpoint-list-snapshots.md)|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Get a list of [cloudPcSnapshot](../resources/cloudpcsnapshot.md) objects and their properties.|
## Properties |Property|Type|Description| |:|:|:|
-|id|String|The unique identifier for the virtual endpoint id. Read-only.|
+|id|String|The unique identifier for the virtual endpoint. Read-only.|
## Relationships |Relationship|Type|Description| |:|:|:|
+|auditEvents|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|Cloud PC audit event.|
|cloudPCs|[cloudPC](../resources/cloudpc.md) collection|Cloud managed virtual desktops.| |deviceImages|[cloudPcDeviceImage](../resources/cloudpcdeviceimage.md) collection|The image resource on Cloud PC.| |galleryImages|[cloudPcGalleryImage](../resources/cloudpcgalleryimage.md) collection|The gallery image resource on Cloud PC.| |onPremisesConnections|[cloudPcOnPremisesConnection](../resources/cloudpconpremisesconnection.md) collection|A defined collection of Azure resource information that can be used to establish on-premises network connectivity for Cloud PCs.|
+|organizationSettings|[cloudPcOrganizationSettings](../resources/cloudpcorganizationsettings.md) |The Cloud PC organization settings for a tenant. |
|provisioningPolicies|[cloudPcProvisioningPolicy](../resources/cloudpcprovisioningpolicy.md) collection|Cloud PC provisioning policy.|
-|userSettings|[cloudPcUserSetting](../resources/cloudpcusersetting.md) collection|Cloud PC user settings. |
-|auditEvents|[cloudPcAuditEvent](../resources/cloudpcauditevent.md) collection|Cloud PC audit event.|
-|supportedRegions|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|Cloud PC supported regions.|
|servicePlans|[cloudPcServicePlan](../resources/cloudpcserviceplan.md) collection|Cloud PC service plans.|
-|organizationSettings|[cloudPcOrganizationSettings](../resources/cloudpcorganizationsettings.md) |The Cloud PC organization settings for a tenant. |
-
+|snapshots|[cloudPcSnapshot](../resources/cloudpcsnapshot.md) collection|Cloud PC snapshots.|
+|supportedRegions|[cloudPcSupportedRegion](../resources/cloudpcsupportedregion.md) collection|Cloud PC supported regions.|
+|userSettings|[cloudPcUserSetting](../resources/cloudpcusersetting.md) collection|Cloud PC user settings. |
## JSON representation The following is a JSON representation of the resource.
v1.0 Webhooks https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/webhooks.md
Using the Microsoft Graph API, an app can subscribe to changes on the following
| [group][] | Changes to all groups:<br>`/groups` <br>Changes to a specific group:<br>`/groups/{id}`<br>Changes to owners of a specific group:<br>`/groups/{id}/owners`<br>Changes to members of a specific group:<br>`/groups/{id}/members` | No | | [list][] under a SharePoint [site][] | `/sites/{id}/lists/{id}` | No | | Microsoft 365 group [conversation][] | Changes to a group's conversations:<br>`groups/{id}/conversations` | No |
-| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | No |
-| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | No |
-| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | No |
+| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | Yes |
+| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | Yes |
+| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | Yes |
| Security [alert][] | Changes to a specific alert:<br>`/security/alerts/{id}` <br>Changes to filtered alerts:<br> `/security/alerts/?$filter`| No | | Teams [callRecord][] | Changes to _all_ call records: `/communications/callRecords` | No | | Teams [channel][] | Changes to channels in all teams:<br>`/teams/getAllChannels` <br>Changes to channel in a specific team:<br>`/teams/{id}/channels` | Yes |
v1.0 Windowsapplication https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/windowsapplication.md
+
+ Title: "windowsApplication resource type"
+description: "Represents settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store."
+ms.localizationpriority: medium
+++
+# webApplication resource type
+
+Namespace: microsoft.graph
++
+Represents settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store.
+
+## Properties
+
+| Property | Type | Description |
+|:|:--|:|
+| packageSid | String | The package security identifier that Microsoft has assigned the application. Optional. Read-only. |
+| redirectUris | String collection | Specifies the URLs where user tokens are sent for sign-in or the redirect URIs where OAuth 2.0 authorization codes and access tokens are sent. Only available for applications that support the `PersonalMicrosoftAccount` **signInAudience**. |
+
+## JSON representation
+Here is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.windowsApplication"
+}-->
+
+```json
+{
+ "packageSid": "String",
+ "redirectUris": ["String"]
+}
+
+```
v1.0 Windowshelloforbusinessauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/windowshelloforbusinessauthenticationmethod.md
Inherits from [authenticationMethod](../resources/authenticationmethod.md).
## Relationships |Relationship|Type|Description| |:|:|:|
-|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides.|
+|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides. Supports `$expand`. <br/><br/>When you get a user's Windows Hello for Business registration information, this property is returned only on a single GET and when you specify `?$expand`. For example, GET `/users/admin@contoso.com/authentication/windowsHelloForBusinessMethods/_jpuR-TGZtk6aQCLF3BQjA2?$expand=device`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 X509certificateauthenticationmethodconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/x509certificateauthenticationmethodconfiguration.md
Inherits from [authenticationMethodConfiguration](../resources/authenticationmet
|:|:|:| |[Get x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-get.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object.| |[Update x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-update.md)|[x509CertificateAuthenticationMethodConfiguration](../resources/x509certificateauthenticationmethodconfiguration.md)|Update the properties of a x509CertificateAuthenticationMethodConfiguration object.|
-|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Restore the x509CertificateAuthenticationMethodConfiguration object to its default configuration.|
+|[Delete x509CertificateAuthenticationMethodConfiguration](../api/x509certificateauthenticationmethodconfiguration-delete.md)|None| Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration.|
## Properties
v1.0 Accesspackageassignmentrequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accesspackageassignmentrequest-get.md
Content-Type: application/json
"state": "delivered", "status": "Delivered", "createdDateTime": "2019-10-25T22:55:11.623Z",
- "completedDate": "2019-10-26T22:55:11.623Z",
+ "completedDateTime": "2019-10-26T22:55:11.623Z",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Accessreviewhistorydefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistorydefinition-get.md
+
+ Title: "Get accessReviewHistoryDefinition"
+description: "Retrieve an accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# Get accessReviewHistoryDefinition
+
+Namespace: microsoft.graph
+
+Retrieve an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object by its identifier. All the properties of the access review history definition object are returned. If the definition is 30 days or older, a `404 Not Found` error is returned.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+The signed-in user must also be the creator of the associated review history definition, a Global Administrator directory role member, or a Global Reader directory role member to retrieve the definition.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions/{definition-id}
+```
+## Optional query parameters
+
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. Including `?$expand=instances` will include in the response object the instances associated with the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewhistorydefinition"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/b2cb022f-b7e1-40f3-9854-c65a40861c38
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "displayName": "Last quarter's group reviews April 2021",
+ "reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2021-04-05T00:00:00Z",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "done",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
v1.0 Accessreviewhistorydefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistorydefinition-list-instances.md
+
+ Title: "List instances (of an accessReviewHistoryDefinition)"
+description: "Retrieve the instances of an access review history definition."
+
+ms.localizationpriority: medium
++
+# List instances (of an accessReviewHistoryDefinition)
+
+Namespace: microsoft.graph
+
+Retrieve the [instances](../resources/accessreviewhistoryinstance.md) of an [access review history definition](../resources/accessreviewhistorydefinition.md) created in the last 30 days.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+If the signed-in user is not a global administrator or a global reader, only the definitions that the signed-in user created will be returned.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewHistoryInstance](../resources/accessreviewhistoryinstance.md) objects in the response body.
+
+## Examples
+
+### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewhistoryinstance"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/90e28cb7-4b9a-48f7-ba4e-a2756fda01b2/instances
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewHistoryInstance)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#accessReviewInstances",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "61a617dd-238f-4037-8fa5-d800e515f5bc",
+ "status": "done",
+ "reviewHistoryPeriodStartDate": "2021-02-01T00:00:00Z",
+ "reviewHistoryPeriodEndDate": "2021-03-01T00:00:00Z",
+ "fulfilledDateTime": "2021-03-01T01:38:15.7998393Z",
+ "downloadUri": "https://dfermconsolreportusc.blob.core.windows.net/df-erm-reports/Last quarter's reviews - via graph 2-22be232e-a93d-42a3-8ac5-313cfd29a0eb.csv?sv=2015-04-05&ss=b&srt=o&sp=rl&st=2021-03-01T19:39:38.0000000Z&se=2021-03-02T19:41:38.0000000Z&spr=https&sig=84rlGCIgU4ToMn%2FFLncBXq95O8a8RsFlwQY1Knl%2Fo%2FI%3D"
+ }
+ ]
+}
+```
v1.0 Accessreviewhistoryinstance Generatedownloaduri https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewhistoryinstance-generatedownloaduri.md
+
+ Title: "accessReviewHistoryInstance: generateDownloadUri"
+description: "Generate a URI that can be used to retrieve review history data."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryInstance: generateDownloadUri
+
+Namespace: microsoft.graph
+
+Generates a URI for an [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object the **status** for which is `done`. Each URI can be used to retrieve the instance's review history data. Each URI is valid for 24 hours and can be retrieved by fetching the **downloadUri** property from the [accessReviewHistoryInstance](../resources/accessReviewHistoryInstance.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+To generate the link, the signed-in user must be either the creator of the associated review history definition, or assigned the *Global Administrator* or *Global Reader* [directory roles](/azure/active-directory/roles/permissions-reference).
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and an [accessReviewHistoryInstances](../resources/accessReviewHistoryInstance.md) in the response body.
+
+## Examples
+
+### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewhistoryinstance_generatedownloaduri"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions/b2cb022f-b7e1-40f3-9854-c65a40861c38/instances/b2cb022f-b7e1-40f3-9854-c65a40861c38/generateDownloadUri
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryInstance"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryInstance",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "reviewHistoryPeriodStartDateTime": "2000-06-19T08:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2100-06-19T07:00:00Z",
+ "status": "done",
+ "runDateTime": "2022-01-20T17:46:54.6085806Z",
+ "fulfilledDateTime": "2022-01-20T10:00:24.9114365-08:00",
+ "downloadUri": "https://dfermconsolreportusc.blob.core.windows.net/df-erm-reports/Last months reviews for ELM-e642e792-9884-413d-9299-982b37bfe369.csv?skoid=fa04d013-9f36-4d7d-8b8e-7276fb3bd36e&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2022-01-20T18:03:59Z&ske=2022-01-20T18:05:59Z&sks=b&skv=2020-04-08&sv=2020-04-08&st=2022-01-20T18:04:01Z&se=2022-01-21T18:04:01Z&sr=b&sp=r&sig=...",
+ "expiration": "2022-02-19T10:00:24.9114365-08:00"
+}
+```
v1.0 Accessreviewset List Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewset-list-historydefinitions.md
+
+ Title: "List historyDefinitions"
+description: "Get a list of the accessReviewHistoryDefinition objects."
+
+ms.localizationpriority: medium
++
+# List historyDefinitions
+
+Namespace: microsoft.graph
+
+Retrieve the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) objects created in the last 30 days, including all nested properties.
+
+>[!NOTE]
+>The default page size for this API is 100 **accessReviewHistoryDefinitions** objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+>
+>If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+If the signed-in user is not a Global Admin directory role member or a Global Reader directory role member, only the definitions that the signed-in user created will be returned.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /identityGovernance/accessReviews/historyDefinitions
+```
+
+## Optional query parameters
+
+This method supports the `$top`, `$filter`, `$expand`, and `$skip` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). Including `?$expand=instances` will return the [accessReviewHistoryDefinitions](../resources/accessreviewhistorydefinition.md) objects along with their associated instances.
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) objects in the response body.
+
+## Examples
+
+### Request
+
+# [HTTP](#tab/http)
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewhistorydefinition"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition",
+ "isCollection": "true"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "67e3de15-d263-45a9-8f4f-71271b495db7",
+ "displayName": "Last year's ELM assignment reviews - one time",
+ "reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
+ "reviewHistoryPeriodEndDateTime": "2021-04-05T00:00:00Z",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "done",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ }
+ ]
+ }
+ ]
+}
+```
v1.0 Accessreviewset Post Historydefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/accessreviewset-post-historydefinitions.md
+
+ Title: "Create historyDefinitions"
+description: "Create a new accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# Create historyDefinitions
+
+Namespace: microsoft.graph
+
+Create a new [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+The signed-in user must also be in a directory role that permits them to read an access review to retrieve any data. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-overview.md).
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /identityGovernance/accessReviews/historyDefinitions
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object.
+
+The following table shows the required properties used to create an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md).
+
+|Property|Type|Description|
+|:|:|:|
+|displayName | String | Name for the access review history data collection. Required. |
+|reviewHistoryPeriodStartDateTime | DateTimeOffset | A timestamp. Reviews starting on or after this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|reviewHistoryPeriodEndDateTime | DateTimeOffset | A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|scopes|[accessReviewQueryScope](../resources/accessreviewqueryscope.md) collection| Used to filter which reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required. <br> For more, see [Supported scope queries for accessReviewHistoryDefinition](#supported-scope-queries-for-accessreviewhistorydefinition). |
+| scheduleSettings |[accessReviewHistoryScheduleSettings](../resources/accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined.|
+
+### Supported scope queries for accessReviewHistoryDefinition
+
+The **scopes** property of [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) is based on **accessReviewQueryScope**, a resource that allows you to configure different resources in it's **query** property. These resources then represent the scope of the history definition and dictate the type of review history data that is included in the downloadable CSV file which is generated when the history definition's [accessReviewHistoryInstances](../resources/accessreviewhistoryinstance.md) are created.
+
+Use the following format for the **query** property:
+
+```http
+/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '{object}')
+```
+
+The value of `{object}` is one of the resources that can be configured in an **accessReviewScheduleDefinition**. For example, the following includes every accessReviewScheduleDefinition review result on individual groups (and excludes definitions scoped to all Microsoft 365 groups with guest users).
+
+```http
+/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')
+```
+
+For more supported values, see Use the [$filter query parameter on accessReviewScheduleDefinition](accessreviewset-list-definitions.md#use-the-filter-query-parameter).
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) object in the response body.
+
+## Examples
+
+The following example shows how to create an access review history definition scoped to access reviews on access packages and groups, running between the start date of 01/01/2021 and end date of 04/05/2021.
+
+### Request
+
+# [HTTP](#tab/http)
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_accessreviewhistorydefinition_from_"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
+Content-Type: application/json
+
+{
+ "displayName": "Last quarter's group reviews April 2021",
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "scheduleSettings": {
+ "reportRange": "P1M",
+ "recurrence": {
+ "pattern": {
+ "type": "monthly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2018-08-03T21:02:30.667Z",
+ "count": 0
+ }
+ }
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition"
+}
+-->
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
+ "displayName": "Last quarter's group reviews April 2021",
+ "scheduleSettings": {
+ "reportRange": "P1M",
+ "recurrence": {
+ "pattern": {
+ "type": "monthly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2018-08-03T21:02:30.667Z",
+ "count": 0
+ }
+ }
+ },
+ "decisions": [
+ "approve",
+ "deny",
+ "dontKnow",
+ "notReviewed",
+ "notNotified"
+ ],
+ "status": "requested",
+ "createdDateTime": "2021-04-14T00:22:48.9392594Z",
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
+ "queryRoot": null
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "queryType": "MicrosoftGraph",
+ "query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
+ "queryRoot": null
+ }
+ ]
+}
+```
v1.0 Administrativeunit Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-get.md
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [administrativeUnit](../resources/administrativeunit.md) object in the response body. ## Example
-##### Request
+### Request
Here is an example of the request.
Here is an example of the request.
"name": "get_administrativeunit" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-administrativeunit-csharp-snippets.md)]
GET https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
-
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits/$entity",
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null,
+ "visibility": "HiddenMembership"
} ```
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-update.md
ms.prod: "directory-management"
doc_type: apiPageType
-# Update administrativeunit
+# Update administrativeUnit
Namespace: microsoft.graph
In the request body, supply the values for relevant fields that should be update
|:|:--|:-| |description|string|Description for the administrative unit.| |displayName|string|Display name for the administrative unit.|
-|visibility|string|Visibility for the administrative unit. If not set then the default is "public". Can be set to "HiddenMembership", which hides the membership from non-members.|
-Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to
-add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
+Since the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing **administrativeUnit** instance.
## Response
If successful, this method returns a `204 No Content` response code.
## Example
-##### Request
+### Request
# [HTTP](#tab/http)
If successful, this method returns a `204 No Content` response code.
"name": "update_administrativeunit" }--> ```http
-PATCH https://graph.microsoft.com/v1.0/directory/administrativeUnits/{id}
+PATCH https://graph.microsoft.com/v1.0/directory/administrativeUnits/4d7ea995-bc0f-45c0-8c3e-132e93bf95f8
Content-type: application/json {
- "displayName": "displayName-value",
- "description": "description-value",
- "visibility": "visibility-value"
+ "displayName": "Greater Seattle District Technical Schools"
} ``` # [C#](#tab/csharp)
Content-type: application/json
---
-##### Response
+### Response
<!-- { "blockType": "response"
v1.0 Agreement Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/agreement-delete.md
DELETE https://graph.microsoft.com/v1.0/identityGovernance/termsOfUse/agreements
[!INCLUDE [sample-code](../includes/snippets/go/delete-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Agreement Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/agreement-get.md
GET https://graph.microsoft.com/v1.0/identityGovernance/termsOfUse/agreements/09
[!INCLUDE [sample-code](../includes/snippets/go/get-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Agreement Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/agreement-update.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/update-agreement-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Application List Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-list-extensionproperty.md
The following is an example of the request.
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/v1.0/applications/{id}/extensionProperties
+GET https://graph.microsoft.com/v1.0/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-extensionproperties-csharp-snippets.md)]
HTTP/1.1 200 OK
Content-type: application/json {
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties",
"value": [ {
- "id": "a2c459db-f5dc-4328-ae9b-118e88d04d19",
+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",
"deletedDateTime": null,
- "appDisplayName": "Display name",
- "name": "extension_b3efaf8f68a44275abcff28ef86b2ee3_extensionName",
+ "appDisplayName": "",
"dataType": "String", "isSyncedFromOnPremises": false,
+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",
"targetObjects": [
- "Application"
+ "User"
+ ]
+ },
+ {
+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",
+ "deletedDateTime": null,
+ "appDisplayName": "",
+ "dataType": "String",
+ "isSyncedFromOnPremises": false,
+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",
+ "targetObjects": [
+ "User"
] } ]
v1.0 Application Post Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-post-extensionproperty.md
The following is an example of the request.
}--> ```http
-POST https://graph.microsoft.com/v1.0/applications/{id}/extensionProperties
+POST https://graph.microsoft.com/v1.0/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties
Content-type: application/json {
- "name": "extensionName",
- "dataType": "string",
+ "name": "jobGroup",
+ "dataType": "String",
"targetObjects": [
- "Application"
+ "User"
] } ```
HTTP/1.1 201 Created
Content-type: application/json {
- "id": "a2c459db-f5dc-4328-ae9b-118e88d04d19",
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",
+ "id": "da38c7b1-133e-4a79-abcd-e2fd586ce621",
"deletedDateTime": null,
- "appDisplayName": "Display name",
- "name": "extension_b3efaf8f68a44275abcff28ef86b2ee3_extensionName",
+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",
"dataType": "String", "isSyncedFromOnPremises": false,
+ "name": "extension_25883231668a43a780b25685c3f874bc_jobGroup",
"targetObjects": [
- "Application"
+ "User"
] } ```
v1.0 Application Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the application's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the application that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be "nbf" + 10 mins.</li></ul><br>Here is a code [sample](/graph/application-rollkey-prooftoken) that can be used to generate this proof of possession token.| ## Response
v1.0 Application Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-removepassword.md
POST /applications/{id}/removePassword
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Bitlocker List Recoverykeys https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bitlocker-list-recoverykeys.md
The response might also contain an `odata.nextLink`, which you can use to page t
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys?$filter=deviceId eq '1ab40ab2-32a8-4b00-b6b5-ba724e407de9'
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
v1.0 Bitlockerrecoverykey Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bitlockerrecoverykey-get.md
This method supports the `$select` OData query parameter to return the **key** p
|Name|Description| |:|:| |Authorization|Bearer {token}. Required.|
+|User-Agent|The identifier for the calling application. This value contains information about the operating system and the browser used. Required.|
|ocp-client-name|The name of the client application performing the API call. This header is used for debugging purposes. Optional.| |ocp-client-version|The version of the client application performing the API call. This header is used for debugging purposes. Optional.|
The following is an example of the request. This example does not return the **k
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
ocp-client-name: "My Friendly Client" ocp-client-version: "1.2" ```
The following is an example of the request.
--> ``` http GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4?$select=key
+User-Agent: "Dsreg/10.0 (Windows 10.0.19043.1466)"
+ocp-client-name: "My Friendly Client"
+ocp-client-version: "1.2"
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-bitlockerrecoverykey-key-csharp-snippets.md)]
v1.0 Bookingappointment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/bookingappointment-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http DELETE /solutions/bookingBusinesses/{id}/appointments/{id}- ``` ## Request headers | Name | Description|
If successful, this method returns a `204 No Content` response code. It does not
## Example ### Request
-The following is an example of the request.
+The following is an example of a request.
<!-- { "blockType": "request"
DELETE https://graph.microsoft.com/v1.0/solutions/bookingBusinesses/Contosolunch
``` ### Response
-The following is an example of the response. Note: The response object shown here might be shortened for readability.
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true
v1.0 Channel List Tabs https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/channel-list-tabs.md
Namespace: microsoft.graph
Retrieve the list of [tabs](../resources/teamstab.md) in the specified [channel](../resources/channel.md) within a [team](../resources/team.md).
+> **Note**: The Files tab is native to a channel or chat and is not returned by this API.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Chat Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/chat-post.md
The following table lists the properties that are required to create a chat obje
|:|:|:| |topic|(Optional) String|The title of the chat. The chat title can be provided only if the chat is of `group` type.| |chatType|[chatType](../resources/chat.md#chattype-values)| Specifies the type of chat. Possible values are: `group` and `oneOnOne`. |
-|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every single user, including the user initiating the create request, who will participate in the chat must be specified in this list.|
+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. Guest tenant users must be assigned the `guest` role.|
## Response
-If successful, this method returns a 201 Created response code and the newly created **chat** resource in the response body.
+If successful, this method returns a `201 Created` response code and the newly created **chat** resource in the response body.
## Examples
Content-Type: application/json
} ```
+### Example 4: Create a group chat with tenant guest user
+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_chat_group"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/chats
+Content-Type: application/json
+
+{
+ "chatType": "group",
+ "topic": "Group chat title",
+ "members": [
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8c0a1a67-50ce-4114-bb6c-da9c5dbcf6ca')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('82fe7758-5bb3-4f0d-a43f-e555fd399c6f')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["guest"],
+ "user@odata.bind": "https://graph.microsoft.com/v1.0/users('8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g')"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
+++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.chat"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#chats/$entity",
+ "id": "19:1c5b01696d2e4a179c292bc9cf04e63b@thread.v2",
+ "topic": "Group chat title",
+ "createdDateTime": "2020-12-04T23:11:16.175Z",
+ "lastUpdatedDateTime": "2020-12-04T23:11:16.175Z",
+ "chatType": "group"
+}
+```
v1.0 Columndefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/columndefinition-get.md
GET /sites/{site-id}/lists/{list-id}/contentTypes/{contentType-id}/columns/{colu
## Request body
-
+Do not supply a request body for this method.
-Do not supply a request body with this method.
+## Response
+If successful, this method returns a `200 OK` response code and a [columnDefinition][columnDefinition] object in the response body.
## Example
-
- ### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get_column_from_contenttype" } -->
GET /sites/{site-id}/contentTypes/{contentType-id}/columns/{column-id}
### Response
-
+The following is an example of the response.
<!-- { "blockType": "response", "@type": "microsoft.graph.columnDefinition", "truncated": true } -->
v1.0 Directory List Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directory-list-administrativeunits.md
+
+ Title: "List administrativeUnits"
+description: "Retrieve a list of administrativeUnit objects."
+
+ms.localizationpriority: medium
++
+# List administrativeUnits
+
+Namespace: microsoft.graph
+
+Retrieve a list of [administrativeUnit](../resources/administrativeunit.md) objects.
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.Read.All, Directory.Read.All, AdministrativeUnit.ReadWrite.All, Directory.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+GET /directory/administrativeUnits
+```
+## Optional query parameters
+This method supports the `$count`, `$select`, `$search`, `$filter` (`eq`), and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [administrativeUnit](../resources/administrativeunit.md) objects in the response body.
+## Example
+### Request
+Here is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_administrativeunits"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/directory/administrativeUnits
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+### Response
+Here is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directory/administrativeUnits",
+ "value": [
+ {
+ "id": "4d7ea995-bc0f-45c0-8c3e-132e93bf95f8",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "membershipRule": null,
+ "membershipType": null,
+ "membershipRuleProcessingState": null,
+ "visibility": "HiddenMembership"
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "List administrativeUnits",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directory-post-administrativeunits.md
+
+ Title: "Create administrativeUnit"
+description: "Use this API to create a new administrativeUnit."
+
+ms.localizationpriority: medium
++
+# Create administrativeUnit
+
+Namespace: microsoft.graph
+
+Use this API to create a new [administrativeUnit](../resources/administrativeunit.md).
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AdministrativeUnit.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | AdministrativeUnit.ReadWrite.All |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /directory/administrativeUnits
+
+```
+## Request headers
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+Because the **administrativeUnit** resource supports [extensions](/graph/extensibility-overview), you can use the `POST` operation and add custom properties with your own data to the administrative unit while creating it.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [administrativeUnit](../resources/administrativeunit.md) object in the response body.
+
+## Example
+
+### Request
+
+The following is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_administrativeunit_from_administrativeunits"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/directory/administrativeUnits
+Content-type: application/json
+
+{
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++++
+In the request body, supply a JSON representation of an [administrativeUnit](../resources/administrativeunit.md) object.
+
+### Response
+
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.administrativeUnit"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#administrativeUnits/$entity",
+ "id": "7a3dc8f3-b3a0-4164-9a99-ed36f3af039f",
+ "deletedDateTime": null,
+ "displayName": "Seattle District Technical Schools",
+ "description": "Seattle district technical schools administration",
+ "visibility": "HiddenMembership"
+}
+```
+
+## See also
+
+- [Add custom data to resources using extensions](/graph/extensibility-overview)
+- [Add custom data to users using open extensions (preview)](/graph/extensibility-open-users)
+<!--
+- [Add custom data to groups using schema extensions (preview)](/graph/extensibility-schema-groups)
+-->
++
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create administrativeUnit",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Directoryobject Getavailableextensionproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directoryobject-getavailableextensionproperties.md
POST https://graph.microsoft.com/v1.0/directoryObjects/getAvailableExtensionProp
Content-Type: application/json {
- "isSyncedFromOnPremises": "Boolean"
+ "isSyncedFromOnPremises": true
} ``` # [JavaScript](#tab/javascript)
HTTP/1.1 200 OK
Content-Type: application/json {
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(extensionProperty)",
"value": [ { "@odata.type": "#microsoft.graph.extensionProperty",
v1.0 Entitlementmanagement List Assignmentrequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/entitlementmanagement-list-assignmentrequests.md
Content-Type: application/json
"state": "delivered", "status": "Delivered", "createdDateTime": "2019-10-25T22:55:11.623Z",
- "completedDate": "2019-10-26T22:55:11.623Z",
+ "completedDateTime": "2019-10-26T22:55:11.623Z",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Extensionproperty Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/extensionproperty-delete.md
+
+ Title: "Delete extensionProperty"
+description: "Delete an extensionProperty."
+ms.localizationpriority: medium
+++
+# Delete extensionProperty
+
+Namespace: microsoft.graph
+
+Delete an [extensionProperty](../resources/extensionproperty.md).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Application.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Application.ReadWrite.All |
+|Application | Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+DELETE /applications/{id}/extensionProperties/{id}
+```
+
+## Request headers
+
+| Name | Description|
+|:--|:-|
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "delete_extensionproperty"
+}-->
+
+```http
+DELETE https://graph.microsoft.com/v1.0/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+
+# [PowerShell](#tab/powershell)
++++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Delete extensionProperty",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
+
v1.0 Extensionproperty Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/extensionproperty-get.md
+
+ Title: "Get extensionProperty"
+description: "Read an extensionProperty object."
+
+ms.localizationpriority: medium
++
+# Get extensionProperty
+Namespace: microsoft.graph
+
+Read an [extensionProperty](../resources/extensionproperty.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Application.Read.All, Directory.Read.All, Application.ReadWrite.All |
+|Delegated (personal Microsoft account) | Application.Read.All, Application.ReadWrite.All |
+|Application | Application.Read.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /applications/{applicationsId}/extensionProperties/{extensionPropertyId}
+```
+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [extensionProperty](../resources/extensionproperty.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_extensionproperty"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/applications/fd918e4b-c821-4efb-b50a-5eddd23afc6f/extensionProperties/1f0f15e3-925d-40f0-8fc8-9d3ad135bce0
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.extensionProperty"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications('fd918e4b-c821-4efb-b50a-5eddd23afc6f')/extensionProperties/$entity",
+ "id": "1f0f15e3-925d-40f0-8fc8-9d3ad135bce0",
+ "deletedDateTime": null,
+ "appDisplayName": "b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.",
+ "dataType": "String",
+ "isSyncedFromOnPremises": false,
+ "name": "extension_25883231668a43a780b25685c3f874bc_cpiminternal_useAccountEnabledForPhone",
+ "targetObjects": [
+ "User"
+ ]
+}
+```
+
v1.0 Group Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-assignlicense.md
In the request body, provide a JSON object with the following parameters.
| Parameter | Type |Description| |:|:--|:-| |addLicenses|[assignedLicense](../resources/assignedlicense.md) collection|A collection of [assignedLicense](../resources/assignedlicense.md) objects that specify the licenses to add. You can disable servicePlans associated with a license by setting the **disabledPlans** property on an [assignedLicense](../resources/assignedlicense.md) object.|
-|removeLicenses|GUID collection|A collection of skuIds that identify the licenses to remove.|
+|removeLicenses|Guid collection|A collection of skuIds that identify the licenses to remove.|
## Response
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To remove members from a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-get.md
Get the properties and relationships of a group object.
This operation returns by default only a subset of all the available properties, as noted in the [Properties](../resources/group.md#properties) section. To get properties that are _not_ returned by default, specify them in a `$select` OData query option. The **hasMembersWithLicenseErrors** property is an exception and is not returned in the `$select` query.
+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Return all default properties.
The following is an example of a GET request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "sampleKeys": ["b320ee12-b1cd-4cca-b648-a437be61c5cd"],
The following is an example of a GET request.
```msgraph-interactive GET https://graph.microsoft.com/v1.0/groups/b320ee12-b1cd-4cca-b648-a437be61c5cd ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-
-# [Go](#tab/go)
-
-# [PowerShell](#tab/powershell)
--- #### Response The following is an example of the response. It includes only the default properties.
v1.0 Group List Settings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-list-settings.md
+
+ Title: "List settings"
+description: "Retrieve a list of group setting objects."
+
+ms.localizationpriority: medium
++
+# List settings
+
+Namespace: microsoft.graph
+
+Retrieve a list of tenant-level or group-specific group settings objects.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+### List tenant-wide settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Directory.Read.All, Directory.ReadWrite.All |
+
+### List group-specific settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Group.Read.All, Group.ReadWrite.All |
++
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+
+List tenant-wide settings.
+
+```http
+GET /groupSettings
+```
+
+<!-- { "blockType": "ignored" } -->
+List group-specific settings
+```http
+GET /groups/{groupId}/settings
+```
+
+## Optional query parameters
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
+
+## Request headers
+| Name | Description |
+|:-|:-|
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and collection of [groupSetting](../resources/groupsetting.md) objects in the response body.
+
+## Examples
+
+### Example: Retrieve the tenant-level group settings
+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_groupsettings"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/groupSettings
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++
+#### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.groupSetting",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings",
+ "value": [
+ {
+ "id": "f0b2d6f5-097d-4177-91af-a24e530b53cc",
+ "displayName": "Group.Unified",
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "CustomBlockedWordsList",
+ "value": ""
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "ClassificationDescriptions",
+ "value": ""
+ },
+ {
+ "name": "DefaultClassification",
+ "value": ""
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ },
+ {
+ "name": "AllowGuestsToBeGroupOwner",
+ "value": "false"
+ },
+ {
+ "name": "AllowGuestsToAccessGroups",
+ "value": "true"
+ },
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "GroupCreationAllowedGroupId",
+ "value": ""
+ },
+ {
+ "name": "AllowToAddGuests",
+ "value": "true"
+ },
+ {
+ "name": "UsageGuidelinesUrl",
+ "value": ""
+ },
+ {
+ "name": "ClassificationList",
+ "value": ""
+ },
+ {
+ "name": "EnableGroupCreation",
+ "value": "true"
+ }
+ ]
+ }
+ ]
+}
+```
+
+### Example 2: Retrieve the group settings for a specific group
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_groupsettings_for_a_group"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/groups/05aa6a98-956a-45c0-b13b-88076a23f2cd/settings
+```
++
+#### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.groupSetting"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings",
+ "value": [
+ {
+ "id": "a06fa228-3042-4662-bd09-33e298da1afe",
+ "displayName": "Group.Unified.Guest",
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "List groupSettings",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}-->
+
v1.0 Group List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-list.md
List all the groups in an organization, including but not limited to Microsoft 3
This operation returns by default only a subset of the properties for each group. These default properties are noted in the [Properties](../resources/group.md#properties) section. To get properties that are _not_ returned by default, do a [GET](group-get.md) operation for the group and specify the properties in a `$select` OData query option. The **hasMembersWithLicenseErrors** property is an exception and is not returned in the `$select` query.
+>**Note:** This request might have replication delays for groups that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
Content-type: application/json
} ``` +
+### Example 7: List any groups with any licenses
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_groups_with_licenses"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/groups?$select=id,assignedLicenses&$filter=assignedLicenses/any()
+```
+
+#### Response
+
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.group",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups(id,assignedLicenses)",
+ "value": [
+ {
+ "id": "5caf712c-8483-4b3d-8384-d8da988c0ca4",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [],
+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
+ }
+ ]
+ },
+ {
+ "id": "aae8ec2a-5a08-4013-ae70-fafbb5c20de1",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "7547a3fe-08ee-4ccb-b430-5077c5041653"
+ ],
+ "skuId": "18181a46-0d4e-45cd-891e-60aabd171b4e"
+ }
+ ]
+ },
+ {
+ "id": "e55bdaa0-e104-479a-979e-b0457fff6380",
+ "assignedLicenses": [
+ {
+ "disabledPlans": [
+ "7547a3fe-08ee-4ccb-b430-5077c5041653"
+ ],
+ "skuId": "6fd2c87f-b296-42f0-b197-1e91e994b900"
+ }
+ ]
+ }
+ ]
+}
+```
++ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!-- {
v1.0 Group Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All |
+> [!IMPORTANT]
+> To add members to a role-assignable group, the calling user or app must also be assigned the *RoleManagement.ReadWrite.Directory* permission.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Post Settings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-post-settings.md
+
+ Title: "Create settings"
+description: "Create a new setting, based on the templates available in groupSettingTemplates."
+ms.localizationpriority: medium
+++
+# Create settings
+
+Namespace: microsoft.graph
+
+Create a new setting based on the templates available in [groupSettingTemplates](../resources/groupsettingtemplate.md). These settings can be at the tenant-level or at the group level.
+
+Group settings apply to only Microsoft 365 groups. The template named `Group.Unified` can be used to configure tenant-wide Microsoft 365 group settings, while the template named `Group.Unified.Guest` can be used to configure group-specific settings.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
++
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Directory.ReadWrite.All |
+
+## HTTP request
+
+Create a tenant-wide setting.
+<!-- { "blockType": "ignored" } -->
+```http
+POST /groupSettings
+```
+
+Create a group-specific setting.
+<!-- { "blockType": "ignored" } -->
+```http
+POST /groups/{id}/settings
+```
+
+## Request headers
+
+| Name | Description |
+|:|:-|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json |
+
+## Request body
+In the request body, supply a JSON representation of [groupSetting](../resources/groupsetting.md) object. The display name, templateId, and description are inherited from the referenced [groupSettingTemplates](../resources/groupsettingtemplate.md) object. Only the value property can be changed from the default value.
+
+The following properties are required when creating the [groupSetting](../resources/groupsetting.md) object.
+
+| Parameter | Type |Description|
+|:|:--|:-|
+|templateId|String| Unique identifier for the tenant-level [groupSettingTemplates](../resources/groupsettingtemplate.md) object used to create this group-level settings object. Read-only. |
+|values|[settingValue](../resources/settingvalue.md) collection| Collection of name-value pairs corresponding to the **name** and **defaultValue** properties in the referenced [groupSettingTemplates](../resources/groupsettingtemplate.md) object.|
+
+## Response
+
+If successful, this method returns `201 Created` response code and [groupSetting](../resources/groupsetting.md) object in the response body.
+
+## Example 1: Create a new setting for all Microsoft 365 groups in the tenant
+
+### Request
+
+Only the [groupSettingTemplates](../resources/groupsettingtemplate.md) object named `Group.Unified` can be applied to all Microsoft 365 groups at the tenant-level.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_groupsetting_from_groupsettings"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/groupSettings
+Content-type: application/json
+
+{
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
+++
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.groupSetting"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings/$entity",
+ "id": "844d252c-4de2-43eb-a784-96df77231aae",
+ "displayName": null,
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ }
+ ]
+}
+```
+
+The **displayName** property and other name-value pairs will be populated with the default values from the [groupSettingTemplates](../resources/groupsettingtemplate.md) object that matches the **templateId**.
+
+## Example 2: Create a setting to block guests for a specific Microsoft 365 group
+
+### Request
+
+Only the [groupSettingTemplates](../resources/groupsettingtemplate.md) object named `Group.Unified.Guest` can be applied to specific Microsoft 365 groups.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_groupsetting_from_groupsettings_for_guests"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/groups/055a5d18-a3a9-4338-b9c5-de92559b7ebf/settings
+Content-type: application/json
+
+{
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
+# [Go](#tab/go)
++++
+In the request body, supply a JSON representation of [groupSetting](../resources/groupsetting.md) object.
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.groupSetting"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings/$entity",
+ "id": "a06fa228-3042-4662-bd09-33e298da1afe",
+ "displayName": null,
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Create groupsetting",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}-->
+
v1.0 Groupsetting Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/groupsetting-delete.md
doc_type: apiPageType
Namespace: microsoft.graph
-Delete a group setting.
+Delete a tenant-level or group-specific [groupSetting](../resources/groupsetting.md) object.
## Permissions
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } -->
+Delete a tenant-wide setting.
```http
-DELETE /groupSettings/{id}
-DELETE /groups/{id}/settings/{id}
+DELETE /groupSettings/{groupSettingId}
+```
+<!-- { "blockType": "ignored" } -->
+Delete a group-specific setting.
+```http
+DELETE /groups/{groupId}/settings/{groupSettingId}
``` ## Request headers
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body. ## Example
-##### Request
+
+### Request
+
+In this example, you delete the tenant-level group setting object.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "delete_groupsetting" }-->
-```http
+```msgraph-interactive
DELETE https://graph.microsoft.com/v1.0/groupSettings/{id} ``` # [C#](#tab/csharp)
DELETE https://graph.microsoft.com/v1.0/groupSettings/{id}
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true
v1.0 Groupsetting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/groupsetting-get.md
Title: "Get a group setting"
+ Title: "Get groupSetting"
description: "Retrieve the properties of a specific of group setting object." ms.localizationpriority: medium
ms.prod: "groups"
doc_type: apiPageType
-# Get a group setting
+# Get groupSetting
Namespace: microsoft.graph
-Retrieve the properties of a specific of group setting object.
+Retrieve the properties of a specific group setting object. The setting can be a tenant-level or group-specific setting.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+### List tenant-wide settings
+ |Permission type | Permissions (from least to most privileged) | |:--|:| |Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All | |Delegated (personal Microsoft account) | Not supported. | |Application | Directory.Read.All, Directory.ReadWrite.All |
+### List group-specific settings
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Group.Read.All, Group.ReadWrite.All |
++ ## HTTP request+ <!-- { "blockType": "ignored" } -->
-Get a specific tenant-wide or group setting.
+Get a tenant-wide setting.
```http
-GET /groupSettings/{id}
-GET /groups/{id}/settings/{id}
+GET /groupSettings/{groupSettingId}
```
-## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
-> Note: $filter is not supported.
+<!-- { "blockType": "ignored" } -->
+Get a group-specific setting.
+```http
+GET /groups/{groupId}/settings/{groupSettingId}
+```
+
+## Optional query parameters
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
## Request headers | Name | Description |
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [groupSetting](../resources/groupsetting.md) object in the response body.
-## Example
-##### Request
+## Examples
+
+### Example 1: Get a group setting for a specific group
+
+#### Request
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_groupsetting"
+ "name": "get_groupsettings"
}--> ```msgraph-interactive
-GET https://graph.microsoft.com/v1.0/groupSettings/{id}
+GET https://graph.microsoft.com/v1.0/groups/05aa6a98-956a-45c0-b13b-88076a23f2cd/settings/a06fa228-3042-4662-bd09-33e298da1afe
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-groupsetting-csharp-snippets.md)]
GET https://graph.microsoft.com/v1.0/groupSettings/{id}
-##### Response
+#### Response
-Note: The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 200 OK
Content-type: application/json {
- "displayName": "displayName-value",
- "templateId": "templateId-value",
- "values": [
- {
- "name": "name-value",
- "value": "value-value"
- }
- ],
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings/$entity",
+ "id": "a06fa228-3042-4662-bd09-33e298da1afe",
+ "displayName": "Group.Unified.Guest",
+ "templateId": "08d542b9-071f-4e16-94b0-74abb372e3d9",
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
} ```
+### Example 2: Get the group settings for all Microsoft 365 groups
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_groupsettings_tenantwide"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/groupSettings/84af2ca5-c274-41bf-86e4-6e374ec4def6
+```
+
+#### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.groupSetting"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groupSettings/$entity",
+ "id": "84af2ca5-c274-41bf-86e4-6e374ec4def6",
+ "displayName": "Group.Unified",
+ "templateId": "62375ab9-6b52-47ed-826b-58e47e0e304b",
+ "values": [
+ {
+ "name": "EnableMIPLabels",
+ "value": "true"
+ },
+ {
+ "name": "CustomBlockedWordsList",
+ "value": ""
+ },
+ {
+ "name": "EnableMSStandardBlockedWords",
+ "value": "true"
+ },
+ {
+ "name": "ClassificationDescriptions",
+ "value": ""
+ },
+ {
+ "name": "DefaultClassification",
+ "value": ""
+ },
+ {
+ "name": "PrefixSuffixNamingRequirement",
+ "value": "[Contoso-][GroupName]"
+ },
+ {
+ "name": "AllowGuestsToBeGroupOwner",
+ "value": "false"
+ },
+ {
+ "name": "AllowGuestsToAccessGroups",
+ "value": "true"
+ },
+ {
+ "name": "GuestUsageGuidelinesUrl",
+ "value": "https://privacy.contoso.com/privacystatement"
+ },
+ {
+ "name": "GroupCreationAllowedGroupId",
+ "value": ""
+ },
+ {
+ "name": "AllowToAddGuests",
+ "value": "true"
+ },
+ {
+ "name": "UsageGuidelinesUrl",
+ "value": ""
+ },
+ {
+ "name": "ClassificationList",
+ "value": ""
+ },
+ {
+ "name": "EnableGroupCreation",
+ "value": "true"
+ }
+ ]
+}
+```
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!-- {
v1.0 Groupsetting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/groupsetting-update.md
Title: "Update a group setting"
+ Title: "Update groupSetting"
description: "Update the properties of a specific group setting object." ms.localizationpriority: medium
ms.prod: "groups"
doc_type: apiPageType
-# Update a group setting
+# Update groupSetting
Namespace: microsoft.graph
One of the following permissions is required to call this API. To learn more, in
|Application | Directory.ReadWrite.All | ## HTTP request
-<!-- { "blockType": "ignored" } -->
-
+<!-- { "blockType": "ignored" } -->
+Update a tenant-wide setting.
+```http
+PATCH /groupSettings/{groupSettingId}
+```
+<!-- { "blockType": "ignored" } -->
+Update a group-specific setting.
```http
-PATCH /groupSettings/{id}
-PATCH /groups/{id}/settings/{id}
+PATCH /groups/{groupId}/settings/{groupSettingId}
```+ ## Request headers | Name | Description | |:--|:--|
If successful, this method returns a `204 No Content` response code.
### Example 1: Update a tenant-wide group setting
-In this example, `{id}` is the identifier of the tenant-wide groupSetting object.
+In this example, `84af2ca5-c274-41bf-86e4-6e374ec4def6` is the identifier of the tenant-wide **groupSetting** object.
#### Request
In this example, `{id}` is the identifier of the tenant-wide groupSetting object
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "update_tenant_setting"
+ "name": "update_tenant_groupsetting"
}-->
-```http
-PATCH https://graph.microsoft.com/v1.0/groupSettings/f0b2d6f5-097d-4177-91af-a24e530b53cc
+```msgraph-interactive
+PATCH https://graph.microsoft.com/v1.0/groupSettings/84af2ca5-c274-41bf-86e4-6e374ec4def6
Content-type: application/json {
- "values": [
- {
- "name": "AllowToAddGuests",
- "value": "false"
- }
- ]
+ "values": [
+ {
+ "name": "AllowToAddGuests",
+ "value": "false"
+ }
+ ]
} ``` # [C#](#tab/csharp)
HTTP/1.1 204 No Content
### Example 2: Update a specific group setting
-In this example, the first `{id}` in the request is the identifier of the group, and the second `{id}` is the identifier of the groupSetting object.
+In this example, `0167b5af-f3d1-4910-82d2-398747fa381c` is the identifier of the group, and `fa6df613-159b-4f94-add2-7093f961900b` is the identifier of the groupSetting object.
#### Request -- # [HTTP](#tab/http) <!-- { "blockType": "request", "name": "update_groupsetting" }-->
-```http
+```msgraph-interactive
PATCH https://graph.microsoft.com/v1.0/groups/0167b5af-f3d1-4910-82d2-398747fa381c/settings/fa6df613-159b-4f94-add2-7093f961900b Content-type: application/json
v1.0 Identityapiconnector Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/identityapiconnector-create.md
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "Test API", "targetUrl": "https://someapi.com/api", "authenticationConfiguration": {
Content-Type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id":"guid",
+ "id":"45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "Test API", "targetUrl": "https://someotherapi.com/api", "authenticationConfiguration": {
v1.0 Identityapiconnector Uploadclientcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/identityapiconnector-uploadclientcertificate.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/apiConnectors/$entity",
- "id": "guid",
+ "id": "45715bb8-13f9-4bf6-927f-ef96c102d394",
"displayName": "My API connector", "targetUrl": "https://api.contoso.com/endpoint", "authenticationConfiguration": {
v1.0 Itemanalytics Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/itemanalytics-get.md
For a custom time range or interval, use the [getActivitiesByInterval][] API.
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged)
-|:--|:-
-|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
-|Delegated (personal Microsoft account) | Not supported.
-|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
+|Permission type | Permissions (from least to most privileged)|
+|:--|:-|
+|Delegated (work or school account) | Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All|
## HTTP request
If successful, this method returns a `200 OK` response code and a collection of
### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- { "blockType": "request", "name": "get-analytics" } -->
GET /drives/{drive-id}/items/{item-id}/analytics
### Response
+The following is an example of the response.
+ <!-- { "blockType": "response", "@type": "microsoft.graph.itemAnalytics", "truncated": true } --> ```http
v1.0 List Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/list-create.md
Previously updated : 09/11/2017 Title: Create a SharePoint List ms.localizationpriority: medium ms.prod: "sharepoint"
One of the following permissions is required to call this API. To learn more, in
POST https://graph.microsoft.com/v1.0/sites/{site-id}/lists ```
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+ ## Request body
-In the request body, supply a JSON representation of the [list][] resource to create.
+In the request body, supply a JSON representation of a [list][] object.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [list][] object in the response body.
+
+## Examples
-## Example
+### Request
-Here is an example of how to create a new generic list.
+The following is an example of how to create a new generic list.
+
+> **Note:** Custom columns are optional.
+
+In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
+If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
# [HTTP](#tab/http)
Content-Type: application/json
-**Note:** Custom columns are optional.
-
-In addition to any columns specified here, new lists are created with columns defined in the referenced **template**.
-If the **list** facet or **template** is unspecified, the list defaults to the `genericList` template, which includes a _Title_ column.
- ## Response
-If successful, this method returns a [list][] in the response body for the created list.
+The following is an example of the response.
+
+> **Note:** The response object is truncated for clarity. Default properties will be returned from the actual call.
<!-- { "blockType": "response", "@odata.type": "microsoft.graph.list", "truncated": true } -->
Content-type: application/json
} ```
-**Note:** The response object is truncated for clarity.
-Default properties will be returned from the actual call.
[list]: ../resources/list.md [site]: ../resources/site.md
v1.0 Listitem Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/listitem-update.md
Title: Update listItem
-description: Update the properties on a **[listItem][]**.
+description: Update the properties on a listItem.
ms.localizationpriority: high ms.prod: "sharepoint" doc_type: apiPageType
v1.0 Outlookuser Post Mastercategories https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/outlookuser-post-mastercategories.md
POST /users/{id|userPrincipalName}/outlook/masterCategories
| Name | Description| |:|:-| | Authorization | Bearer {token}. Required. |-
+|Content-Type|application/json. Required.|
## Request body
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
+In the request body, supply a JSON representation of an [outlookCategory](../resources/outlookcategory.md) object.
## Response
-If successful, this method returns `201 Created` response code and [outlookCategory](../resources/outlookcategory.md) object in the response body.
+If successful, this method returns a `201 Created` response code and an [outlookCategory](../resources/outlookcategory.md) object in the response body.
## Example
-##### Request
-Here is an example of the request.
+### Request
+The following is an example of a request.
# [HTTP](#tab/http) <!-- {
Content-type: application/json
Content-Length: 70 {
- "displayName":"Project expenses",
- "color":"preset9"
+ "displayName": "Project expenses",
+ "color": "preset9"
} ``` # [C#](#tab/csharp)
Content-Length: 70
-In the request body, supply a JSON representation of [outlookCategory](../resources/outlookcategory.md) object.
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+### Response
+The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
HTTP/1.1 201 Created
Content-type: application/json {
- "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
- "id":"bac262b7-485d-4739-b436-e31467d64fac",
- "displayName":"Project expenses",
- "color":"preset9"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('8ae6f565-0d7f-4ead-853e-7db94c912a1f')/outlook/masterCategories/$entity",
+ "id": "bac262b7-485d-4739-b436-e31467d64fac",
+ "displayName": "Project expenses",
+ "color": "preset9"
} ```
v1.0 Participant Invite https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/participant-invite.md
Title: "participant: invite" description: "Invite participants to the active call."-+ ms.localizationpriority: medium ms.prod: "cloud-communications" doc_type: apiPageType
Invite participants to the active call.
For more information about how to handle operations, see [commsoperation](../resources/commsoperation.md).
->**Note:** This API is only supported for group calls.
+>**Note:** Inviting multiple participants in one request is only supported for group calls.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
In the request body, provide a JSON object with the following parameters.
|clientContext|String|Unique Client Context string. Max limit is 256 chars.| ## Response
-If succsessful, this method returns a `200 OK` response code and a location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request.
+If successful, this method returns a `200 OK` response code and a location header with a URI to the [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md) created for this request.
The body of the response contains the created [inviteParticipantsOperation](../resources/inviteparticipantsoperation.md).
The following examples show how to call this API.
> **Note:** The response objects might be shortened for readability. All the properties will be returned from an actual call.
-### Example 1: Invite one participant to an existing group call
+### Example 1: Invite one participant to an existing call
##### Request
v1.0 Participant Stopholdmusic https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/participant-stopholdmusic.md
Location: https://graph.microsoft.com/v1.0/communications/calls/e141b67c-90fd-45
{ "@odata.type": "#microsoft.graph.stopHoldMusicOperation", "id": "0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "status": "running",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c"
-}
-```
-
-### Notification sent to the application after the stopHoldMusicOperation finishes
-
-```http
-POST https://bot.contoso.com/api/calls
-Content-Type: application/json
-```
-
-<!-- {
- "blockType": "example",
- "@odata.type": "microsoft.graph.commsNotifications"
-}-->
-```json
-{
- "@odata.type": "#microsoft.graph.commsNotifications",
- "value": [
- {
- "@odata.type": "#microsoft.graph.commsNotification",
- "changeType": "deleted",
- "resourceUrl": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "resourceData": {
- "@odata.type": "#microsoft.graph.stopHoldMusicOperation",
- "@odata.id": "communications/calls/e141b67c-90fd-455d-858b-b48a40b9cc8d/operations/0fe0623f-d628-42ed-b4bd-8ac290072cc5",
- "@odata.etag": "W/\"54451\"",
- "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
- "status": "completed"
- }
- }
- ]
+ "status": "completed",
+ "clientContext": "d45324c1-fcb5-430a-902c-f20af696537c",
+ "resultInfo": null
} ```
v1.0 Schedule List Shifts https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/schedule-list-shifts.md
GET /teams/{teamId}/schedule/shifts
``` ## Optional query parameters+ This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response.
+> [!NOTE]
+> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedShift/startDateTime ge 2019-05-09T00:00:00Z and sharedShift/startDateTime le 2019-05-09T23:59:59Z`.
+ ## Request headers | Header | Value |
v1.0 Serviceprincipal Addtokensigningcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-addtokensigningcertificate.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/serviceprincipal-addtokensigningcertificate-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Serviceprincipal Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-get.md
Title: "Get servicePrincipal"
-description: "Retrieve the properties and relationships of serviceprincipal object."
+description: "Retrieve the properties and relationships of servicePrincipal object."
ms.localizationpriority: high ms.prod: "applications"
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Application.Read.All, Application.ReadWrite.All, Application.ReadWrite.OwnedBy, Directory.Read.All |
+> [!NOTE]
+> A service principal can retrieve its own application and service principal details without being granted any application permissions.
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
GET /servicePrincipals/{id}
``` ## Optional query parameters
-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
+This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
By default, this API doesn't return the public key value of the **key** in the **keyCredentials** property unless **keyCredentials** is specified in a `$select` query. For example, `$select=id,appId,keyCredentials`.
v1.0 Serviceprincipal List Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-list-approleassignedto.md
For example, if the resource service principal is the service principal for the
If the resource service principal is an application that has app roles granted to users and groups, this will return all the users and groups assigned app roles for this application.
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal List Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-list-approleassignments.md
Retrieve the list of [appRoleAssignment](../resources/approleassignment.md) that
App roles that are assigned to service principals are also known as [application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types). Application permissions can be granted directly by creating app role assignments, or through a [consent experience](/azure/active-directory/develop/application-consent-experience).
+>**Note** This request might have replication delays for app role assignments that were recently granted or removed.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Serviceprincipal Removekey https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-removekey.md
In the request body, provide the following required properties.
| Property | Type | Description| |:-|:--|:--|
-| keyId | GUID | The unique identifier for the password.|
+| keyId | Guid | The unique identifier for the password.|
| proof | String | A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed using the private key of one of the servicePrincipal's existing valid certificates. The token should contain the following claims:<ul><li>`aud` - Audience needs to be `00000002-0000-0000-c000-000000000000`.</li><li>`iss` - Issuer needs to be the __id__ of the servicePrincipal that is making the call.</li><li>`nbf` - Not before time.</li><li>`exp` - Expiration time should be "nbf" + 10 mins.</li></ul><br>Here is a code [sample](/graph/application-rollkey-prooftoken) that can be used to generate this proof of possession token.| ## Response
v1.0 Serviceprincipal Removepassword https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/serviceprincipal-removepassword.md
POST /servicePrincipals/{id}/removePassword
| Property | Type |Description| |:|:--|:-|
-| keyId | GUID | The unique identifier for the password. Required. |
+| keyId | Guid | The unique identifier for the password. Required. |
## Response
v1.0 Shift Put https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/shift-put.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-PATCH /teams/{teamId}/schedule/shifts/{shiftId}
+PUT /teams/{teamId}/schedule/shifts/{shiftId}
``` ## Request headers
The following is an example of the request.
"name": "shift-put" }--> ```http
-PATCH https://graph.microsoft.com/v1.0/teams/{teamId}/schedule/shifts/{shiftId}
+PUT https://graph.microsoft.com/v1.0/teams/{teamId}/schedule/shifts/{shiftId}
Content-type: application/json Prefer: return=representation
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-delete.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-get.md
On a personal OneDrive, you can subscribe to the root folder or any subfolder in
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-post-subscriptions.md
Namespace: microsoft.graph
Subscribes a listener application to receive change notifications when the requested type of changes occur to the specified resource in Microsoft Graph.
-See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+See the table in the [Permissions](#permissions) section for the list of resources that support subscribing to change notifications.
+
+Some resources support the option to include encrypted resource data in change notifications. These resources include [chatMessage](../resources/chatmessage.md), [contact](../resources/contact.md), [event](../resources/event.md), [message](../resources/message.md), and [presence](../resources/presence.md). For more information, see [Set up change notifications that include resource data](/graph/webhooks-with-resource-data) and [Change notifications for Outlook resources in Microsoft Graph](/graph/outlook-change-notification-overview).
## Permissions
OneDrive for Business and SharePoint support sending your application notificati
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
--- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
### presence
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-update.md
On personal OneDrive, you can subscribe to the root folder or any subfolder in t
### contact, event, and message
-Additional limitations apply for subscriptions on Outlook items. The limitations apply to creating as well as managing (getting, updating, and deleting) subscriptions.
+You can subscribe to changes in Outlook **contact**, **event**, or **message** resources.
-- Delegated permission supports subscribing to items in folders in only the signed-in user's mailbox. For example, you cannot use the delegated permission Calendars.Read to subscribe to events in another userΓÇÖs mailbox.-- To subscribe to change notifications of Outlook contacts, events, or messages in _shared or delegated_ folders:-
- - Use the corresponding application permission to subscribe to changes of items in a folder or mailbox of _any_ user in the tenant.
- - Do not use the Outlook sharing permissions (Contacts.Read.Shared, Calendars.Read.Shared, Mail.Read.Shared, and their read/write counterparts), as they do **not** support subscribing to change notifications on items in shared or delegated folders.
## HTTP request
v1.0 Team Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadForTeam, TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.Read.Group*, TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |
[!INCLUDE [teamwork-permissions-note](../../../includes/teamwork-permissions-note.md)]
v1.0 Team Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-post-members.md
Namespace: microsoft.graph
Add a new [conversationMember](../resources/conversationmember.md) to a [team](../resources/team.md). ## Permissions+ One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). |Permission type|Permissions (from least to most privileged)|
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application| TeamMember.ReadWrite.All |
-> **Note**: Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).
+> [!NOTE]
+> Using application permissions to [add guest members](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide&preserve-view=true) to a team is not supported.
## HTTP request
v1.0 Team Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-teamsappinstallation-upgrade.md
Title: "teamsAppInstallation in team: upgrade"
+ Title: "teamsAppInstallation: upgrade"
description: "Upgrade an app installation in a team" ms.localizationpriority: medium
ms.prod: "microsoft-teams"
doc_type: apiPageType
-# teamsAppInstallation in team: upgrade
+# teamsAppInstallation: upgrade
Namespace: microsoft.graph
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All, Directory.ReadWrite.All |
+|Delegated (work or school account) | TeamsAppInstallation.ReadWriteSelfForTeam, TeamsAppInstallation.ReadWriteForTeam, Group.ReadWrite.All**, Directory.ReadWrite.All** |
|Delegated (personal Microsoft account) | Not supported. |
-|Application | TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All, Directory.ReadWrite.All |
+|Application | TeamsAppInstallation.ReadWriteSelfForTeam.All, TeamsAppInstallation.ReadWriteForTeam.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |
> **Note**: Permissions marked with ** are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.
v1.0 Team Update Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/team-update-members.md
Namespace: microsoft.graph
Update the role of a [conversationMember](../resources/conversationmember.md) in a [team](../resources/team.md).
+> [!NOTE]
+> Team members with the role of `guest` cannot be given the role of `owner`.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Termsofusecontainer List Agreements https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/termsofusecontainer-list-agreements.md
GET https://graph.microsoft.com/v1.0/identityGovernance/termsOfUse/agreements
[!INCLUDE [sample-code](../includes/snippets/go/get-agreements-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Termsofusecontainer Post Agreements https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/termsofusecontainer-post-agreements.md
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/create-agreement-from-agreements-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [PowerShell](#tab/powershell)
+
v1.0 Termstore Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/termstore-group-get.md
Content-Type: application/json
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_group"
+ "name": "get_group_termstore"
} -->
Content-Type: application/json
GET https://graph.microsoft.com/v1.0/sites/mycompany.sharepoint.com,8f03a01c-dcfa-4aaf-9be5-b3fb48e538c1,739084f3-c0fa-46ac-b7f8-13b344781ad0/termStore/groups/1FFD3F87-9464-488A-A0EC-8FB90911182C?$select=*,parentSiteId ``` # [C#](#tab/csharp) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [JavaScript](#tab/javascript) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Objective-C](#tab/objc) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Java](#tab/java) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [Go](#tab/go) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)] # [PowerShell](#tab/powershell) [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
v1.0 User Assignlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-assignlicense.md
Content-type: application/json
"addLicenses": [ { "disabledPlans": [ "11b0131d-43c8-4bbb-b2c8-e80f9a50834a" ],
- "skuId": "guid"
+ "skuId": "45715bb8-13f9-4bf6-927f-ef96c102d394"
} ], "removeLicenses": [ "bea13e0c-3828-4daa-a392-28af7ff61a0f" ]
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-get.md
Namespace: microsoft.graph
Retrieve the properties and relationships of user object.
-> Note: Getting a user returns a default set of properties only (*businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName*). Use `$select` to get the other properties and relationships for the [user](../resources/user.md) object.
+> **Note:** Getting a user returns a default set of properties only (*businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName*). Use `$select` to get the other properties and relationships for the [user](../resources/user.md) object.
+>
+> This request might have replication delays for users that were recently created, updated, or deleted.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 User List Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-list-licensedetails.md
Title: "List licenseDetails" description: "Retrieve a list of licenseDetails objects."-+ ms.localizationpriority: medium ms.prod: "users" doc_type: apiPageType
v1.0 User List Manager https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-list-manager.md
ConsistencyLevel: eventual
[!INCLUDE [sample-code](../includes/snippets/powershell/get-transitive-managers-powershell-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+
v1.0 User List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-list.md
Namespace: microsoft.graph
Retrieve a list of [user](../resources/user.md) objects.
+>**Note:** This request might have replication delays for users that were recently created, updated, or deleted.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 User Revokesigninsessions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-revokesigninsessions.md
This operation has no request content.
## Response
-If successful, this method returns a `204 No Content` response code.
+If successful, this method returns a `200 OK` response code.
>[!NOTE]
->This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-HTTP-code). It returns a different HTTP response code.
+>This API has a [known issue](/graph/known-issues#revoke-sign-in-sessions-returns-wrong-http-code). It returns a different HTTP response code.
## Example The following example shows how to call this API.
-##### Request
+### Request
# [HTTP](#tab/http) <!-- {
- "blockType": "request",
+ "blockType": "ignored",
"name": "user_revokesigninsessionss" }--> ```http
POST https://graph.microsoft.com/v1.0/me/revokeSignInSessions
-##### Response
+### Response
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 No Content
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Edm.Boolean",
+ "value": true
+}
``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|userType|String|A string value that can be used to classify user types in your directory, such as `Member` and `Guest`. | > [!NOTE]
-> The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - The following properties cannot be updated by an app with only application permissions: **aboutMe**, **birthday**, **employeeHireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
+> - To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, and **skills**.
## Response
v1.0 Windowshelloforbusinessauthenticationmethod Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/windowshelloforbusinessauthenticationmethod-get.md
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAu
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} ```
+>**Note:** To read the **device** navigation property for another user, specify it in an `$expand` query as follows: `/users/{id}/authentication/windowsHelloForBusinessMethods/{id}?$expand=device`.
+ ## Optional query parameters Not supported.
v1.0 Accesspackageassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accesspackageassignmentrequest.md
In [Azure AD Entitlement Management](entitlementmanagement-overview.md), an acce
## Properties |Property|Type|Description| |:|:|:|
-|completedDate|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+|completedDateTime|DateTimeOffset|The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
|createdDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.| |id|String|Read-only.| |requestType|accessPackageRequestType|The type of the request. The possible values are: `notSpecified`, `userAdd`, `userUpdate`, `userRemove`, `adminAdd`, `adminUpdate`, `adminRemove`, `systemAdd`, `systemUpdate`, `systemRemove`, `onBehalfAdd`, `unknownFutureValue`. A request from the user themselves would have requestType of `UserAdd` or `UserRemove`. This property cannot be changed once set.|
The following is a JSON representation of the resource.
"state": "String", "status": "String", "createdDateTime": "String (timestamp)",
- "completedDate": "String (timestamp)",
+ "completedDateTime": "String (timestamp)",
"schedule": { "@odata.type": "microsoft.graph.entitlementManagementSchedule" }
v1.0 Accessreviewhistorydefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistorydefinition.md
+
+ Title: "accessReviewHistoryDefinition resource type"
+description: "Represents a collection of access review history data."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryDefinition resource type
+
+Namespace: microsoft.graph
+
+Represents a collection of access review historical data and the scopes used to collect that data.
+
+An **accessReviewHistoryDefinition** contains a list of [accessReviewHistoryInstance](accessReviewHistoryInstance.md) objects. Each recurrence of the history definition creates an instance. In the case of a one-time history definition, only one instance is created.
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[List accessReviewHistoryDefinitions](../api/accessreviewset-list-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md) collection|Get a list of the [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) objects and their properties.|
+|[Create accessReviewHistoryDefinition](../api/accessreviewset-post-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|createdBy|[userIdentity](useridentity.md)| User who created this review history definition. |
+|createdDateTime|DateTimeOffset|Timestamp when the access review definition was created.|
+|decisions|String collection|Determines which review decisions will be included in the fetched review history data if specified. Optional on create. All decisions will be included by default if no decisions are provided on create. Possible values are: `approve`, `deny`, `dontKnow`, `notReviewed`, and `notNotified`.|
+|displayName|String|Name for the access review history data collection. Required.|
+|id|String|The assigned unique identifier of an access review history definition.|
+|reviewHistoryPeriodEndDateTime|DateTimeOffset| A timestamp. Reviews ending on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined. |
+|reviewHistoryPeriodStartDateTime|DateTimeOffset|A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined.|
+| scheduleSettings |[accessReviewHistoryScheduleSettings](accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined.|
+|scopes|[accessReviewScope](accessreviewscope.md) collection|Used to scope what reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required.|
+|status| accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`.|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:|:|:|
+|instances|[accessReviewHistoryInstance](accessreviewhistoryinstance.md) collection| If the **accessReviewHistoryDefinition** is a recurring definition, instances represent each recurrence. A definition that does not recur will have exactly one instance.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewHistoryDefinition",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "reviewHistoryPeriodStartDateTime": "String (timestamp)",
+ "reviewHistoryPeriodEndDateTime": "String (timestamp)",
+ "status": "String",
+ "decisions": [
+ "String"
+ ],
+ "createdDateTime": "String (timestamp)",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.userIdentity"
+ },
+ "scopes": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ }
+ ],
+ "scheduleSettings": {
+ "@odata.type": "microsoft.graph.accessReviewHistoryScheduleSettings"
+ }
+}
+```
v1.0 Accessreviewhistoryinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistoryinstance.md
+
+ Title: "accessReviewHistoryInstance resource type"
+description: "Represents a recurrence of an accessReviewHistoryDefinition object."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryInstance resource type
+
+Namespace: microsoft.graph
+
+ Represents a recurrence of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object. A history definition that does not recur will have exactly one instance.
+
+ Every **accessReviewHistoryInstance** along with its associated **accessReviewHistoryDefinition** contain the properties **reviewHistoryPeriodStartDateTime**, **reviewHistoryPeriodEndDateTime**, **decisions**, **scheduleSettings**, and **scopes**. These properties are used when scheduling recurrences as well as selecting review data and can be modified. Each **accessReviewHistoryInstance** object and data is only available for 30 days. Once an **accessReviewHistoryInstance** status has been moved to `done` a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md).
+
+## Methods
+
+| Method | Return type | Description |
+|:|:|:|
+|[List accessReviewHistoryInstances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md) collection| Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
+|[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Generates a URI which can be used to retrieve the instance's review history data.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|downloadUri|String|Uri which can be used to retrieve review history data. This URI will be active for 24 hours after being generated. Required.|
+|expirationDateTime|DateTimeOffset|Timestamp when this instance and associated data expires and the history is deleted. Required.|
+|fulfilledDateTime|DateTimeOffset|Timestamp when all of the available data for this instance was collected. This will be set after this instance's status is set to `done`. Required.|
+|id|String|The assigned unique identifier of an access review history instance. Read-only. Required.|
+|reviewHistoryPeriodEndDateTime|DateTimeOffset|Timestamp, reviews ending on or before this date will be included in the fetched history data.|
+|reviewHistoryPeriodStartDateTime|DateTimeOffset|Timestamp, reviews starting on or after this date will be included in the fetched history data.|
+|runDateTime|DateTimeOffset|Timestamp when the instance's history data is scheduled to be generated.|
+|status|accessReviewHistoryStatus|Represents the status of the review history data collection. The possible values are: `done`, `inProgress`, `error`, `requested`, `unknownFutureValue`. Once the **status** has been marked as `done`, a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md) method.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewHistoryInstance",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryInstance",
+ "id": "String (identifier)",
+ "reviewHistoryPeriodStartDateTime": "String (timestamp)",
+ "reviewHistoryPeriodEndDateTime": "String (timestamp)",
+ "status": "String",
+ "runDateTime": "String (timestamp)",
+ "fulfilledDateTime": "String (timestamp)",
+ "downloadUri": "String",
+ "expirationDateTime": "String (timestamp)"
+}
+```
v1.0 Accessreviewhistoryschedulesettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewhistoryschedulesettings.md
+
+ Title: "accessReviewHistoryScheduleSettings resource type"
+description: "In Azure AD access reviews, the accessReviewHistoryScheduleSettings represents the settings associated with an access review history definition series."
+
+ms.localizationpriority: medium
++
+# accessReviewHistoryScheduleSettings resource type
+
+Namespace: microsoft.graph
+
+Defines the settings of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+| recurrence|[patternedRecurrence](patternedrecurrence.md) | Detailed settings for recurrence using the standard Outlook recurrence object. <br/><br/>**Note:** Only **dayOfMonth**, **interval**, and **type** (`weekly`, `absoluteMonthly`) properties are supported. Use the property **startDate** on **recurrenceRange** to determine the day the review starts. Required. |
+|reportRange|String|A duration string in ISO 8601 duration format specifying the lookback period of the generated review history data. For example, if a history definition is scheduled to run on the 1st of every month, the **reportRange** is `P1M`. In this case, on the first of every month, access review history data will be collected containing only the previous month's review data. <br/><br/>**Note:** Only **years**, **months**, and **days** ISO 8601 properties are supported. Required.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewHistoryScheduleSettings"
+}
+-->
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewHistoryScheduleSettings",
+ "reportRange": "String",
+ "recurrence": {
+ "@odata.type": "microsoft.graph.patternedRecurrence"
+ }
+}
+```
v1.0 Accessreviewset https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewset.md
None.
|Relationship|Type|Description| |:|:|:| |definitions|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection| Represents the template and scheduling for an access review. |
+|historyDefinitions|[accessReviewHistoryDefinition](../resources/accessreviewhistorydefinition.md) collection| Represents a collection of access review history data and the scopes used to collect that data.|
## JSON representation
v1.0 Accessreviewsv2 Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/accessreviewsv2-overview.md
Typical customer scenarios for access reviews include:
- Customers can review and certify employee access to Azure AD resources. - Customers can review and audit assignments to Azure AD privileged roles. This supports organizations in the management of privileged access.
-The access reviews feature, including the API, is available only with a valid purchase or trial license of Azure AD Premium P2 or EMS E5 subscription.
+The access reviews feature, including the API, is available only with a valid purchase or trial license of Azure AD Premium P2 or EMS E5 subscription. For more information about the license requirements, see [Access reviews license requirements](/azure/active-directory/governance/access-reviews-overview#license-requirements).
## Methods
The following table lists the methods that you can use to interact with access r
|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.| |[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Update the properties of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.| |[accessReviewInstanceDecisionItem: filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Returns the decision items for which the calling user is the reviewer of.|-
+|**History definitions**| | |
+|[List historyDefinitions](../api/accessreviewset-list-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md) collection|Get a list of the [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) objects and their properties.|
+|[Create historyDefinitions](../api/accessreviewset-post-historydefinitions.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Generate a URI for an instance that can be used to retrieve review history data.|
+|[List instances](../api/accessreviewhistorydefinition-list-instances.md)|[accessReviewHistoryInstance](accessreviewhistoryinstance.md)|Retrieve a list of the [accessReviewHistoryInstance](accessreviewhistoryinstance.md) objects and their properties.|
## Role and application permission authorization checks
v1.0 Addin https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/addin.md
Here is a JSON representation of the resource.
```json {
- "id": "guid",
+ "id": "Guid",
"properties": [{"@odata.type": "microsoft.graph.keyValue"}],
- "type": "string"
+ "type": "String"
} ```
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/administrativeunit.md
This topic provides descriptions of the declared properties and navigation prope
| Method | Return Type | Description | |:|:--|:-|
-|[Create](../api/administrativeunit-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
-|[List](../api/administrativeunit-list.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
+|[Create](../api/directory-post-administrativeunits.md) | [administrativeUnit](administrativeunit.md) | Create a new administrative unit.|
+|[List](../api/directory-list-administrativeunits.md) | [administrativeUnit](administrativeunit.md) collection |List properties of all administrativeUnits.|
|[Get](../api/administrativeunit-get.md) | [administrativeUnit](administrativeunit.md) |Read properties and relationships of a specific administrativeUnit object.| |[Update](../api/administrativeunit-update.md) | [administrativeUnit](administrativeunit.md) |Update administrativeUnit object. | |[Delete](../api/administrativeunit-delete.md) | None |Delete administrativeUnit object. |
This topic provides descriptions of the declared properties and navigation prope
| Property | Type |Description| |:|:--|:-|
-|description|string|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
-|displayName|string|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
-|id|string|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
-|visibility|string|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership` or `Public`. If not set, default behavior is `Public`. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
+|description|String|An optional description for the administrative unit. Supports `$filter` (`eq`, `ne`, `in`, `startsWith`), `$search`.|
+|displayName|String|Display name for the administrative unit. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values), `$search`, and `$orderBy`.|
+|id|String|Unique identifier for the administrative unit. Read-only. Supports `$filter` (`eq`).|
+|visibility|String|Controls whether the administrative unit and its members are hidden or public. Can be set to `HiddenMembership`. If not set (value is `null`), the default behavior is public. When set to `HiddenMembership`, only members of the administrative unit can list other members of the administrative unit.|
## Relationships | Relationship | Type |Description|
v1.0 Alterationresponse https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/alterationresponse.md
+
+ Title: "alterationResponse resource type"
+description: "Provides information related to spelling corrections in the alteration response."
+ms.localizationpriority: medium
+++
+# alterationResponse resource type
+
+Namespace: microsoft.graph
+
+Provides information related to spelling corrections in the alteration response.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|originalQueryString|String| Defines the original user query string.|
+|queryAlteration|[searchAlteration](searchalteration.md)| Defines the details of the alteration information for the spelling correction.|
+|queryAlterationType|searchAlterationType| Defines the type of the spelling correction. Possible values are: `suggestion`, `modification`.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.alterationResponse",
+ "baseType": null
+}-->
+
+```json
+{
+ "originalQueryString": "String",
+ "queryAlteration": "String",
+ "queryAlterationType": "String"
+}
+```
v1.0 Alteredquerytoken https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/alteredquerytoken.md
+
+ Title: "alteredQueryToken resource type"
+description: "Represents changed segments related to an original user query."
+ms.localizationpriority: medium
+++
+# alteredQueryToken resource type
+
+Namespace: microsoft.graph
+
+Represents changed segments related to an original user query.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|length|Int32| Defines the length of a changed segment.|
+|offset|Int32| Defines the offset of a changed segment.|
+|suggestion|String| Represents the corrected segment string.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.alteredQueryToken",
+ "baseType": null
+}-->
+
+```json
+{
+ "length": "Int32",
+ "offset": "Int32",
+ "suggestion": "String"
+}
+```
v1.0 Application https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/application.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|[Add key](../api/application-addkey.md)|[keyCredential](keycredential.md)|Add a key credential to an application.| |[Remove key](../api/application-removekey.md)|None|Remove a key credential from an application.| |**Extensions**| | |
-| [List extensions](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
-| [Create extension](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
-| [Delete extension](../api/application-delete-extensionproperty.md) | None | Delete an extension property from an application object. |
+| [List extensionProperties](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Create extensionProperties](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
+| [Get extensionProperty](../api/extensionproperty-delete.md) | None | Get an extension property from an application object. |
+| [Delete extensionProperty](../api/extensionproperty-delete.md) | None | Delete an extension property from an application object. |
|[Get available extension properties](../api/directoryobject-getavailableextensionproperties.md)|[extensionProperty](../resources/extensionproperty.md) collection|Get all or a filtered list of the directory extension properties that have been registered in a directory.| |**Owners**| | | |[List owners](../api/application-list-owners.md) |[directoryObject](directoryobject.md) collection| Get an owner object collection.|
v1.0 Approle https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/approle.md
With [appRoleAssignments](approleassignment.md), app roles can be assigned to us
|allowedMemberTypes|String collection|Specifies whether this app role can be assigned to users and groups (by setting to `["User"]`), to other application's (by setting to `["Application"]`, or both (by setting to `["User", "Application"]`). App roles supporting assignment to other applications' service principals are also known as [application permissions](/graph/auth/auth-concepts#microsoft-graph-permissions). The "Application" value is only supported for app roles defined on **application** entities.| |description|String|The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.| |displayName|String|Display name for the permission that appears in the app role assignment and consent experiences.|
-|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new Guid identifier must be provided. |
+|id|Guid|Unique role identifier inside the **appRoles** collection. When creating a new app role, a new GUID identifier must be provided. |
|isEnabled|Boolean|When creating or updating an app role, this must be set to **true** (which is the default). To delete a role, this must first be set to **false**. At that point, in a subsequent call, this role may be removed.| |origin|String| Specifies if the app role is defined on the [application](application.md) object or on the [servicePrincipal](serviceprincipal.md) entity. Must _not_ be included in any POST or PATCH requests. Read-only. | |value|String|Specifies the value to include in the `roles` claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are `:` `!` `#` `$` `%` `&` `'` `(` `)` `*` `+` `,` `-` `.` `/` `:` `;` <code>&lt;</code> `=` <code>&gt;</code> `?` `@` `[` `]` `^` `+` `_` <code>&#96;</code> `{` <code>&#124;</code> `}` `~`, as well as characters in the ranges `0-9`, `A-Z` and `a-z`. Any other character, including the space character, are not allowed. May not begin with `.`. |
The following is a JSON representation of the resource.
```json {
- "allowedMemberTypes": ["string"],
- "description": "string",
- "displayName": "string",
- "id": "guid",
+ "allowedMemberTypes": ["String"],
+ "description": "String",
+ "displayName": "String",
+ "id": "Guid",
"isEnabled": true,
- "origin": "string",
- "value": "string"
+ "origin": "String",
+ "value": "String"
} ```
v1.0 Approleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/approleassignment.md
An app role assignment where the assigned principal is a service principal is an
| Property | Type | Description | |:|:--|:-|
-| id | String | A unique identifier for the **appRoleAssignment** Key. Not nullable. Read-only. |
-| createdDateTime | DateTimeOffset | The time when the app role assignment was created.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
-| principalId | Guid | The unique identifier (**id**) for the [user](user.md), [group](group.md) or [service principal](serviceprincipal.md) being granted the app role. Required on create. |
-| principalType | String | The type of the assigned principal. This can either be `User`, `Group` or `ServicePrincipal`. Read-only. |
+| appRoleId | Guid | The identifier (**id**) for the [app role](approle.md) which is assigned to the principal. This app role must be exposed in the **appRoles** property on the resource application's service principal (**resourceId**). If the resource application has not declared any app roles, a default app role ID of `00000000-0000-0000-0000-000000000000` can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create. |
+| createdDateTime | DateTimeOffset | The time when the app role assignment was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
+| id | String | A unique identifier for the **appRoleAssignment** key. Not nullable. Read-only. |
| principalDisplayName | String |The display name of the user, group, or service principal that was granted the app role assignment. Read-only. Supports `$filter` (`eq` and `startswith`). |
-| resourceId | Guid |The unique identifier (**id**) for the resource [service principal](serviceprincipal.md) for which the assignment is made. Required on create. Supports `$filter` (`eq` only). |
+| principalId | Guid | The unique identifier (**id**) for the [user](user.md), [group](group.md), or [service principal](serviceprincipal.md) being granted the app role. Required on create. |
+| principalType | String | The type of the assigned principal. This can either be `User`, `Group`, or `ServicePrincipal`. Read-only. |
| resourceDisplayName | String | The display name of the resource app's service principal to which the assignment is made. |
-| appRoleId | Guid | The identifier (**id**) for the [app role](approle.md) which is assigned to the principal. This app role must be exposed in the **appRoles** property on the resource application's service principal (**resourceId**). If the resource application has not declared any app roles, a default app role ID of `00000000-0000-0000-0000-000000000000` can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create. |
+| resourceId | Guid |The unique identifier (**id**) for the resource [service principal](serviceprincipal.md) for which the assignment is made. Required on create. Supports `$filter` (`eq` only). |
## JSON representation
-Here is a JSON representation of the resource
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
Here is a JSON representation of the resource
```json {
- "id": "string",
+ "appRoleId": "Guid",
"createdDateTime": "String (timestamp)",
- "principalDisplayName": "string",
- "principalId": "guid",
- "principalType": "string",
- "resourceDisplayName": "string",
- "resourceId": "guid",
- "appRoleId": "guid"
+ "id": "String",
+ "principalDisplayName": "String",
+ "principalId": "Guid",
+ "principalType": "String",
+ "resourceDisplayName": "String",
+ "resourceId": "Guid"
} ```
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/assignedlicense.md
Here is a JSON representation of the resource
```json {
- "disabledPlans": ["guid"],
- "skuId": "guid"
+ "disabledPlans": ["Guid"],
+ "skuId": "Guid"
} ```
v1.0 Assignedplan https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/assignedplan.md
The **assignedPlans** property of both the [user](user.md) entity and the [organ
|:|:--|:-| |assignedDateTime|DateTimeOffset|The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.| |capabilityStatus|String|Condition of the capability assignment. The possible values are `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`. See [a detailed description](#capabilitystatus-values) of each value.|
-|service|String|The name of the service; for example, ΓÇ£ExchangeΓÇ¥.|
-|servicePlanId|Guid|A GUID that identifies the service plan.|
+|service|String|The name of the service; for example, `exchange`.|
+|servicePlanId|Guid|A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference).|
### capabilityStatus values
Here is a JSON representation of the resource
```json { "assignedDateTime": "String (timestamp)",
- "capabilityStatus": "string",
- "service": "string",
- "servicePlanId": "guid"
+ "capabilityStatus": "String",
+ "service": "String",
+ "servicePlanId": "Guid"
} ```
v1.0 Changenotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/changenotification.md
ms.prod: "change-notifications"
Namespace: microsoft.graph
-Represents the notification sent to the subscriber.
+Represents the notification sent to the subscriber. All the properties of this resource are read-only.
For details, see [Use the Microsoft Graph API to get change notifications](webhooks.md).
None.
| clientState | string | Value of the **clientState** property sent in the subscription request (if any). The maximum length is 255 characters. The client can check whether the change notification came from the service by comparing the values of the **clientState** property. The value of the **clientState** property sent with the subscription is compared with the value of the **clientState** property received with each change notification. Optional. | | encryptedContent | [changeNotificationEncryptedContent](changenotificationencryptedcontent.md) | (Preview) Encrypted content attached with the change notification. Only provided if **encryptionCertificate** and **includeResourceData** were defined during the subscription request and if the resource supports it. Optional. | | id | string | Unique ID for the notification. Optional. |
-| lifecycleEvent | lifecycleEventType| The type of lifecycle notification if the current notification is a lifecycle notification. Optional. Supported values are `missed`, `subscriptionRemoved`, `reauthorizationRequired`. |
-| resource | string | The URI of the resource that emitted the change notification relative to `https://graph.microsoft.com`. Required. |
-| resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Required. |
+| lifecycleEvent | lifecycleEventType| The type of lifecycle notification if the current notification is a lifecycle notification. Optional. Supported values are `missed`, `subscriptionRemoved`, `reauthorizationRequired`. Optional.|
+| resource | String | The URI of the resource that emitted the change notification relative to `https://graph.microsoft.com`. Required. |
+| resourceData | [resourceData](resourcedata.md) | The content of this property depends on the type of resource being subscribed to. Optional. |
| subscriptionExpirationDateTime | DateTimeOffset | The expiration time for the subscription. Required. |
-| subscriptionId | GUID | The unique identifier of the subscription that generated the notification. |
-| tenantId | GUID | The unique identifier of the tenant from which the change notification originated. |
+| subscriptionId | Guid | The unique identifier of the subscription that generated the notification.Required. |
+| tenantId | Guid | The unique identifier of the tenant from which the change notification originated. Required. |
## Relationships None. ## JSON representation- The following is a JSON representation of the resource.- <!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
"@odata.type": "microsoft.graph.changeNotification"
-}-->
-
-```json
+}
+-->
+``` json
{
- "subscriptionId": "76222963-cc7b-42d2-882d-8aaa69cb2ba3",
- "changeType": "created",
- "clientState": "client state provided when creating subscription",
- "id": "15ee1d1f-af7b-42d9-885b-9d00db065dd9",
- "tenantId": "2c937fad-a8a7-496c-b0e4-bf77dcc7eb2a",
- "subscriptionExpirationDateTime": "2020-04-12T23:20:50.52Z",
- "resource": "teams('d29828b8-c04d-4e2a-b2f6-07da6982f0f0')/channels('19:f127a8c55ad949d1a238464d22f0f99e@thread.skype')/messages('1565045424600')/replies('1565047490246')",
+ "@odata.type": "#microsoft.graph.changeNotification",
+ "id": "String (identifier)",
+ "subscriptionId": "Guid",
+ "subscriptionExpirationDateTime": "String (timestamp)",
+ "clientState": "String",
+ "changeType": "String",
+ "resource": "String",
+ "tenantId": "Guid",
+ "encryptedContent": {
+ "@odata.type": "microsoft.graph.changeNotificationEncryptedContent"
+ },
+ "lifecycleEvent": "String",
"resourceData": {
- "id": "1565293727947",
- "@odata.type": "#Microsoft.Graph.ChatMessage",
- "@odata.id": "teams('88cbc8fc-164b-44f0-b6a6-b59b4a1559d3')/channels('19:8d9da062ec7647d4bb1976126e788b47@thread.tacv2')/messages('1565293727947')/replies('1565293727947')"
+ "@odata.type": "microsoft.graph.resourceData"
} } ```
v1.0 Changenotificationcollection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/changenotificationcollection.md
The following is a JSON representation of the resource.
], "@odata.type": "microsoft.graph.changeNotificationCollection" }-->-
-```json
+``` json
{
- "value": [],
+ "@odata.type": "#microsoft.graph.changeNotificationCollection",
"validationTokens": [
- "eyJ0eXAiOiJKV1QiLCJhbGciOiJSU..."
+ "String"
+ ],
+ "value": [
+ {
+ "@odata.type": "microsoft.graph.changeNotification"
+ }
] } ```
v1.0 Changenotificationencryptedcontent https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/changenotificationencryptedcontent.md
description: "A changeNotificationEncryptedContent object represents the encrypt
ms.localizationpriority: medium doc_type: resourcePageType # changeNotificationEncryptedContent resource type
The following is a JSON representation of the resource.
"@odata.type": "microsoft.graph.changeNotificationEncryptedContent" }-->
-```json
+``` json
{
- "data": "{encrypted data that produces a full resource}",
- "dataSignature": "<HMAC-SHA256 hash>",
- "dataKey": "{encrypted symmetric key from Microsoft Graph}",
- "encryptionCertificateId": "MySelfSignedCert/DDC9651A-D7BC-4D74-86BC-A8923584B0AB",
- "encryptionCertificateThumbprint": "07293748CC064953A3052FB978C735FB89E61C3D"
+ "@odata.type": "#microsoft.graph.changeNotificationEncryptedContent",
+ "data": "String",
+ "dataSignature": "String",
+ "dataKey": "String",
+ "encryptionCertificateId": "String",
+ "encryptionCertificateThumbprint": "String"
} ```
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/chat.md
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| createdDateTime| dateTimeOffset| Date and time at which the chat was created. Read-only.| | id| String| The chat's unique identifier. Read-only.| | lastUpdatedDateTime| dateTimeOffset| Date and time at which the chat was renamed or list of members were last changed. Read-only.|
+| onlineMeetingInfo | [teamworkOnlineMeetingInfo](../resources/teamworkonlinemeetinginfo.md) | Represents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty. Read-only.|
+| tenantId| String | The identifier of the tenant in which the chat was created. Read-only.|
| topic| String| (Optional) Subject or topic for the chat. Only available for group chats.| | webUrl | String| The URL for the chat in Microsoft Teams. The URL should be treated as an opaque blob, and not parsed. Read-only. |
-| tenantId| String | The identifier of the tenant in which the chat was created. Read-only.|
-| onlineMeetingInfo | [teamworkOnlineMeetingInfo](../resources/teamworkonlinemeetinginfo.md) | Represents details about an online meeting. If the chat isn't associated with an online meeting, the property is empty. Read-only.|
### chatType values
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| installedApps | [teamsAppInstallation](teamsappinstallation.md) collection | A collection of all the apps in the chat. Nullable. | | members | [conversationMember](conversationmember.md) collection | A collection of all the members in the chat. Nullable. | | messages | [chatMessage](chatmessage.md) collection | A collection of all the messages in the chat. Nullable. |
+| tabs | [teamsTab](teamstab.md) collection | A collection of all the tabs in the chat. Nullable. |
## JSON representation
v1.0 Claimsmappingpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/claimsmappingpolicy.md
Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Co
- Create claim types that do not already exist - Choose or change the source of data emitted in specific claims
+The number of claims and transformations that can be added to a claims-mapping policy are limited to reduce token size. Any claims schema entries or transformations that are encountered after the limit has been reached are ignored and included in the issued token. For more information about the limits, see [Properties of a claims-mapping policy definition](#properties-of-a-claims-mapping-policy-definition)
+ For more scenario and configuration details see [How to: Customize claims emitted in tokens for a specific app in a tenant](/azure/active-directory/develop/active-directory-claims-mapping#claims-mapping-policy-properties). Inherits from [stsPolicy](stsPolicy.md).
The properties below form the JSON object that represents a claims-mapping polic
|:|:--|:-| |Version|Integer|Set value of 1. Required.| |IncludeBasicClaimSet|Boolean|If set to `true`, all claims in the basic claim set are emitted in tokens affected by the policy. If set to `false`, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.|
-|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). For more information, see [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
-|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. For more information, see [ClaimsTransformation definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
+|ClaimsSchema|JSON object|Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set. For each claim schema entry defined in this property, certain information is required. Specify where the data is coming from (Value or Source/ID pair), and which claim the data is emitted as (Claim Type). A maximum of 50 claims are included in the token through the ClaimsSchema object. Any claims schema entries that are encountered after the limit has been reached will be ignored and will not appear in the issued token. Further details are available in the [ClaimsSchema definition](/azure/active-directory/develop/active-directory-claims-mapping#claims-schema).|
+|ClaimsTransformation|JSON object| Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema. A maximum of 50 transformations are included in the token through the ClaimsTransformation object. Any transformations that are encountered after the limit has been reached will be ignored and will not appear in the issued token. For more information about ClaimsTransformation and the supported functions, see [Claims transformation](/azure/active-directory/develop/active-directory-claims-mapping#claims-transformation).|
## Relationships
v1.0 Delegatedpermissionclassification https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/delegatedpermissionclassification.md
Delegated permission classifications can be used in combination with user consen
|:|:--|:-| | id | String | A unique identifier for the **delegatedPermissionClassification** Key. Not nullable. Read-only. | | classification | permissionClassificationType | The classification value being given. Possible value: `low`. Does not support `$filter`. |
-| permissionId | Guid | The unique identifier (**id**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |
+| permissionId | String | The unique identifier (**id**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |
| permissionName | String | The claim value (**value**) for the delegated permission listed in the **oauth2PermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Does not support `$filter`. | ## JSON representation
The following is a JSON representation of the resource.
```json {
- "id": "string (identifier)",
+ "id": "String (identifier)",
"classification": "low",
- "permissionId": "string",
- "permissionName": "string"
+ "permissionId": "String",
+ "permissionName": "String"
} ```
v1.0 Directoryaudit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/directoryaudit.md
Represents the directory audit items and its collection.
| activityDisplayName | String | Indicates the activity name or the operation name (examples: "Create User" and "Add member to group"). For full list, see [Azure AD activity list](/azure/active-directory/active-directory-reporting-activity-audit-logs#azure-ad-audit-activity-list). | | additionalDetails | [keyValue](keyvalue.md) collection | Indicates additional details on the activity. | | category | String | Indicates which resource category that's targeted by the activity. (For example: User Management, Group Management etc..) |
-| correlationId | GUID | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
+| correlationId | Guid | Indicates a unique ID that helps correlate activities that span across various services. Can be used to trace logs across services. |
| id | String | Indicates the unique ID for the activity. This is a GUID. | | initiatedBy | [auditActivityInitiator](auditactivityinitiator.md) | Indicates information about the user or app initiated the activity. | | loggedByService | String | Indicates information on which service initiated the activity (For example: `Self-service Password Management`, `Core Directory`, `B2C`, `Invited Users`, `Microsoft Identity Manager`, `Privileged Identity Management`. |
Here is a JSON representation of the resource.
"id": "String (identifier)", "initiatedBy": {"@odata.type": "microsoft.graph.auditActivityInitiator"}, "loggedByService": "String",
- "result": "string",
+ "result": "String",
"resultReason": "String", "targetResources": [{"@odata.type": "microsoft.graph.targetResource"}] }
v1.0 Directoryobject https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/directoryobject.md
Namespace: microsoft.graph
Represents an Azure Active Directory object. The **directoryObject** type is the base type for many other directory entity types.
+Inherits from [entity](entity.md).
+ ## Methods | Method | Return Type |Description|
Represents an Azure Active Directory object. The **directoryObject** type is the
| Property | Type |Description| |:|:--|:-|
-|id|String|The unique identifier for the object. For example, 12345678-9abc-def0-1234-56789abcde. The value of the **id** property is often but not exclusively in the form of a GUID; treat it as an opaque identifier and do not rely on it being a GUID. Key. Not nullable. Read-only.|
+|deletedDateTime|DateTimeOffset|Date and time when this object was deleted. Always `null` when the object hasn't been deleted. |
+|id|String|The unique identifier for the object. For example, `12345678-9abc-def0-1234-56789abcde`. The value of the **id** property is often but not exclusively in the form of a GUID; treat it as an opaque identifier and do not rely on it being a GUID. Key. Not nullable. Read-only. Inherited from [entity](entity.md).|
+ ## Relationships
v1.0 Directoryobjectpartnerreference https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/directoryobjectpartnerreference.md
The following is a JSON representation of the resource.
```json {
- "description": "string ",
- "displayName": "string",
- "externalPartnerTenantId": "string (identifier)",
- "id": "string (identifier)",
- "objectType": "string"
+ "description": "String ",
+ "displayName": "String",
+ "externalPartnerTenantId": "String (identifier)",
+ "id": "String (identifier)",
+ "objectType": "String"
} ```
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/enums.md
Possible values for user account types (group membership), per Windows definitio
|strategic| |unknownFutureValue|
+### searchAlterationType values
+
+| Member |
+|:|
+|modification|
+|suggestion|
+ ### serviceHealthClassificationType values |Member|
Possible values for user account types (group membership), per Windows definitio
|callUs| |notSet| |unknownFutureValue|+
+### accessReviewHistoryStatus values
+
+| Member|
+|:--|
+|done|
+|inprogress|
+|error|
+|requested|
+|unknownFutureValue|
+
+### accessReviewHistoryDecisionFilter values
+
+| Member|
+|:--|
+|approve|
+|deny|
+|notReviewed|
+|dontKnow|
+|notNotified|
+|unknownFutureValue|
v1.0 Extensionproperty https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/extensionproperty.md
Extensions can be added to [user](user.md), [group](group.md), [organization](or
> It allows you to use Microsoft Graph to continue to manage extension properties added through Azure AD Graph (deprecated) or [Azure AD Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect). > For new custom extensions, we recommend that you use Microsoft Graph schema extensions for [adding custom data to resources](/graph/extensibility-overview).
+Inherits from [directoryObject](directoryobject.md).
+ ## Methods | Method | Return Type | Description | |:-|:|:|
-| [Create extension](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
-| [List extensions](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
-| [Delete extension](../api/application-delete-extensionproperty.md) | None | Delete an extension property from an application object. |
+| [Create extensionProperties](../api/application-post-extensionproperty.md) | [extensionProperty](extensionProperty.md) | Create an extension property on an application object. |
+| [List extensionProperties](../api/application-list-extensionproperty.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Get extensionProperty](../api/extensionproperty-get.md) | [extensionProperty](extensionProperty.md) collection | List extension properties on an application object. |
+| [Delete extensionProperty](../api/extensionproperty-delete.md) | None | Delete an extension property from an application object. |
+
+> [!TIP]
+> 1. To set a value for the extension property to an instance of a resource that is specified in **targetObjects**, use the Update operation of the resource. For example, the [Update user](../api/user-update.md) API to set the value for a user.
+> 2. To remove the extension property and its value from an instance of a resource that is specified in **targetObjects**, set the value of the extension property to `null`.
## Properties
Extensions can be added to [user](user.md), [group](group.md), [organization](or
|:-|:|:| |appDisplayName|String| Display name of the application object on which this extension property is defined. Read-only. | |dataType|String| Specifies the data type of the value the extension property can hold. Following values are supported. Not nullable. <ul><li>`Binary` - 256 bytes maximum</li><li>`Boolean`</li><li>`DateTime` - Must be specified in ISO 8601 format. Will be stored in UTC.</li><li>`Integer` - 32-bit value.</li><li>`LargeInteger` - 64-bit value.</li><li>`String` - 256 characters maximum</li></ul>|
+|deletedDateTime|DateTimeOffset|Date and time when this object was deleted. Always `null` when the object hasn't been deleted. Inherited from [directoryObject](directoryobject.md).|
|isSyncedFromOnPremises|Boolean| Indicates if this extension property was synced from on-premises active directory using Azure AD Connect. Read-only. | |name|String| Name of the extension property. Not nullable. | |targetObjects|String collection| Following values are supported. Not nullable. <ul><li>`User`</li><li>`Group`</li><li>`Organization`</li><li>`Device`</li><li>`Application`</li></ul>|
The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
+ "keyProperty": "id",
"@odata.type": "microsoft.graph.extensionProperty",
- "keyProperty": "id"
-}-->
-
-```json
+ "baseType": "microsoft.graph.directoryObject",
+ "openType": true
+}
+-->
+``` json
{
+ "@odata.type": "#microsoft.graph.extensionProperty",
+ "id": "String (identifier)",
+ "deletedDateTime": "String (timestamp)",
"appDisplayName": "String",
- "dataType": "String",
- "isSyncedFromOnPremises": true,
"name": "String",
- "targetObjects": ["String"]
+ "dataType": "String",
+ "isSyncedFromOnPremises": "Boolean",
+ "targetObjects": [
+ "String"
+ ]
} ```
v1.0 Group https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/group.md
This resource supports:
| [delta](../api/group-delta.md) | group collection | Get incremental changes for groups. | | [Add members](../api/group-post-members.md) | None | Add a user or group to this group by posting to the **members** navigation property (supported for security groups and Microsoft 365 groups only). | | [Add owners](../api/group-post-owners.md) | None | Add a new owner for the group by posting to the **owners** navigation property (supported for security groups and Microsoft 365 groups only). |
-| [Create setting](../api/groupsetting-post-groupsettings.md) | [groupSetting](groupsetting.md) | Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
+| [Create setting](../api/group-post-settings.md) | [groupSetting](groupsetting.md) | Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
| [Delete setting](../api/groupsetting-delete.md) | None | Delete a setting object. | | [Get setting](../api/groupsetting-get.md) | [groupSetting](groupsetting.md) | Read properties of a specific setting object. | | [List groupLifecyclePolicies](../api/group-list-grouplifecyclepolicies.md) | [groupLifecyclePolicy](grouplifecyclepolicy.md) collection | List group lifecycle policies. | | [List members](../api/group-list-members.md) | [directoryObject](directoryobject.md) collection | Get the direct members of this group from the **members** navigation property. | | [List owners](../api/group-list-owners.md) | [directoryObject](directoryobject.md) collection | Get the owners of the group from the **owners** navigation property. |
-| [List settings](../api/groupsetting-list.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
+| [List settings](../api/group-list-settings.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
| [List transitive members](../api/group-list-transitivemembers.md) | [directoryObject](directoryobject.md) collection | Get the users, groups and devices that are members, including nested members of this group. | | [List transitive memberOf](../api/group-list-transitivememberof.md) | [directoryObject](directoryobject.md) collection | List the groups that this group is a member of. This operation is transitive and includes the groups that this group is a nested member of. | | [Remove member](../api/group-delete-members.md) | None | Remove a member from a Microsoft 365 group or a security group through the **members** navigation property.|
This resource supports:
| [List rejectedSenders](../api/group-list-rejectedsenders.md) | [directoryObject](directoryobject.md) collection | Get a list of users or groups that are in the rejected-senders list for this group. | | [Add rejectedSender](../api/group-post-rejectedsenders.md) | [directoryObject](directoryobject.md) | Add a new User or Group to the rejectedSenders collection. | | [Remove rejectedSender](../api/group-delete-rejectedsenders.md) | [directoryObject](directoryobject.md) | Remove new User or Group from the rejectedSenders collection. |
-| [Create setting](../api/groupsetting-post-groupsettings.md) | [groupSetting](groupsetting.md) | Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
+| [Create setting](../api/group-post-settings.md) | [groupSetting](groupsetting.md) | Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
| **Directory objects** ||| | [List deleted groups](../api/directory-deleteditems-list.md) | [directoryObject](directoryobject.md) collection | Retrieve the groups deleted in the tenant in the last 30 days. | | [List deleted groups owned by user](../api/directory-deleteditems-user-owned.md) | [directoryObject](directoryobject.md) collection | Retrieve the groups deleted in the tenant in the last 30 days and that are owned by a user. |
This resource supports:
| [getMemberObjects](../api/directoryobject-getmemberobjects.md) | String collection | Return all of the groups and administrative units that the group is a member of. The function is transitive. | | **Group settings** ||| | [Get setting](../api/groupsetting-get.md) | [groupSetting](groupsetting.md) | Read properties of a specific setting object. |
-| [List settings](../api/groupsetting-list.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
+| [List settings](../api/group-list-settings.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
| [Update setting](../api/groupsetting-update.md) | None | Update a setting object. | | [Delete setting](../api/groupsetting-delete.md) | None | Delete a setting object. | | [Get setting template](../api/groupsettingtemplate-get.md) | None | Read properties of a setting template. |
This resource supports:
|photos|[profilePhoto](profilephoto.md) collection| The profile photos owned by the group. Read-only. Nullable.| |planner|[plannerGroup](plannergroup.md)| Entry-point to Planner resource that might exist for a Unified Group.| |rejectedSenders|[directoryObject](directoryobject.md) collection|The list of users or groups that are not allowed to create posts or calendar events in this group. Nullable|
-|settings|[groupSetting](groupsetting.md) collection| Read-only. Nullable.|
+|settings|[groupSetting](groupsetting.md) collection| Settings that can govern this group's behavior, like whether members can invite guest users to the group. Nullable.|
|sites|[site](site.md) collection|The list of SharePoint sites in this group. Access the default site with /sites/root.| |threads|[conversationThread](conversationthread.md) collection| The group's conversation threads. Nullable.|
v1.0 Grouplifecyclepolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/grouplifecyclepolicy.md
Here is a JSON representation of the resource.
{ "alternateNotificationEmails": "String", "groupLifetimeInDays": 180,
- "id": "Guid (identifier)",
+ "id": "String (identifier)",
"managedGroupTypes": "String" }
v1.0 Groupsetting https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/groupsetting.md
Title: "groupSetting resource type"
-description: "Group settings control behaviors such as blocked word lists for group display names or whether guest users are allowed to be group owners."
+description: "Group settings define the configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior. For examples, you can block word lists for group display names or define whether guest users are allowed to be group owners."
ms.localizationpriority: medium ms.prod: "groups"
doc_type: resourcePageType
Namespace: microsoft.graph
-Group settings control behaviors such as blocked word lists for group display names or whether guest users are allowed to be group owners.
+Group settings define the configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior. For examples, you can block word lists for group display names or define whether guest users are allowed to be group owners.
-Group settings can be created based on the available [groupSettingTemplates](groupsettingtemplate.md), and changed from their preset defaults. These settings govern group behaviors at a tenant-wide level or to a specific group. When the same setting is defined at both the tenant-wide and to a specific group, the group-level setting overrides the tenant-wide setting. For example, the tenant-wide setting may allow guests to be invited by existing members of groups, but an individual group setting can override and not allow guests to be invited by members of the group. Group settings only govern Microsoft 365 groups behavior.
+By default, all groups inherit the preset defaults. To change the default settings, you must create a new settings object using the [groupSettingTemplates](groupsettingtemplate.md). When the same setting is defined at both the tenant-wide and to a specific group, the group-level setting overrides the tenant-wide setting. For example, the tenant-wide setting may allow guests to be invited by existing members of groups, but an individual group setting can override and not allow guests to be invited by members of the group.
+
+Group settings apply to only Microsoft 365 groups.
+
+> [!TIP]
+> The `/beta` version of this resource is named [directorySetting](/graph/api/resources/directorysetting?view=graph-rest-beta&preserve-view=true).
## Methods | Method | Return Type | Description | |:|:--|:-|
-|[Create setting](../api/groupsetting-post-groupsettings.md) | [groupSetting](groupsetting.md) |Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. |
+|[Create setting](../api/group-post-settings.md) | [groupSetting](groupsetting.md) |Create a setting object based on a **groupSettingTemplate**.|
|[Get setting](../api/groupsetting-get.md) | [groupSetting](groupsetting.md) | Read properties of a specific setting object. |
-|[List settings](../api/groupsetting-list.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
+|[List settings](../api/group-list-settings.md) | [groupSetting](groupsetting.md) collection | List properties of all setting objects. |
|[Update setting](../api/groupsetting-update.md) | [groupSetting](groupsetting.md) | Update groupsetting object. | |[Delete setting](../api/groupsetting-delete.md) | None | Delete a setting object. |
Group settings can be created based on the available [groupSettingTemplates](gro
|:|:--|:-| |displayName|String| Display name of this group of settings, which comes from the associated template. | |id|String| Unique identifier for these settings. Read-only. |
-|templateId|String| Unique identifier for the template used to create this group of settings. Read-only. |
-|values|[settingValue](settingvalue.md) collection| Collection of name value pairs. Must contain and set all the settings defined in the template. |
+|templateId|String| Unique identifier for the tenant-level [groupSettingTemplates](groupsettingtemplate.md) object that's been customized for this group-level settings object. Read-only. |
+|values|[settingValue](settingvalue.md) collection| Collection of name-value pairs corresponding to the **name** and **defaultValue** properties in the referenced [groupSettingTemplates](groupsettingtemplate.md) object. |
## Relationships
v1.0 Groupsettingtemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/groupsettingtemplate.md
doc_type: resourcePageType
Namespace: microsoft.graph
-Group setting templates represent system-defined settings available to the tenant. [Group settings](groupsetting.md) can be created based on the available **groupSettingTemplates**, and values changed from their preset defaults. Group setting templates cannot be created, updated or deleted. These settings can represent tenant-wide settings, or can represent specific group settings. Currently, the only templates available apply to Microsoft 365 groups, and include settings such as whether users can create groups or invite guests from outside the organization to become members of a group.
+Group setting templates represent system-defined settings available to the tenant. [Group settings](groupsetting.md) can be created based on the available **groupSettingTemplates**, and values changed from their preset defaults. Group setting templates cannot be created, updated or deleted. These settings can represent tenant-wide settings, or can represent specific group settings. Currently, the only templates available for groups apply to Microsoft 365 groups, and include settings such as whether users can create groups or invite guests from outside the organization to become members of a group.
+
+For more information about the available Microsoft 365 group settings, see [Template settings](/azure/active-directory/enterprise-users/groups-settings-cmdlets).
+
+> [!TIP]
+> The `/beta` version of this resource is named [directorySettingTemplate](/graph/api/resources/directorysettingtemplate?view=graph-rest-beta&preserve-view=true).
## Methods
Group setting templates represent system-defined settings available to the tenan
| Property | Type | Description | |:|:--|:-| |description|String| Description of the template. |
-|displayName|String| Display name of the template. |
+|displayName|String| Display name of the template. The template named `Group.Unified` can be used to configure tenant-wide Microsoft 365 group settings, while the template named `Group.Unified.Guest` can be used to configure group-specific settings.|
|id|String| Unique identifier for the template. Read-only.| |values|[settingTemplateValue](settingtemplatevalue.md) collection| Collection of settingTemplateValues that list the set of available settings, defaults and types that make up this template. |
v1.0 List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/list.md
Previously updated : 09/11/2017 Title: List
+ Title: List resource
ms.localizationpriority: high ms.prod: "sharepoint" description: "The list resource represents a list in a site."
All examples below are relative to a site, for example, `https://graph.microsoft
[Create list item]: ../api/listitem-create.md [Get WebSocket channel]: ../api/subscriptions-socketio.md
-## JSON representation
-
-Here is a JSON representation of a **list** resource.
-
-<!--{
- "blockType": "resource",
- "optionalProperties": [
- "items",
- "drive"
- ],
- "keyProperty": "id",
- "baseType": "microsoft.graph.baseItem",
- "@odata.type": "microsoft.graph.list"
-}-->
-
-```json
-{
- "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
- "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
- "displayName": "title of list",
- "drive": { "@odata.type": "microsoft.graph.drive" },
- "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
- "list": {
- "@odata.type": "microsoft.graph.listInfo",
- "hidden": false,
- "template": "documentLibrary | genericList | survey | links | announcements | contacts | accessRequest ..."
- },
- "system": false,
- "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
-
- /* inherited from baseItem */
- "id": "string",
- "name": "name of list",
- "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
- "createdDateTime": "timestamp",
- "description": "description of list",
- "eTag": "string",
- "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
- "lastModifiedDateTime": "timestamp",
- "parentReference": { "@odata.type": "microsoft.graph.itemReference" },
- "sharepointIds": { "@odata.type": "microsoft.graph.sharepointIds" },
- "webUrl": "url to visit the list in a browser"
-}
-```
- ## Properties The **list** resource has the following properties.
The **list** resource has the following relationships to other resources.
[systemFacet]: systemfacet.md [subscription]: subscription.md
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!--{
+ "blockType": "resource",
+ "optionalProperties": [
+ "items",
+ "drive"
+ ],
+ "keyProperty": "id",
+ "baseType": "microsoft.graph.baseItem",
+ "@odata.type": "microsoft.graph.list"
+}-->
+
+```json
+{
+ "columns": [ { "@odata.type": "microsoft.graph.columnDefinition" }],
+ "contentTypes": [ { "@odata.type": "microsoft.graph.contentType" }],
+ "displayName": "title of list",
+ "drive": { "@odata.type": "microsoft.graph.drive" },
+ "items": [ { "@odata.type": "microsoft.graph.listItem" } ],
+ "list": {
+ "@odata.type": "microsoft.graph.listInfo",
+ "hidden": false,
+ "template": "documentLibrary | genericList | survey | links | announcements | contacts | accessRequest ..."
+ },
+ "system": false,
+ "subscriptions": [ {"@odata.type": "microsoft.graph.subscription"} ],
+
+ /* inherited from baseItem */
+ "id": "string",
+ "name": "name of list",
+ "createdBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "createdDateTime": "timestamp",
+ "description": "description of list",
+ "eTag": "string",
+ "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" },
+ "lastModifiedDateTime": "timestamp",
+ "parentReference": { "@odata.type": "microsoft.graph.itemReference" },
+ "sharepointIds": { "@odata.type": "microsoft.graph.sharepointIds" },
+ "webUrl": "url to visit the list in a browser"
+}
+```
+ <!-- { "type": "#page.annotation", "description": "",
v1.0 Onpremisesextensionattributes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/onpremisesextensionattributes.md
Namespace: microsoft.graph
The return type of the **onPremisesExtensionAttributes** property of the [user](user.md) object and **extensionAttributes** property of the [device](device.md) object. Returns fifteen custom extension attribute properties.
-On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
+On the [user](user.md) entity and for an **onPremisesSyncEnabled** user, the source of authority for this set of properties is the on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where **onPremisesSyncEnabled** is `false` or `null`), these properties can be set during [creation](../api/user-post-users.md) or [update](../api/user-update.md). If a cloud-only user was previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell.
The **extensionAttributes** property of the [device](device.md) entity is managed only in Azure AD during device [creation](../api/device-post-devices.md) or [update](../api/device-update.md).
v1.0 Permissionscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/permissionscope.md
Here is a JSON representation of the resource
```json {
- "id": "guid",
- "adminConsentDisplayName": "string",
- "adminConsentDescription": "string",
- "userConsentDisplayName": "string",
- "userConsentDescription": "string",
- "value": "string",
- "type": "string",
+ "id": "Guid",
+ "adminConsentDisplayName": "String",
+ "adminConsentDescription": "String",
+ "userConsentDisplayName": "String",
+ "userConsentDescription": "String",
+ "value": "String",
+ "type": "String",
"isEnabled": true } ```
v1.0 Plannertaskdetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/plannertaskdetails.md
Title: "plannerTaskDetails resource type"
-description: "The **plannerTaskDetails** resource represents the additional information about a task. Each task object has a details object."
+description: "Represents the additional information about a task. Each task object has a details object."
ms.localizationpriority: medium ms.prod: "planner"
doc_type: resourcePageType
Namespace: microsoft.graph
-The **plannerTaskDetails** resource represents the additional information about a task. Each [task](plannertask.md) object has a details object.
+Represents the additional information about a task. Each [task](plannertask.md) object has a details object.
## Methods
The **plannerTaskDetails** resource represents the additional information about
| Property | Type |Description| |:|:--|:-| |checklist|[plannerChecklistItems](plannerchecklistitems.md)|The collection of checklist items on the task.|
-|description|String|Description of the task|
+|description|String|Description of the task.|
|id|String| Read-only. ID of the task details. It is 28 characters long and case-sensitive. [Format validation](planner-identifiers-disclaimer.md) is done on the service.| |previewType|string|This sets the type of preview that shows up on the task. The possible values are: `automatic`, `noPreview`, `checklist`, `description`, `reference`. When set to `automatic` the displayed preview is chosen by the app viewing the task.| |references|[plannerExternalReferences](plannerexternalreferences.md)|The collection of references on the task.| ## Relationships
-None
+None.
## JSON representation
-Here is a JSON representation of the resource.
+The following is a JSON representation of the resource.
<!--{ "blockType": "resource",
Here is a JSON representation of the resource.
"previewType": "string", "references": {"@odata.type": "microsoft.graph.plannerExternalReferences"} }- ``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 Presence https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/presence.md
This resource supports subscribing to [change notifications](/graph/webhooks).
## Properties
-| Relationship | Type | Description |
+| Property | Type | Description |
| :-- | :- | : | | id | string | The user object id | | availability | string collection | The base presence information for a user. Possible values are `Available`, `AvailableIdle`, `Away`, `BeRightBack`, `Busy`, `BusyIdle`, `DoNotDisturb`, `Offline`, `PresenceUnknown` |
v1.0 Resourceaccess https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resourceaccess.md
The following is a JSON representation of the resource.
```json {
- "id": "GUID",
+ "id": "Guid",
"type": "String" }
v1.0 Resourcedata https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resourcedata.md
ms.prod: "change-notifications"
Namespace: microsoft.graph
-Represents the resouce data attached to the change notification sent to the subscriber.
+Represents the resource data attached to the change notification sent to the subscriber. This resource is an open type and allows other properties to be passed in.
For details, see [Use the Microsoft Graph API to get change notifications](webhooks.md).
None.
## Properties
-For Outlook resources, **resourceData** contains the following fields:
+None except for Outlook resources where **resourceData** contains the following fields:
| Property | Type | Description | |:|:--|:|
-| @odata.type | string | The OData entity type in Microsoft Graph that describes the represented object. |
-| @odata.id | string | The OData identifier of the object. |
-| @odata.etag | string | The HTTP entity tag that represents the version of the object. |
-| id | string | The identifier of the object. |
+| @odata.type | String | The OData entity type in Microsoft Graph that describes the represented object. |
+| @odata.id | String | The OData identifier of the object. |
+| @odata.etag | String | The HTTP entity tag that represents the version of the object. |
+| id | String | The identifier of the object. |
-> **Note:** The `id` value provided in **resourceData** is valid at the time the change notification was generated. Some actions, such as moving a message to another folder, might result in the `id` no longer being valid when the change notification is processed.
+> **Note:** The **id** value provided in **resourceData** is valid at the time the change notification was generated. Some actions, such as moving a message to another folder, might result in the `id` no longer being valid when the change notification is processed.
## Relationships
The following is a JSON representation of the resource.
<!-- { "blockType": "resource", "optionalProperties": [-
+ "@odata.type",
+ "@odata.id",
+ "@odata.etag",
+ "id"
], "@odata.type": "microsoft.graph.resourceData" }--> ```json {
- "id": "1565293727947",
- "@odata.type": "#Microsoft.Graph.ChatMessage",
- "@odata.id": "teams('88cbc8fc-164b-44f0-b6a6-b59b4a1559d3')/channels('19:8d9da062ec7647d4bb1976126e788b47@thread.tacv2')/messages('1565293727947')/replies('1565293727947')"
+ "@odata.type": "#microsoft.graph.resourceData"
} ```
v1.0 Resulttemplate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resulttemplate.md
+
+ Title: "resultTemplate resource type"
+description: "Represents a dictionary of resultTemplateIds and associated values, which include the name and JSON schema of the result templates."
+ms.localizationpriority: medium
+++
+# resultTemplate resource type
+
+Namespace: microsoft.graph
+
+Represents a dictionary of **resultTemplateIds** and associated values, which includes the name and JSON schema of the result templates.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|body|Json|JSON schema of the result template.|
+|displayName|String|Name of the result template.|
+|key|String|ID of a result template. The **key** property must map to a **resultTemplateId** in the [searchHit](searchhit.md) collection.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.resultTemplate",
+ "baseType": null
+}-->
++
+```json
+{
+ "resultTemplateId": {
+ "displayName": "String",
+ "body":{
+ "@odata.type":"microsoft.graph.Json"
+ }
+ }
+}
+```
++
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "resultTemplate resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Resulttemplateoption https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/resulttemplateoption.md
+
+ Title: "resultTemplateOption resource type"
+description: "Provides the search result template options to render search results from connectors."
+ms.localizationpriority: medium
+++
+# resultTemplateOption resource type
+
+Namespace: microsoft.graph
+
+Provides the search result template options to render search results from connectors.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|enableResultTemplate|Boolean|Indicates whether search display layouts are enabled. If enabled, the user will get the result template to render the search results content in the **resultTemplates** property of the [response](/graph/api/resources/searchresponse). The result template is based on [Adaptive Cards](https://adaptivecards.io/). Optional. |
++
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.resultTemplateOption",
+ "baseType": null
+}-->
+
+```json
+ {
+ "enableResultTemplate": "Boolean"
+ }
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "resultTemplateOption resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/riskdetection.md
For more information about risk events, see [Azure Active Directory Identity Pro
## Properties |Property|Type|Description| |:|:|:|
-|activity|activityType|Indicates the activity type the detected risk is linked to. . Possible values are: `signin`, `user`, `unknownFutureValue`.|
+|activity|activityType|Indicates the activity type the detected risk is linked to. Possible values are: `signin`, `user`, `unknownFutureValue`.|
|activityDateTime|DateTimeOffset|Date and time that the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: `2014-01-01T00:00:00Z`|
-|additionalInfo|String|Additional information associated with the risk detection in JSON format.|
+|additionalInfo|String|Additional information associated with the risk detection in JSON format. For example, `"[{\"Key\":\"userAgent\",\"Value\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36\"}]"`. Possible keys in the additionalInfo JSON string are: `userAgent`, `alertUrl`, `relatedEventTimeInUtc`, `relatedUserAgent`, `deviceInformation`, `relatedLocation`, `requestId`, `correlationId`, `lastActivityTimeInUtc`, `malwareName`, `clientLocation`, `clientIp`, `riskReasons`. <br/>For more information about riskReasons and possible values, see [riskReasons values](#riskreasons-values). |
|correlationId|String|Correlation ID of the sign-in associated with the risk detection. This property is `null` if the risk detection is not associated with a sign-in.|
-|detectedDateTime|DateTimeOffset|Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: `2014-01-01T00:00:00Z`|
+|detectedDateTime|DateTimeOffset|Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: `2014-01-01T00:00:00Z`|
|detectionTimingType|riskDetectionTimingType|Timing of the detected risk (real-time/offline). Possible values are: `notDefined`, `realtime`, `nearRealtime`, `offline`, `unknownFutureValue`.| |id|String|Unique ID of the risk detection. Inherited from [entity](../resources/entity.md)| |ipAddress|String|Provides the IP address of the client from where the risk occurred.|
For more information about risk events, see [Azure Active Directory Identity Pro
|location|[signInLocation](../resources/signinlocation.md)|Location of the sign-in.| |requestId|String|Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.| |riskDetail|riskDetail|Details of the detected risk. Possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`.|
-|riskEventType|String|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `mcasImpossibleTravel`, `mcasSuspiciousInboxManipulationRules`, `investigationsThreatIntelligenceSigninLinked`, `maliciousIPAddressValidCredentialsBlockedIP`, and `unknownFutureValue`. If the risk detection is a premium detection, will show `generic`|
+|riskEventType|String|The type of risk event detected. The possible values are `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`,`adminConfirmedUserCompromised`, `passwordSpray`, `impossibleTravel`, `newCountry`, `anomalousToken`, `tokenIssuerAnomaly`,`suspiciousBrowser`, `riskyIPAddress`, `mcasSuspiciousInboxManipulationRules`, `suspiciousInboxForwarding`, and `unknownFutureValue`. If the risk detection is a premium detection, will show `generic`. <br/>For more information about each value, see [riskEventType values](#riskeventtype-values).|
|riskLevel|riskLevel|Level of the detected risk. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.| |riskState|riskState|The state of a detected risky user or sign-in. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.| |source|String|Source of the risk detection. For example, `activeDirectory`. |
For more information about risk events, see [Azure Active Directory Identity Pro
|userId|String|Unique ID of the user.| |userPrincipalName|String|The user principal name (UPN) of the user.|
+### riskEventType values
+
+| Name | UI Display Name | Description |
+|--|--|--|
+| unlikelyTravel | Atypical travel | Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior. |
+| anonymizedIPAddress | Anonymous IP address | Indicates sign-ins from an anonymous IP address, for example, using an anonymous browser or VPN. |
+| maliciousIPAddress | Malicious IP address | Indicates sign-ins from a malicious IP address. An IP address is considered malicious based on high failure rates because of invalid credentials received from the IP address or other IP reputation sources. |
+| unfamiliarFeatures | Unfamiliar sign-in properties | Indicates sign-ins with characteristics that deviate from past sign-in properties. |
+| malwareInfectedIPAddress | Malware linked IP address | Indicates sign-ins from IP addresses infected with malware. Deprecated and no longer generated for new detections. |
+| suspiciousIPAddress | Malicious IP address | Identifies logins from IP addresses that are known to be malicious at the time of the sign in. |
+| leakedCredentials | Leaked credentials | Indicates that the user's valid credentials have been leaked. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. |
+| investigationsThreatIntelligence | Azure AD threat intelligence | Indicates a sign-in activity that is unusual for the given user or is consistent with known attack patterns based on Microsoft's internal and external threat intelligence sources. |
+| generic | Additional risk detected | Indicates that the user was not enabled for Identity Protection. |
+| adminConfirmedUserCompromised | Admin confirmed user compromised | Indicates that an administrator has [confirmed the user is compromised](../api/riskyuser-confirmcompromised.md). |
+| passwordSpray | Password spray | Indicates that multiple usernames are attacked using common passwords in a unified brute force manner to gain unauthorized access. |
+| anomalousToken | Anomalous Token | Indicates that there are abnormal characteristics in the token such as an unusual token lifetime or a token that is played from an unfamiliar location. |
+| tokenIssuerAnomaly | Token Issuer Anomaly | Indicates that The SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns. |
+| suspiciousBrowser | Suspicious browser | Suspicious sign-in activity across multiple tenants from different countries in the same browser. |
+| impossibleTravel | Impossible travel | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies two user activities (a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. |
+| newCountry | New country | This detection is discovered by Microsoft Cloud App Security (MCAS). The sign-in occurred from a location that wasn't recently or never visited by the given user. |
+| riskyIPAddress | Activity from anonymous IP address | This detection is discovered by Microsoft Cloud App Security (MCAS). Users were active from an IP address that has been identified as an anonymous proxy IP address. |
+| mcasSuspiciousInboxManipulationRules | Suspicious inbox manipulation rules | Discovered by Microsoft Defender for Cloud Apps (MDCA). Identifies suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address.|
+| suspiciousInboxForwarding | Suspicious inbox forwarding | This detection is discovered by Microsoft Cloud App Security (MCAS). It looks for suspicious email forwarding rules, for example, if a user created an inbox rule that forwards a copy of all emails to an external address. |
+| unknownFutureValue | N/A | Evolvable enumeration sentinel value. Do not use. |
+
+### riskReasons values
+
+| riskEventType | Value | UI display string |
+|--|--|--|
+| `investigationsThreatIntelligence` | `suspiciousIP` | This sign-in was from a suspicious IP address |
+| `investigationsThreatIntelligence` | `passwordSpray` | This user account was attacked by a password spray. |
+ ## Relationships None.
v1.0 Schemaextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/schemaextension.md
See the [schema extension example](/graph/extensibility-schema-groups) to learn
| Property | Type |Description| |:|:--|:-| |description|String|Description for the schema extension. Supports `$filter` (`eq`).|
-|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). |
+|id|String|The unique identifier for the schema extension definition. <br>You can assign a value in one of two ways: <ul><li>Concatenate the name of one of your verified domains with a name for the schema extension to form a unique string in this format, \{_&#65279;domainName_\}\_\{_&#65279;schemaName_\}. As an example, `contoso_mySchema`. </li><li>Provide a schema name, and let Microsoft Graph use that schema name to complete the **id** assignment in this format: ext\{_&#65279;8-random-alphanumeric-chars_\}\_\{_&#65279;schema-name_\}. An example would be `extkvbmkofy_mySchema`.</li></ul>This property cannot be changed after creation. Supports `$filter` (`eq`). **Note:** We recommend that your **id** starts with an alphabetic letter between A-Z because query capabilities might be limited for IDs that begin with integers. |
|owner|String|The `appId` of the application that is the owner of the schema extension. This property can be supplied on creation, to set the owner. If not supplied, then the calling application's `appId` will be set as the owner. In either case, the signed-in user must be the owner of the application. So, for example, if creating a new schema extension definition using Graph Explorer, you **must** supply the owner property. Once set, this property is read-only and cannot be changed. Supports `$filter` (`eq`).| |properties|[extensionSchemaProperty](extensionschemaproperty.md) collection|The collection of property names and types that make up the schema extension definition.| |status|String|The lifecycle state of the schema extension. Possible states are **InDevelopment**, **Available**, and **Deprecated**. Automatically set to **InDevelopment** on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|
v1.0 Search Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/search-api-overview.md
Search requests run on behalf of the user. Search results are scoped to enforce
|[Use KQL in query terms](#keyword-query-language-kql-support) | **query** | |[Sort search results](#sort-search-results)| **sort** | |[Refine results using aggregations](#refine-results-using-aggregations)| **aggregations** |
+|[Request spelling correction](#request-spelling-correction)| **queryAlterationOptions** |
+|[Search display layout](#search-display-layout) (preview)| **resultTemplateOptions**|
## Scope search based on entity types
Once the response is returned containing the collection of [searchBucket](search
Aggregations are currently supported for any refinable property on the following SharePoint and OneDrive types: [driveItem](driveitem.md), [listItem](listitem.md), [list](list.md), [site](site.md), and on Microsoft Graph connectors [externalItem](externalconnectors-externalitem.md).
-See [refine search results](/graph/search-concept-aggregation) for examples that show using aggregation to enhance and narrow down search results.
+For examples that show how to use aggregation to enhance and narrow down search results, see [Refine search results](/graph/search-concept-aggregation).
+
+## Request spelling correction
+
+Spelling correction is a popular way to handle mismatches between typos in a user query and the correct words in matched contents. When typos are detected in the original user query, you can get the search result either for the original user query or the corrected alternate query. You can also get the spelling correction information for typos in the **queryAlterationResponse** property of the [searchResponse](searchresponse.md).
+
+In the request body of the [query](/graph/api/search-query) method, specify the **queryAlterationOptions** that should be applied to the query for the spelling corrections. The description of **queryAlterationOptions** is defined in the [searchRequest](./searchrequest.md).
+
+For examples that show how to use spelling corrections, see [Request spelling correction](/graph/search-concept-speller).
+
+## Search display layout
+
+The search API allows you to render search results from [connectors](/microsoftsearch/connectors-overview) by using the display layout or the result template configured by the IT admin for each connector. The result templates are [Adaptive Cards](https://adaptivecards.io/), which are a semantically meaningful combination of layout and data.
+
+To get the result template in the [searchResponse](searchresponse.md) you have to set the **enableResultTemplate** property to **true**, which is defined in the [resultTemplateOptions](./resulttemplateoption.md) in the [searchRequest](./searchrequest.md). The response includes a **resultTemplateId** for every [searchHit](./searchhit.md), which maps to one of the display layouts included in the **resultTemplates** dictionary that is part of the response.
+
+For examples that show how to render search results, see [Use search display layout](/graph/search-concept-display-layout).
## Error handling
Any combinations involving **message**, **event**, SharePoint and OneDrive types
- [Search content in SharePoint and OneDrive](/graph/search-concept-files) - [Sort search results](/graph/search-concept-sort) - [Refine search results](/graph/search-concept-aggregation)
+ - [Request spelling correction](/graph/search-concept-speller)
+ - [Use search display layout](/graph/search-concept-display-layout)
- Explore the search APIs in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer). - Find out about the [latest new features and updates](/graph/whats-new-overview) for this API set.
v1.0 Searchalteration https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchalteration.md
+
+ Title: "searchAlteration resource type"
+description: "Provides the details about the search alteration for spelling correction."
+ms.localizationpriority: medium
+++
+# searchAlteration resource type
+
+Namespace: microsoft.graph
+
+Provides the details about the search alteration for spelling correction.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|alteredHighlightedQueryString|String| Defines the altered highlighted query string with spelling correction. The annotation around the corrected segment is: `\ue000, \ue001`.|
+|alteredQueryString|String| Defines the altered query string with spelling correction.|
+|alteredQueryTokens|[alteredQueryToken](alteredquerytoken.md) collection| Represents changed segments related to an original user query.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.searchAlteration",
+ "baseType": null
+}-->
+
+```json
+{
+ "alteredHighlightedQueryString": "String",
+ "alteredQueryString": "String",
+ "alteredQueryTokens": [{"@odata.type": "microsoft.graph.alteredQueryToken"}]
+}
+```
v1.0 Searchalterationoptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchalterationoptions.md
+
+ Title: "searchAlterationOptions resource type"
+description: "Provides the search alteration options for spelling correction."
+ms.localizationpriority: medium
+++
+# searchAlterationOptions resource type
+
+Namespace: microsoft.graph
+
+Provides the search alteration options for spelling correction.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|enableModification|Boolean|Indicates whether spelling modifications are enabled. If enabled, the user will get the search results for the corrected query *in case of no results* for the original query with typos. The [response](/graph/api/resources/searchresponse) will also include the spelling modification information in the **queryAlterationResponse** property. Optional.|
+|enableSuggestion|Boolean|Indicates whether spelling suggestions are enabled. If enabled, the user will get the search results for the original search query and suggestions for spelling correction in the **queryAlterationResponse** property of the [response](/graph/api/resources/searchresponse) for the typos in the query. Optional.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.searchAlterationOptions",
+ "baseType": null
+}-->
+
+```json
+{
+ "enableModification": "Boolean",
+ "enableSuggestion": "Boolean"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "searchAlterationOptions resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Searchhit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchhit.md
Represents a single result within the list of search results.
| Property | Type | Description | |:-|:|:|
+|contentSource|String|The name of the content source which the **externalItem** is part of .|
|hitId|String|The internal identifier for the item.| |rank|Int32|The rank or the order of the result.|
-|contentSource|String|The name of the content source which the **externalItem** is part of .|
-|summary|String|A summary of the result, if a summary is available.|
+|resultTemplateId|String|ID of the result template used to render the search result. This ID must map to a display layout in the **resultTemplates** dictionary that is also included in the [searchResponse](searchresponse.md).|
|resource|[entity](entity.md)|The underlying Microsoft Graph representation of the search result.|
+|summary|String|A summary of the result, if a summary is available.|
## JSON representation
The following is a JSON representation of the resource.
```json {
- "hitId": "String",
- "rank": 1,
- "summary": "String",
"contentSource": "String",
- "resource": { "@odata.type": "microsoft.graph.entity" }
+ "hitId": "String",
+ "rank": "Int32",
+ "resultTemplateId": "String",
+ "resource": { "@odata.type": "microsoft.graph.entity" },
+ "summary": "String"
} ```
v1.0 Searchrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchrequest.md
The JSON blob contains the types of resources expected in the response, the unde
## Properties
-| Property | Type | Description
-|:-|:|:
-|aggregations|[aggregationOption](aggregationOption.md) collection|Specifies aggregations (also known as refiners) to be returned alongside search results. Optional.|
+| Property | Type | Description|
+|:-|:|:|
|aggregationFilters|String collection|Contains one or more filters to obtain search results aggregated and filtered to a specific value of a field. Optional.<br>Build this filter based on a prior search that aggregates by the same field. From the response of the prior search, identify the [searchBucket](searchBucket.md) that filters results to the specific value of the field, use the string in its **aggregationFilterToken** property, and build an aggregation filter string in the format **"{field}:\\"{aggregationFilterToken}\\""**. <br>If multiple values for the same field need to be provided, use the strings in its **aggregationFilterToken** property and build an aggregation filter string in the format **"{field}:or(\\"{aggregationFilterToken1}\\",\\"{aggregationFilterToken2}\\")"**. <br>For example, searching and aggregating drive items by file type returns a **searchBucket** for the file type `docx` in the response. You can conveniently use the **aggregationFilterToken** returned for this **searchBucket** in a subsequent search query and filter matches down to drive items of the `docx` file type. [Example 1](/graph/search-concept-aggregation#example-1-request-aggregations-by-string-fields) and [example 2](/graph/search-concept-aggregation#example-2-apply-an-aggregation-filter-based-on-a-previous-request) show the actual requests and responses.|
+|aggregations|[aggregationOption](aggregationOption.md) collection|Specifies aggregations (also known as refiners) to be returned alongside search results. Optional.|
|contentSources|String collection|Contains the connection to be targeted.| |enableTopResults|Boolean|This triggers hybrid sort for messages : the first 3 messages are the most relevant. This property is only applicable to entityType=`message`. Optional.| |entityTypes|entityType collection| One or more types of resources expected in the response. Possible values are: `list`, `site`, `listItem`, `message`, `event`, `drive`, `driveItem`, `externalItem`. See [known limitations](search-api-overview.md#known-limitations) for those combinations of two or more entity types that are supported in the same search request. Required.|
-|fields|String collection |Contains the fields to be returned for each resource object specified in **entityTypes**, allowing customization of the fields returned by default otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive. Optional.|
+|fields|String collection |Contains the fields to be returned for each resource object specified in **entityTypes**, allowing customization of the fields returned by default; otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive, or custom fields in **externalItem** from the content that Microsoft Graph connectors bring in. The **fields** property can use the [semantic labels](/microsoftsearch/configure-connector#step-6-assign-property-labels) applied to properties. For example, if a property is labeled as title, you can retrieve it using the following syntax: `label_title`. Optional.|
|from|Int32|Specifies the offset for the search results. Offset 0 returns the very first result. Optional.| |query|[searchQuery](searchquery.md)|Contains the query terms. Required.|
+|queryAlterationOptions|[searchAlterationOptions](searchalterationoptions.md)|Query alteration options formatted in a JSON blob that contains two optional flags related to spelling correction. Optional. |
+|resultTemplateOptions|[resultTemplateOption](resulttemplateoption.md) collection|Provides the search result template options to render search results from connectors.|
|size|Int32|The size of the page to be retrieved. Optional.| |sortProperties|[sortProperty](sortProperty.md) collection|Contains the ordered collection of fields and direction to sort results. There can be at most 5 sort properties in the collection. Optional.|
The following is a JSON representation of the resource.
```json {
+ "aggregationFilters": ["String"],
+ "aggregations": {"@odata.type": "microsoft.graph.aggregationOption"},
+ "enableTopResults": "Boolean",
"entityTypes": ["String"], "contentSources": ["String"],
- "query": {"@odata.type": "microsoft.graph.searchQuery"},
- "from": 1024,
- "size": 1024,
"fields": ["String"],
- "enableTopResults": true
+ "from": "Int32",
+ "query": {"@odata.type": "microsoft.graph.searchQuery"},
+ "queryAlterationOptions": {"@odata.type": "microsoft.graph.searchAlterationOptions"},
+ "resultTemplateOptions": [{"@odata.type": "microsoft.graph.resultTemplateOption"}],
+ "size": "Int32"
} ```
The following is a JSON representation of the resource.
- Search content in SharePoint and OneDrive ([files, lists and sites](/graph/search-concept-files)) - [Sort](/graph/search-concept-sort) search results - Use [aggregations](/graph/search-concept-aggregations) to refine search results-
+- Use [display layout](/graph/search-concept-display-layout.md)
+- Enable [spell corrections](/graph/search-concept-speller) in search results
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
v1.0 Searchresponse https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/searchresponse.md
Represents results from a search query, and the terms used for the query.
| Property | Type | Description | |:-|:|:| |hitsContainers|[searchHitsContainer](searchhitscontainer.md) collection|A collection of search results.|
+|resultTemplates|[resultTemplate](resulttemplate.md) collection|A dictionary of **resultTemplateIds** and associated values, which include the name and JSON schema of the result templates.|
|searchTerms|String collection|Contains the search terms sent in the initial search query.|
+|queryAlterationResponse|[alterationResponse](alterationresponse.md)|Provides information related to spelling corrections in the alteration response.|
## JSON representation
The following is a JSON representation of the resource.
```json { "hitsContainers": [{"@odata.type": "microsoft.graph.searchHitsContainer"}],
+ "queryAlterationResponse": {"@odata.type": "microsoft.graph.alterationResponse"},
+ "resultTemplates": [{"@odata.type":"microsoft.graph.resultTemplateDictionary"}],
"searchTerms": ["String"] } ```
v1.0 Serviceannouncement https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceannouncement.md
A top-level container for service communications resources.
None. ## Relationships
-|Property|Type|Description|
+|Relationship|Type|Description|
|-|-|-| |messages|Collection([serviceUpdateMessage](serviceupdatemessage.md))|A collection of service messages for tenant. This property is a contained navigation property, it is nullable and readonly.| |healthOverviews|Collection([serviceHealth](servicehealth.md))|A collection of service health information for tenant. This property is a contained navigation property, it is nullable and readonly.|
v1.0 Serviceplaninfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceplaninfo.md
Here is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "provisioningStatus": "string",
- "servicePlanId": "guid",
- "servicePlanName": "string"
+ "appliesTo": "String",
+ "provisioningStatus": "String",
+ "servicePlanId": "Guid",
+ "servicePlanName": "String"
} ```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|appDisplayName|String|The display name exposed by the associated application.| |appId|String|The unique identifier for the associated application (its **appId** property). Supports `$filter` (`eq`, `ne`, `not`, `in`, `startsWith`).| |applicationTemplateId|String|Unique identifier of the applicationTemplate that the servicePrincipal was created from. Read-only. Supports `$filter` (`eq`, `ne`, `NOT`, `startsWith`).|
-|appOwnerOrganizationId|String|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications. Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
+|appOwnerOrganizationId|Guid|Contains the tenant id where the application is registered. This is applicable only to service principals backed by applications. Supports `$filter` (`eq`, `ne`, `NOT`, `ge`, `le`).|
|appRoleAssignmentRequired|Boolean|Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is `false`. Not nullable. <br><br>Supports `$filter` (`eq`, `ne`, `NOT`). | |appRoles|[appRole](approle.md) collection|The roles exposed by the application which this service principal represents. For more information see the **appRoles** property definition on the [application](application.md) entity. Not nullable. | | deletedDateTime | DateTimeOffset | The date and time the service principal was deleted. Read-only. |
Here is a JSON representation of the resource
{ "accountEnabled": true, "addIns": [{"@odata.type": "microsoft.graph.addIn"}],
- "alternativeNames": ["string"] ,
- "appDisplayName": "string",
- "appId": "string",
- "appOwnerOrganizationId": "guid",
+ "alternativeNames": ["String"] ,
+ "appDisplayName": "String",
+ "appId": "String",
+ "appOwnerOrganizationId": "Guid",
"appRoleAssignmentRequired": true, "appRoles": [{"@odata.type": "microsoft.graph.appRole"}],
- "disabledByMicrosoftStatus": "string",
- "displayName": "string",
- "homepage": "string",
- "id": "string (identifier)",
+ "disabledByMicrosoftStatus": "String",
+ "displayName": "String",
+ "homepage": "String",
+ "id": "String (identifier)",
"info": {"@odata.type": "microsoft.graph.informationalUrl"}, "keyCredentials": [{"@odata.type": "microsoft.graph.keyCredential"}],
- "logoutUrl": "string",
- "notes": "string",
+ "logoutUrl": "String",
+ "notes": "String",
"oauth2PermissionScopes": [{"@odata.type": "microsoft.graph.permissionScope"}], "passwordCredentials": [{"@odata.type": "microsoft.graph.passwordCredential"}],
- "replyUrls": ["string"],
- "servicePrincipalNames": ["string"],
- "servicePrincipalType": "string",
- "tags": ["string"],
+ "replyUrls": ["String"],
+ "servicePrincipalNames": ["String"],
+ "servicePrincipalType": "String",
+ "tags": ["String"],
"tokenEncryptionKeyId": "String", "verifiedPublisher": {"@odata.type": "microsoft.graph.verifiedPublisher"} }
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/subscribedsku.md
The following is a JSON representation of the resource
```json {
- "appliesTo": "string",
- "capabilityStatus": "string",
+ "appliesTo": "String",
+ "capabilityStatus": "String",
"consumedUnits": 1024,
- "id": "string (identifier)",
+ "id": "String (identifier)",
"prepaidUnits": {"@odata.type": "microsoft.graph.licenseUnitsDetail"}, "servicePlans": [{"@odata.type": "microsoft.graph.servicePlanInfo"}],
- "skuId": "guid",
- "skuPartNumber": "string"
+ "skuId": "Guid",
+ "skuPartNumber": "String"
} ```
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/subscription.md
For the possible resource path values for each supported resource and to learn h
| Property | Type | Description | Supported Resources | |:|:--|:|:--|
-| applicationId | String | Identifier of the application used to create the subscription. Read-only. | All |
+| applicationId | String | Optional. Identifier of the application used to create the subscription. Read-only. | All |
| changeType | String | Required. Indicates the type of change in the subscribed resource that will raise a change notification. The supported values are: `created`, `updated`, `deleted`. Multiple values can be combined using a comma-separated list. <br><br>**Note:** <li> Drive root item and list change notifications support only the `updated` changeType. <li>[User](../resources/user.md) and [group](../resources/user.md) change notifications support `updated` and `deleted` changeType. | All | | clientState | String | Optional. Specifies the value of the `clientState` property sent by the service in each change notification. The maximum length is 128 characters. The client can check that the change notification came from the service by comparing the value of the `clientState` property sent with the subscription with the value of the `clientState` property received with each change notification. | All |
-| creatorId | String | Identifier of the user or service principal that created the subscription. If the app used delegated permissions to create the subscription, this field contains the id of the signed-in user the app called on behalf of. If the app used application permissions, this field contains the id of the service principal corresponding to the app. Read-only. | All |
-| encryptionCertificate | String | A base64-encoded representation of a certificate with a public key used to encrypt resource data in change notifications. Optional but required when **includeResourceData** is `true`. | All |
+| creatorId | String | Optional. Identifier of the user or service principal that created the subscription. If the app used delegated permissions to create the subscription, this field contains the id of the signed-in user the app called on behalf of. If the app used application permissions, this field contains the id of the service principal corresponding to the app. Read-only. | All |
+| encryptionCertificate | String | Optional. A base64-encoded representation of a certificate with a public key used to encrypt resource data in change notifications. Optional but required when **includeResourceData** is `true`. | All |
| encryptionCertificateId | String | Optional. A custom app-provided identifier to help identify the certificate needed to decrypt resource data. | All | | expirationDateTime | DateTimeOffset | Required. Specifies the date and time when the webhook subscription expires. The time is in UTC, and can be an amount of time from subscription creation that varies for the resource subscribed to. For the maximum supported subscription length of time, see [the table below](#maximum-length-of-subscription-per-resource-type). | All |
-| id | String | Unique identifier for the subscription. Read-only. | All |
+| id | String | Optional. Unique identifier for the subscription. Read-only. | All |
| includeResourceData | Boolean | Optional. When set to `true`, change notifications [include resource data](/graph/webhooks-with-resource-data) (such as content of a chat message). | All |
-| latestSupportedTlsVersion | String | Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All |
+| latestSupportedTlsVersion | String | Optional. Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All |
| lifecycleNotificationUrl | String | Optional. The URL of the endpoint that receives lifecycle notifications, including `subscriptionRemoved` and `missed` notifications. This URL must make use of the HTTPS protocol. | All |
-| notificationContentType | String | Desired **content-type** for Microsoft Graph change notifications for supported resource types. The default content-type is `application/json`. | All |
-| notificationQueryOptions | String | OData query options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property. For example, when the print job is completed or when a print job resource `isFetchable` property value becomes `true` etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
+| notificationQueryOptions | String | Optional. OData query options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property. For example, when the print job is completed or when a print job resource `isFetchable` property value becomes `true` etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
| notificationUrl | String | Required. The URL of the endpoint that will receive the change notifications. This URL must make use of the HTTPS protocol. | All |
+| notificationUrlAppId| String | Optional. The app ID that the subscription service can use to generate the validation token. This allows the client to validate the authenticity of the notification received. | All |
| resource | String | Required. Specifies the resource that will be monitored for changes. Do not include the base URL (`https://graph.microsoft.com/v1.0/`). See the possible resource path [values](webhooks.md) for each supported resource.| All | ### Maximum length of subscription per resource type
For the possible resource path values for each supported resource and to learn h
| SharePoint **list** | 42300 minutes (under 30 days) | | Outlook **message**, **event**, **contact** | 4230 minutes (under 3 days) | | **user**, **group**, other directory resources | 41760 minutes (under 29 days) |
+| **presence** | 60 minutes (1 hour) |
| Print **printer** | 4230 minutes (under 3 days) | | Print **printTaskDefinition** | 4230 minutes (under 3 days) |
Here is a JSON representation of the resource.
] }-->
-```json
+``` json
{
+ "@odata.type": "#microsoft.graph.subscription",
+ "id": "String (identifier)",
+ "resource": "String",
"changeType": "String",
+ "clientState": "String",
"notificationUrl": "String",
- "lifecycleNotificationUrl": "String",
- "resource": "String",
- "applicationId" : "String",
"expirationDateTime": "String (timestamp)",
- "id": "String (identifier)",
- "clientState": "String",
+ "applicationId": "String",
"creatorId": "String", "includeResourceData": "Boolean",
+ "lifecycleNotificationUrl": "String",
"encryptionCertificate": "String", "encryptionCertificateId": "String", "latestSupportedTlsVersion": "String",
- "notificationContentType": "String",
- "notificationQueryOptions": "String"
+ "notificationQueryOptions": "String",
+ "notificationUrlAppId": "String"
} ```
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/team.md
Namespace: microsoft.graph
A team in Microsoft Teams is a collection of [channel](channel.md) objects. A channel represents a topic, and therefore a logical isolation of discussion, within a team.
-Every team is associated with a [group](../resources/group.md).
+Every team is associated with a [Microsoft 365 group](../resources/group.md).
The group has the same ID as the team - for example, `/groups/{id}/team` is the same as `/teams/{id}`. For more information about working with groups and members in teams, see [Use the Microsoft Graph REST API to work with Microsoft Teams](teams-api-overview.md).
For more information about working with groups and members in teams, see [Use th
| Method | Return Type |Description| |:|:--|:-| |[Create team](../api/team-post.md) | [teamsAsyncOperation](teamsasyncoperation.md) | Create a team from scratch. |
-|[Create team from group](../api/team-put-teams.md) | [team](team.md) | Create a new team, or add a team to an existing group.|
+|[Create team from group](../api/team-put-teams.md) | [team](team.md) | Create a new team, or add a team to an existing Microsoft 365 group.|
|[Get team](../api/team-get.md) | [team](team.md) | Retrieve the properties and relationships of the specified team.| |[Update team](../api/team-update.md) | [team](team.md) |Update the properties of the specified team. | |[Delete team](../api/group-delete.md) | None |Delete the team and its associated group. |
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/user.md
This resource supports:
### mail and proxyAddresses properties **mail** and **proxyAddresses** are both email-related properties. **proxyAddresses** is a collection of addresses only relevant for Microsoft Exchange server. It's used to store a list of mail addresses for a user that are tied to a single mailbox. **mail** property is used as the user's email address for various purposes including user sign in and defines the primary proxy address.
-Both **mail** and **proxyAddresses** can be retrieved through the [GET user](add link) API on MS Graph. **mail** can be updated via the [PATCH method of the Update user](add link) API, but **proxyAddresses** can't be updated via Microsoft Graph. When a user's **mail** property is updated, it triggers recalculation of **proxyAddresses** and the newly updated mail is set to be the primary proxy address, except in the following scenarios:
+Both **mail** and **proxyAddresses** can be retrieved through the [GET user](/graph/api/user-get) API on MS Graph. **mail** can be updated via the [PATCH method of the Update user](/graph/api/user-update) API, but **proxyAddresses** can't be updated via Microsoft Graph. When a user's **mail** property is updated, it triggers recalculation of **proxyAddresses** and the newly updated mail is set to be the primary proxy address, except in the following scenarios:
1. If a user has a license that includes Microsoft Exchange, all their proxy addresses must belong to a verified domain on the tenant. Any that don't belong to verified domains are silently removed. 2. A user's mail will NOT be set to the primary proxy address if the user is a guest and the primary proxy address contains the guest user UPN string with #EXT#.
v1.0 Windowshelloforbusinessauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/windowshelloforbusinessauthenticationmethod.md
Inherits from [authenticationMethod](../resources/authenticationmethod.md).
## Relationships |Relationship|Type|Description| |:|:|:|
-|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides.|
+|device|[device](../resources/device.md)|The registered device on which this Windows Hello for Business key resides. Supports `$expand`. <br/><br/>When you get a user's Windows Hello for Business registration information, this property is returned only on a single GET and when you specify `?$expand`. For example, GET `/users/admin@contoso.com/authentication/windowsHelloForBusinessMethods/_jpuR-TGZtk6aQCLF3BQjA2?$expand=device`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
- name: Group setting href: resources/groupsetting.md items:
- - name: Create setting
- href: api/groupsetting-post-groupsettings.md
- - name: Get setting
+ - name: Create
+ href: api/group-post-settings.md
+ - name: Get
href: api/groupsetting-get.md
- - name: List settings
- href: api/groupsetting-list.md
- - name: Update setting
+ - name: List
+ href: api/group-list-settings.md
+ - name: Update
href: api/groupsetting-update.md
- - name: Delete setting
+ - name: Delete
href: api/groupsetting-delete.md - name: Group setting template href: resources/groupsettingtemplate.md
items:
href: api/application-list-extensionproperty.md - name: Create href: api/application-post-extensionproperty.md
+ - name: Get
+ href: api/extensionproperty-get.md
- name: Delete
- href: api/application-delete-extensionproperty.md
+ href: api/extensionproperty-delete.md
+ - name: Get available extension properties
+ href: api/directoryobject-getavailableextensionproperties.md
- name: Owners items: - name: List
items:
href: api/organizationalbrandinglocalization-update.md - name: Delete href: api/organizationalbrandinglocalization-delete.md
- - name: Policy
- href: resources/policy-overview.md
+ - name: Policies
items:
+ - name: Overview
+ href: resources/policy-overview.md
- name: Activity-based timeout policy href: resources/activitybasedtimeoutpolicy.md items:
items:
- name: List contacted reviewers href: api/accessreviewinstance-list-contactedreviewers.md - name: Access review instance decision item
+ displayName: access review decisions
href: resources/accessreviewinstancedecisionitem.md items: - name: Get
items:
href: api/accessreviewinstancedecisionitem-update.md - name: Filter by current user href: api/accessreviewinstancedecisionitem-filterbycurrentuser.md
+ - name: Access review history definition
+ href: resources/accessreviewhistorydefinition.md
+ items:
+ - name: Get
+ href: api/accessreviewhistorydefinition-get.md
+ - name: List
+ href: api/accessreviewset-list-historydefinitions.md
+ - name: Create
+ href: api/accessreviewset-post-historydefinitions.md
+ - name: Access review history instance
+ href: resources/accessreviewhistoryinstance.md
+ items:
+ - name: List
+ href: api/accessreviewhistorydefinition-list-instances.md
+ - name: Generate download URI
+ displayName: Downloadable access review history report
+ href: api/accessreviewhistoryinstance-generatedownloaduri.md
- name: Consent requests href: resources/consentrequests-overview.md items: