Updates from: 04/23/2022 01:07:48
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Application Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/application-update.md
In the request body, supply the values for relevant fields that should be update
| isFallbackPublicClient | Boolean | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is `false`, which means the fallback application type is confidential client such as web app. There are certain scenarios where Azure AD cannot determine the client application type (for example, [ROPC](https://tools.ietf.org/html/rfc6749#section-4.3) flow where it is configured without specifying a redirect URI). In those cases, Azure AD will interpret the application type based on the value of this property. | | keyCredentials | [keyCredential](../resources/keycredential.md) collection | The collection of key credentials associated with the application. Not nullable. | | logo | Stream | The main logo for the application. Not nullable. |
-| onPremisesPublishing | [onPremisesPublishing](../resources/onpremisespublishing.md) | Represents the set of properties for configuring [Azure AD Application Proxy](/azure/active-directory/app-proxy/what-is-application-proxy) for an on-premises application. This property can only be set after the application has been created. |
+| onPremisesPublishing | [onPremisesPublishing](../resources/onpremisespublishing.md) | Represents the set of properties for configuring [Azure AD Application Proxy](/azure/active-directory/app-proxy/what-is-application-proxy) for an on-premises application. This property can only be set after the application has been created and cannot be updated in the same request as other application properties. |
| optionalClaims | optionalClaims | Application developers can configure optional claims in their Azure AD apps to specify which claims they want in tokens sent to their application by the Microsoft security token service. See [optional claims](/azure/active-directory/develop/active-directory-optional-claims) for more information. | | parentalControlSettings | [parentalControlSettings](../resources/parentalcontrolsettings.md) | Specifies parental control settings for an application. | | publicClient | [publicClientApplication](../resources/publicclientapplication.md) | Specifies settings for installed clients such as desktop or mobile devices. | | requiredResourceAccess | [requiredResourceAccess](../resources/requiredresourceaccess.md) collection | Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. Not nullable. | | signInAudience | String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (i.e. single tenant)</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (i.e. multi-tenant)</li> <li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant</li></ul> |
+| spa | [spaApplication](../resources/spaapplication.md) | Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. |
| tags | String collection | Custom strings that can be used to categorize and identify the application. Not nullable. | | tokenEncryptionKeyId | String | Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. | | uniqueName | String | The unique identifier that can be assigned to an application as an alternative identifier. Immutable. Read-only. |
v1.0 Rbacapplication Post Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-post-roledefinitions.md
Content-type: application/json
"displayName": "Application Registration Support Administrator", "isBuiltIn": false, "isEnabled": true,
- "templateId": "c2cb59a3-2d01-4176-a458-95b0e674966f",
+ "templateId": "d5eec5e0-6992-4c6b-b430-0f833f1a815a",
"version": null, "rolePermissions": [ {
Content-type: application/json
"condition": null } ],
- "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('c2cb59a3-2d01-4176-a458-95b0e674966f')/inheritsPermissionsFrom",
+ "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('d5eec5e0-6992-4c6b-b430-0f833f1a815a')/inheritsPermissionsFrom",
"inheritsPermissionsFrom": [] } ```
v1.0 Unifiedrolemanagementpolicyrule Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrolemanagementpolicyrule-update.md
Title: "Update unifiedRoleManagementPolicyRule"
-description: "Update the properties of an unifiedRoleManagementPolicyRule object."
+description: "Update a rule defined for a role management policy."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: apiPageType
# Update unifiedRoleManagementPolicyRule Namespace: microsoft.graph
-Update the properties of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
+Update a rule defined for a role management policy. The rule can be one of the following types that are derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object:
++ [unifiedRoleManagementPolicyApprovalRule](../resources/unifiedrolemanagementpolicyapprovalrule.md)++ [unifiedRoleManagementPolicyAuthenticationContextRule](../resources/unifiedrolemanagementpolicyauthenticationcontextrule.md)++ [unifiedRoleManagementPolicyEnablementRule](../resources/unifiedrolemanagementpolicyenablementrule.md)++ [unifiedRoleManagementPolicyExpirationRule](../resources/unifiedrolemanagementpolicyexpirationrule.md)++ [unifiedRoleManagementPolicyNotificationRule](../resources/unifiedrolemanagementpolicynotificationrule.md) ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from least to most privileged)| |:|:| |Delegated (work or school account)|RoleManagementPolicy.ReadWrite.Directory, RoleManagement.ReadWrite.Directory|
-|Delegated (personal Microsoft account)|Not supported|
-|Application|Not supported|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
## HTTP request
One of the following permissions is required to call this API. To learn more, in
--> ``` http PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
-PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules/{unifiedRoleManagementPolicyRuleId}
``` ## Request headers
PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effective
|Content-Type|application/json. Required.| ## Request body
-In the request body, supply a JSON representation of the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
-
-The following table shows the properties that are required when you update the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
|Property|Type|Description| |:|:|:|
-|id|String|Unique identifier for the rule.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the policy rule.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. Optional.|
## Response
-If successful, this method returns a `200 OK` response code and an updated [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object in the response body.
+If successful, this method returns a `204 No Content` response code.
## Examples ### Request
+The following example updates a role management policy rule with ID `Expiration_EndUser_Assignment`.
+ # [HTTP](#tab/http) <!-- { "blockType": "request",
If successful, this method returns a `200 OK` response code and an updated [unif
} --> ``` http
-PATCH https://graph.microsoft.com/beta/policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+PATCH https://graph.microsoft.com/beta/policies/roleManagementPolicies/DirectoryRole_84841066-274d-4ec0-a5c1-276be684bdd3_200ec19a-09e7-4e7a-9515-cf1ee64b96f9/rules/Expiration_EndUser_Assignment
Content-Type: application/json {
- "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
- "target": {
- "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
- }
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "Expiration_EndUser_Assignment",
+ "isExpirationRequired": true,
+ "maximumDuration": "PT1H45M",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
} ``` # [C#](#tab/csharp)
Content-Type: application/json
### Response
-**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 OK
+HTTP/1.1 204 No Content
``` <!--
v1.0 Identityprotection Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/identityprotection-overview.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization.
+Azure Active Directory (Azure AD) [Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection) is tool that allows organizations to discover, investigate, and remediate identity-based risks in their Azure AD organization.
Use the following Microsoft Graph APIs to query user and service principal risks detected by Azure AD Identity Protection:
For specific guidance and additional information, see [Identify and remediate ri
Azure AD Identity Protection is a premium feature. You need an Azure AD Premium P1 or P2 license to access the Microsoft Graph [riskDetection API](riskdetection.md) (note: P1 licenses receive limited risk information). The [riskyUsers API](riskyuser.md) is only available with an Azure AD Premium P2 license.
+## How much data is available?
+
+The availability of risk data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
++ ## See also * [About Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection)
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/riskdetection.md
Azure AD continually evaluates [user risks](riskyuser.md) and app or user [sign-
For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection). >[!NOTE]
->You must have an Azure AD Premium P1 or P2 license to use the risk detection API.
+> 1. You must have an Azure AD Premium P1 or P2 license to use the risk detection API.
+> 2. The availability of risk detection data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## Methods
v1.0 Riskyuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/riskyuser.md
Represents Azure AD users who are at risk. Azure AD continually evaluates user r
For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection).
->**Note:** Using the riskyUsers API requires an Azure AD Premium P2 license.
+>[!NOTE]
+> 1. Using the riskyUsers API requires an Azure AD Premium P2 license.
+> 2. The availability of risky user data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## Methods
v1.0 Riskyuserhistoryitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/riskyuserhistoryitem.md
doc_type: resourcePageType
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection.
+Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection.
+
+>[!NOTE]
+> 1. Using this API requires an Azure AD Premium P2 license.
+> 2. The availability of risk history data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## Methods
v1.0 Site https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/site.md
The **site** resource provides metadata and relationships for a SharePoint site.
| **lastModifiedDateTime** | DateTimeOffset | The date and time the item was last modified. Read-only. | | **name** | string | The name / title of the item. | | **root** | [root][] | If present, indicates that this is the root site in the site collection. Read-only. |
-| **settings** | [siteSettings] | The settings on this site. Returned only on $select. Read-only. |
+| **settings** | [siteSettings] | The settings on this site. Read-only. |
| **sharepointIds** | [sharepointIds][] | Returns identifiers useful for SharePoint REST compatibility. Read-only. | | **siteCollection** | [siteCollection][] | Provides details about the site's site collection. Available only on the root site. Read-only. | | **webUrl** | string (url) | URL that displays the item in the browser. Read-only. |
v1.0 Application Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/application-update.md
In the request body, supply the values for relevant fields that should be update
| publicClient | [publicClientApplication](../resources/publicclientapplication.md) | Specifies settings for installed clients such as desktop or mobile devices. | | requiredResourceAccess | [requiredResourceAccess](../resources/requiredresourceaccess.md) collection | Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. Not nullable. | | signInAudience | String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>`AzureADMyOrg`: Users with a Microsoft work or school account in my organizationΓÇÖs Azure AD tenant (i.e. single tenant)</li><li>`AzureADMultipleOrgs`: Users with a Microsoft work or school account in any organizationΓÇÖs Azure AD tenant (i.e. multi-tenant)</li> <li>`AzureADandPersonalMicrosoftAccount`: Users with a personal Microsoft account, or a work or school account in any organizationΓÇÖs Azure AD tenant</li></ul> |
+| spa | [spaApplication](../resources/spaapplication.md) | Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. |
| tags | String collection | Custom strings that can be used to categorize and identify the application. Not nullable. | | tokenEncryptionKeyId | String | Specifies the keyId of a public key from the keyCredentials collection. When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. | | web | [webApplication](../resources/webapplication.md) | Specifies settings for a web application. |
v1.0 Rbacapplication Post Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/rbacapplication-post-roledefinitions.md
Content-type: application/json
"displayName": "Application Registration Support Administrator", "isBuiltIn": false, "isEnabled": true,
- "templateId": "c2cb59a3-2d01-4176-a458-95b0e674966f",
+ "templateId": "d5eec5e0-6992-4c6b-b430-0f833f1a815a",
"version": null, "rolePermissions": [ {
Content-type: application/json
"condition": null } ],
- "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('c2cb59a3-2d01-4176-a458-95b0e674966f')/inheritsPermissionsFrom"
+ "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions('d5eec5e0-6992-4c6b-b430-0f833f1a815a')/inheritsPermissionsFrom"
} ```
v1.0 Identityprotection Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/identityprotection-overview.md
For specific guidance and additional information, see [Identify and remediate ri
Azure AD Identity Protection is a premium feature. You need an Azure AD Premium P1 or P2 license to access the Microsoft Graph [riskDetection API](riskdetection.md) (note: P1 licenses receive limited risk information). The [riskyUsers API](riskyuser.md) is only available with an Azure AD Premium P2 license.
+## How much data is available?
+
+The availability of risk data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
+ ## See also * [About Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection)
v1.0 Riskdetection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/riskdetection.md
doc_type: resourcePageType
# riskDetection resource type Namespace: microsoft.graph+ Represents information about a detected risk in an Azure AD tenant. Azure AD continually evaluates [user risks](riskyuser.md) and app or user [sign-in](signin.md) risks based on various signals and machine learning. This API provides programmatic access to all risk detections in your Azure AD environment.
Azure AD continually evaluates [user risks](riskyuser.md) and app or user [sign-
For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection). >[!NOTE]
->You must have an Azure AD Premium P1 or P2 license to use the risk detection API.
+> 1. You must have an Azure AD Premium P1 or P2 license to use the risk detection API.
+> 2. The availability of risk detection data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## Methods |Method|Return type|Description|
v1.0 Riskyuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/riskyuser.md
Represents Azure AD users who are at risk. Azure AD continually evaluates user r
For more information about risk events, see [Azure Active Directory Identity Protection](/azure/active-directory/identity-protection/overview-identity-protection).
->**Note:** Using the riskyUsers API requires an Azure AD Premium P2 license.
+>[!NOTE]
+> 1. Using the riskyUsers API requires an Azure AD Premium P2 license.
+> 2. The availability of risky user data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## Methods |Method|Return type|Description|
v1.0 Riskyuserhistoryitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/riskyuserhistoryitem.md
Namespace: microsoft.graph
Represents the risk history of an Azure AD user as determined by Azure AD Identity Protection. - Inherits from [riskyUser](../resources/riskyuser.md).
+>[!NOTE]
+> 1. Using this API requires an Azure AD Premium P2 license.
+> 2. The availability of risk history data is governed by the [Azure AD data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
+ ## Methods |Method|Return type|Description| |:|:|:|