Updates from: 04/24/2022 01:03:06
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Connectorgroup Post Applications https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/connectorgroup-post-applications.md
In the request body, supply a JSON representation of a [connectorGroup](../resou
## Response
-If successful, this method returns `201 Created` response code and an [application](../resources/application.md) object in the response body.
+If successful, this method returns `204 No Content` response code.
## Example ### Request
v1.0 Sharedwithchannelteaminfo Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/sharedwithchannelteaminfo-delete.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Delete a [team](../resources/sharedwithchannelteaminfo.md) from a shared [channel](../resources/channel.md). This operation is allowed only for channels with a **membershipType** value of `shared`.
+Unshare a [channel](../resources/channel.md) with a [team](../resources/team.md) by deleting the corresponding [sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) resource. This operation is allowed only for channels with a **membershipType** value of `shared`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Sharedwithchannelteaminfo Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/sharedwithchannelteaminfo-get.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a [team](../resources/sharedwithchannelteaminfo.md) shared with a [channel](../resources/channel.md). This operation is allowed only for channels with a **membershipType** value of `shared`.
+Get a [team](../resources/sharedwithchannelteaminfo.md) which has been shared a specified [channel](../resources/channel.md). This operation is allowed only for channels with a **membershipType** value of `shared`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Sharedwithchannelteaminfo List Allowedmembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/sharedwithchannelteaminfo-list-allowedmembers.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Get the list of [conversationMembers](../resources/conversationmember.md) who can access a shared [channel](../resources/channel.md).+ This method does not return the following [conversationMembers](../resources/conversationmember.md) from the [team](../resources/team.md): - Users with `Guest` role - Users who are externally authenticated in the tenant
v1.0 Sharedwithchannelteaminfo List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/sharedwithchannelteaminfo-list.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get the list of [teams](../resources/sharedwithchannelteaminfo.md) shared with a [channel](../resources/channel.md). This operation is allowed only for channels with a **membershipType** value of `shared`.
+Get the list of [teams](../resources/sharedwithchannelteaminfo.md) that has been shared a specified [channel](../resources/channel.md). This operation is allowed only for channels with a **membershipType** value of `shared`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Synchronization Synchronizationjob Provision On Demand https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/synchronization-synchronizationjob-provision-on-demand.md
If successful, this method returns a `200 OK` response code and a stringKeyStrin
## Examples
-### Request
+### Example 1: Provision users from Azure AD to third-party applications
+
+#### Request
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "synchronizationjob_provisionondemand"
+ "name": "synchronizationjob_provisionondemand_ADto3P"
} --> ``` http
-POST https://graph.microsoft.com/beta/servicePrincipals/{servicePrincipalsId}/synchronization/jobs/{synchronizationJobId}/provisionOnDemand
+POST https://graph.microsoft.com/beta/servicePrincipals/c8c95753-f628-48e1-9fab-76c2d4cf624c/synchronization/jobs/3f7565a3-fde6-4e4d-bda8-1bb70aba3612/provisionOnDemand
Content-Type: application/json {
- "parameters": [{
- "subjects": [{
+ "parameters": [
+ {
+ "subjects": [
+ {
"objectId": "9bb0f679-a883-4a6f-8260-35b491b8b8c8", "objectTypeName": "User"
- }],
+ }
+ ],
"ruleId": "ea807875-5618-4f0a-9125-0b46a05298ca"
- }]
- }
+ }
+ ]
+}
``` # [JavaScript](#tab/javascript) [!INCLUDE [sample-code](../includes/snippets/javascript/synchronizationjob-provisionondemand-javascript-snippets.md)]
Content-Type: application/json
-
-### Response
-**Note:** The response object shown here might be shortened for readability.
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Content-Type: application/json
"value": "{\"action\":\"Other\",\"changeId\":\"g8ba3be8-1d7f-4a60-ae31-a8980da0a389\",\"endTime\":\"2020-06-26T13:58:24.7682084Z\",\"modifiedProperties\":[{\"displayName\":\"objectId\",\"oldValue\":null,\"newValue\":\"52cf7b7a-52be-4a9b-9c69-e4d4a4a14f76\"},{\"displayName\":\"accountEnabled\",\"oldValue\":null,\"newValue\":\"True\"},{\"displayName\":\"displayName\",\"oldValue\":null,\"newValue\":\"Bill Bob\"},{\"displayName\":\"mailNickname\",\"oldValue\":null,\"newValue\":\"Bill\"},{\"displayName\":\"userPrincipalName\",\"oldValue\":null,\"newValue\":\"BillBob@scimreftest.onmicrosoft.com\"},{\"displayName\":\"IsSoftDeleted\",\"oldValue\":null,\"newValue\":\"False\"},{\"displayName\":\"appRoleAssignments\",\"oldValue\":null,\"newValue\":\"User\"}],\"provisioningSteps\":[{\"name\":\"EntryImport\",\"type\":\"Import\",\"status\":\"Success\",\"description\":\"Retrieved User 'BillBob@scimreftest.onmicrosoft.com' from Azure Active Directory\",\"timestamp\":\"2020-06-26T13:58:24.5494971Z\",\"details\":{\"objectId\":\"52cf7b7a-52be-4a9b-9c69-e4d4a4a14f76\",\"accountEnabled\":\"True\",\"displayName\":\"Fill Bob\",\"mailNickname\":\"Bill\",\"userPrincipalName\":\"BillBob@scimreftest.onmicrosoft.com\",\"IsSoftDeleted\":\"False\",\"appRoleAssignments\":\"User\"}},{\"name\":\"EntryImport\",\"type\":\"Matching\",\"status\":\"Success\",\"description\":\"Retrieved 'BillBob@scimreftest.onmicrosoft.com' from customappsso\",\"timestamp\":\"2020-06-26T13:58:24.7214072Z\",\"details\":{\"active\":\"True\",\"displayName\":\"Bill Bob\",\"externalId\":\"Bill\",\"id\":\"52507a19-96ec-4e73-9250-3e65ffd2d926\",\"userName\":\"BillBob@scimreftest.onmicrosoft.com\"}},{\"name\":\"EntrySynchronizationScoping\",\"type\":\"Scoping\",\"status\":\"Success\",\"description\":\"Determine if User in scope by evaluating against each scoping filter\",\"timestamp\":\"2020-06-26T13:58:24.7526181Z\",\"details\":{\"IsActive\":\"True\",\"Assigned\":\"True\",\"IsEffectivelyEntitledForProvisioning\":\"True\",\"IsInProvisioningScopeDisplayName\":\"True\",\"ScopeEvaluationResult\":\"{}\"}},{\"name\":\"EntrySynchronizationSkip\",\"type\":\"Export\",\"status\":\"Skipped\",\"description\":\"The state of the user in both the source and target systems already match. No change to the User 'BillBob@scimreftest.onmicrosoft.com' currently needs to be made.\",\"timestamp\":\"2020-06-26T13:58:24.7682084Z\",\"details\":{\"SkipReason\":\"RedundantExport\"}}],\"reportableIdentifier\":\"BillBob@scimreftest.onmicrosoft.com\",\"startTime\":\"2020-06-26T13:58:24.5494971Z\",\"statusInfo\":{\"status\":\"Skipped\",\"errorCode\":null,\"reason\":null,\"additionalDetails\":null,\"errorCategory\":null,\"recommendedAction\":null},\"sourceIdentity\":{\"id\":\"62cf7b7a-52be-4a9b-9c69-e5d4a4a14f67\",\"type\":\"User\",\"displayName\":null,\"details\":null},\"sourceSystem\":{\"id\":null,\"name\":\"Azure Active Directory\",\"details\":null},\"targetIdentity\":{\"id\":\"52507a19-96ec-4e73-9250-3e65ffd2d926\",\"type\":\"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\",\"displayName\":null,\"details\":null},\"targetSystem\":{\"id\":null,\"name\":\"customappsso\",\"details\":null}}" } ```+
+### Example 2: Sync on-demand from Active Directory to Azure Active Directory (Azure AD cloud sync)
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "synchronizationjob_provisionondemand_AD2AAD"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/servicePrincipals/3e916d82-dd59-4944-824d-93092908fd8d/synchronization/jobs/264ea562-28cd-42b1-93e0-8de1f0560581/provisionOnDemand
+Content-Type: application/json
+
+{
+ "parameters": [
+ {
+ "ruleId": "6c409270-f78a-4bc6-af23-7cf3ab6482fe",
+ "subjects": [
+ {
+ "objectId": "CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com",
+ "objectTypeName": "user"
+ }
+ ]
+ }
+ ]
+}
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.synchronizationSecretKeyStringValuePair"
+}
+-->
+```
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://syncfabric.windowsazure.com/api/$metadata#microsoft.synchronization.stringKeyStringValuePair",
+ "key": "{\"result\":\"Success\",\"details\":{}}",
+ "value": "{\"provisioningSteps\":[{\"name\":\"EntryImportAdd\",\"type\":\"Import\",\"status\":\"Success\",\"description\":\"Received user 'adelev@chicago.com' change of type (Add) from Active Directory\",\"timestamp\":\"2022-04-21T18:40:07.8465145Z\",\"details\":{\"distinguishedName\":\"CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com\",\"cn\":\"Adele Vest\",\"originatingReplicaToken\":\"{\\\"InvocationId\\\":\\\"6cbd7b45-b262-4dad-94a3-620503ea1f25\\\",\\\"Name\\\":\\\"DC01.esf.edu\\\"}\",\"sAMAccountName\":\"adelev\",\"targetAddress\":\"SMTP:adelev@esf0.mail.onmicrosoft.com\",\"givenName\":\"Adele\",\"objectSid\":\"AQUAAAAAAAUVAAAAXAMNf/YJ8nmaUZofGG4BAA==\",\"displayName\":\"Adele Vest\",\"msExchMailboxGuid\":\"+klu7DM5yE+9tOs6MuGxsw==\",\"msExchELCMailboxFlags\":\"2\",\"pwdLastSet\":\"132772253564048004\",\"initials\":\"S\",\"msExchRecipientDisplayType\":\"-2147483642\",\"streetAddress\":\"One Microsoft Way\",\"mail\":\"adelev@chicago.com\",\"sn\":\"AdeleV\",\"msExchSafeSendersHash\":\"gny5JQ==\",\"proxyAddresses\":\"X, 5, 0,  ... X400:C=US;A= ;P=ESF;O=MAIL;S=AdeleV;G=Adele;I=S; (5)\",\"objectGUID\":\"xxxxxxxLIUuBM8qK5Sxxxx\",\"legacyExchangeDN\":\"/o=ESF/ou=External (FYDIBOHF25SPDLT)/cn=Recipients/cn=b499521b46264967a6de75f1a08add7a\",\"msExchRecipientTypeDetails\":\"2147483648\",\"userAccountControl\":\"66048\",\"accountDisabled\":\"False\",\"countryCode\":\"840\",\"co\":\"United States\",\"l\":\"Chicago\",\"extensionAttribute10\":\"839153607\",\"c\":\"US\",\"mS-DS-ConsistencyGuid\":\"xxxxxxxLIUuBM8qK5Sxxxx\",\"mailNickname\":\"adelev\",\"st\":\"NY\",\"extensionAttribute15\":\"C1EA2EA6EC56F3D94D2D89D95D70E4D0\",\"extensionAttribute14\":\"F00177677\",\"postalCode\":\"13210\",\"extensionAttribute6\":\"A5\",\"msExchRemoteRecipientType\":\"4\",\"extensionAttribute5\":\"11\",\"userPrincipalName\":\"adelev@chicago.com\",\"adminDescription\":\"\",\"company\":\"\",\"department\":\"\",\"description\":\"\",\"employeeID\":\"\",\"employeeNumber\":\"\",\"employeeType\":\"\",\"errors\":\"\",\"extensionAttribute1\":\"\",\"extensionAttribute11\":\"\",\"extensionAttribute12\":\"\",\"extensionAttribute13\":\"\",\"extensionAttribute2\":\"\",\"extensionAttribute3\":\"\",\"extensionAttribute4\":\"\",\"extensionAttribute7\":\"\",\"extensionAttribute8\":\"\",\"extensionAttribute9\":\"\",\"facsimileTelephoneNumber\":\"\",\"homePhone\":\"\",\"info\":\"\",\"ipPhone\":\"\",\"isCriticalSystemObject\":\"\",\"logs\":\"\",\"middleName\":\"\",\"mobile\":\"\",\"msDS-HABSeniorityIndex\":\"\",\"msDS-InclusionTrigger\":\"\",\"msDS-PhoneticDisplayName\":\"\",\"msDS-preferredDataLocation\":\"\",\"msExchArchiveGUID\":\"\",\"msExchArchiveName\":\"\",\"msExchAssistantName\":\"\",\"msExchAuditAdmin\":\"\",\"msExchAuditDelegate\":\"\",\"msExchAuditDelegateAdmin\":\"\",\"msExchAuditOwner\":\"\",\"msExchBlockedSendersHash\":\"\",\"msExchBypassAudit\":\"\",\"msExchELCExpirySuspensionEnd\":\"\",\"msExchELCExpirySuspensionStart\":\"\",\"msExchEnableModeration\":\"\",\"msExchExtensionCustomAttribute1\":\"\",\"msExchExtensionCustomAttribute2\":\"\",\"msExchExtensionCustomAttribute3\":\"\",\"msExchExtensionCustomAttribute4\":\"\",\"msExchExtensionCustomAttribute5\":\"\",\"msExchHideFromAddressLists\":\"\",\"msExchImmutableId\":\"\",\"msExchLitigationHoldDate\":\"\",\"msExchLitigationHoldOwner\":\"\",\"msExchMailboxAuditEnable\":\"\",\"msExchMailboxAuditLogAgeLimit\":\"\",\"msExchModerationFlags\":\"\",\"msExchRequireAuthToSendTo\":\"\",\"msExchResourceCapacity\":\"\",\"msExchResourceDisplay\":\"\",\"msExchResourceMetaData\":\"\",\"msExchResourceSearchProperties\":\"\",\"msExchRetentionComment\":\"\",\"msExchRetentionURL\":\"\",\"msExchSafeRecipientsHash\":\"\",\"msExchSenderHintTranslations\":\"\",\"msExchTeamMailboxExpiration\":\"\",\"msExchTeamMailboxSharePointUrl\":\"\",\"msExchUsageLocation\":\"\",\"msExchUserHoldPolicies\":\"\",\"msRTCSIP-ApplicationOptions\":\"\",\"mSRTCSIP-DeploymentLocator\":\"\",\"msRTCSIP-Line\":\"\",\"msRTCSIP-OptionFlags\":\"\",\"msRTCSIP-OwnerUrn\":\"\",\"msRTCSIP-PrimaryUserAddress\":\"\",\"msRTCSIP-UserEnabled\":\"\",\"objectClass\":\"\",\"otherFacsimileTelephoneNumber\":\"\",\"otherHomePhone\":\"\",\"otherIpPhone\":\"\",\"otherMobile\":\"\",\"otherPager\":\"\",\"otherTelephone\":\"\",\"pager\":\"\",\"physicalDeliveryOfficeName\":\"\",\"postOfficeBox\":\"\",\"preferredLanguage\":\"\",\"telephoneAssistant\":\"\",\"telephoneNumber\":\"\",\"thumbnailPhoto\":\"\",\"title\":\"\",\"url\":\"\",\"userCertificate\":\"\",\"userSMIMECertificate\":\"\",\"whenChanged\":\"\",\"wWWHomePage\":\"\"}},{\"name\":\"EntryImport\",\"type\":\"Import\",\"status\":\"Success\",\"description\":\"Retrieved user 'adelev@chicago.com' from Active Directory\",\"timestamp\":\"2022-04-21T18:40:07.8778004Z\",\"details\":{\"distinguishedName\":\"CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com\",\"cn\":\"Adele Vest\",\"originatingReplicaToken\":\"{\\\"InvocationId\\\":\\\"6cbd7b45-b262-4dad-94a3-620503ea1f25\\\",\\\"Name\\\":\\\"DC01.esf.edu\\\"}\",\"sAMAccountName\":\"adelev\",\"targetAddress\":\"SMTP:adelev@esf0.mail.onmicrosoft.com\",\"givenName\":\"Adele\",\"objectSid\":\"AQUAAAAAAAUVAAAAXAMNf/YJ8nmaUZofGG4BAA==\",\"displayName\":\"Adele Vest\",\"msExchMailboxGuid\":\"+klu7DM5yE+9tOs6MuGxsw==\",\"msExchELCMailboxFlags\":\"2\",\"pwdLastSet\":\"132772253564048004\",\"initials\":\"S\",\"msExchRecipientDisplayType\":\"-2147483642\",\"streetAddress\":\"One Microsoft Way\",\"mail\":\"adelev@chicago.com\",\"sn\":\"AdeleV\",\"msExchSafeSendersHash\":\"gny5JQ==\",\"proxyAddresses\":\"X, 5, 0,  ... X400:C=US;A= ;P=ESF;O=MAIL;S=AdeleV;G=Adele;I=S; (5)\",\"objectGUID\":\"xxxxxxxLIUuBM8qK5Sxxxx\",\"legacyExchangeDN\":\"/o=ESF/ou=External (FYDIBOHF25SPDLT)/cn=Recipients/cn=b499521b46264967a6de75f1a08add7a\",\"msExchRecipientTypeDetails\":\"2147483648\",\"userAccountControl\":\"66048\",\"accountDisabled\":\"False\",\"countryCode\":\"840\",\"co\":\"United States\",\"l\":\"Chicago\",\"extensionAttribute10\":\"839153607\",\"c\":\"US\",\"mS-DS-ConsistencyGuid\":\"xxxxxxxLIUuBM8qK5Sxxxx\",\"mailNickname\":\"adelev\",\"st\":\"NY\",\"extensionAttribute15\":\"C1EA2EA6EC56F3D94D2D89D95D70E4D0\",\"extensionAttribute14\":\"F00177677\",\"postalCode\":\"13210\",\"extensionAttribute6\":\"A5\",\"msExchRemoteRecipientType\":\"4\",\"extensionAttribute5\":\"11\",\"userPrincipalName\":\"adelev@chicago.com\",\"adminDescription\":\"\",\"company\":\"\",\"department\":\"\",\"description\":\"\",\"employeeID\":\"\",\"employeeNumber\":\"\",\"employeeType\":\"\",\"errors\":\"\",\"extensionAttribute1\":\"\",\"extensionAttribute11\":\"\",\"extensionAttribute12\":\"\",\"extensionAttribute13\":\"\",\"extensionAttribute2\":\"\",\"extensionAttribute3\":\"\",\"extensionAttribute4\":\"\",\"extensionAttribute7\":\"\",\"extensionAttribute8\":\"\",\"extensionAttribute9\":\"\",\"facsimileTelephoneNumber\":\"\",\"homePhone\":\"\",\"info\":\"\",\"ipPhone\":\"\",\"isCriticalSystemObject\":\"\",\"logs\":\"\",\"middleName\":\"\",\"mobile\":\"\",\"msDS-HABSeniorityIndex\":\"\",\"msDS-InclusionTrigger\":\"\",\"msDS-PhoneticDisplayName\":\"\",\"msDS-preferredDataLocation\":\"\",\"msExchArchiveGUID\":\"\",\"msExchArchiveName\":\"\",\"msExchAssistantName\":\"\",\"msExchAuditAdmin\":\"\",\"msExchAuditDelegate\":\"\",\"msExchAuditDelegateAdmin\":\"\",\"msExchAuditOwner\":\"\",\"msExchBlockedSendersHash\":\"\",\"msExchBypassAudit\":\"\",\"msExchELCExpirySuspensionEnd\":\"\",\"msExchELCExpirySuspensionStart\":\"\",\"msExchEnableModeration\":\"\",\"msExchExtensionCustomAttribute1\":\"\",\"msExchExtensionCustomAttribute2\":\"\",\"msExchExtensionCustomAttribute3\":\"\",\"msExchExtensionCustomAttribute4\":\"\",\"msExchExtensionCustomAttribute5\":\"\",\"msExchHideFromAddressLists\":\"\",\"msExchImmutableId\":\"\",\"msExchLitigationHoldDate\":\"\",\"msExchLitigationHoldOwner\":\"\",\"msExchMailboxAuditEnable\":\"\",\"msExchMailboxAuditLogAgeLimit\":\"\",\"msExchModerationFlags\":\"\",\"msExchRequireAuthToSendTo\":\"\",\"msExchResourceCapacity\":\"\",\"msExchResourceDisplay\":\"\",\"msExchResourceMetaData\":\"\",\"msExchResourceSearchProperties\":\"\",\"msExchRetentionComment\":\"\",\"msExchRetentionURL\":\"\",\"msExchSafeRecipientsHash\":\"\",\"msExchSenderHintTranslations\":\"\",\"msExchTeamMailboxExpiration\":\"\",\"msExchTeamMailboxSharePointUrl\":\"\",\"msExchUsageLocation\":\"\",\"msExchUserHoldPolicies\":\"\",\"msRTCSIP-ApplicationOptions\":\"\",\"mSRTCSIP-DeploymentLocator\":\"\",\"msRTCSIP-Line\":\"\",\"msRTCSIP-OptionFlags\":\"\",\"msRTCSIP-OwnerUrn\":\"\",\"msRTCSIP-PrimaryUserAddress\":\"\",\"msRTCSIP-UserEnabled\":\"\",\"objectClass\":\"\",\"otherFacsimileTelephoneNumber\":\"\",\"otherHomePhone\":\"\",\"otherIpPhone\":\"\",\"otherMobile\":\"\",\"otherPager\":\"\",\"otherTelephone\":\"\",\"pager\":\"\",\"physicalDeliveryOfficeName\":\"\",\"postOfficeBox\":\"\",\"preferredLanguage\":\"\",\"telephoneAssistant\":\"\",\"telephoneNumber\":\"\",\"thumbnailPhoto\":\"\",\"title\":\"\",\"url\":\"\",\"userCertificate\":\"\",\"userSMIMECertificate\":\"\",\"whenChanged\":\"\",\"wWWHomePage\":\"\"}},{\"name\":\"EntrySynchronizationScoping\",\"type\":\"Scoping\",\"status\":\"Success\",\"description\":\"Determine if user in scope by evaluating against each scoping filter\",\"timestamp\":\"2022-04-21T18:40:08.1590133Z\",\"details\":{\"Active in the source system\":\"True\",\"Scoping filter evaluation passed\":\"True\"}},{\"name\":\"EntryExportUpdate\",\"type\":\"Export\",\"status\":\"Success\",\"description\":\"User 'adelev@chicago.com' was updated in Azure Active Directory\",\"timestamp\":\"2022-04-21T18:40:09.5184649Z\",\"details\":{}}],\"modifiedProperties\":[{\"displayName\":\"AccountEnabled\",\"newValue\":\"True\"},{\"displayName\":\"Alias\",\"newValue\":\"adelev\"},{\"displayName\":\"City\",\"newValue\":\"Chicago\"},{\"displayName\":\"CommonName\",\"newValue\":\"Adele Vest\"},{\"displayName\":\"Country\",\"newValue\":\"United States\"},{\"displayName\":\"CountryCode\",\"newValue\":\"840\"},{\"displayName\":\"CountryLetterCode\",\"newValue\":\"US\"},{\"displayName\":\"DisplayName\",\"newValue\":\"Adele Vest\"},{\"displayName\":\"DnsDomainName\",\"newValue\":\"esf.edu\"},{\"displayName\":\"ExtensionAttribute10\",\"newValue\":\"839153607\"},{\"displayName\":\"ExtensionAttribute14\",\"newValue\":\"F00177677\"},{\"displayName\":\"ExtensionAttribute15\",\"newValue\":\"C1EA2EA6EC56F3D94D2D89D95D70E4D0\"},{\"displayName\":\"ExtensionAttribute5\",\"newValue\":\"11\"},{\"displayName\":\"ExtensionAttribute6\",\"newValue\":\"A5\"},{\"displayName\":\"GivenName\",\"newValue\":\"Adele\"},{\"displayName\":\"Initials\",\"newValue\":\"S\"},{\"displayName\":\"LastPasswordChangeTimestamp\",\"newValue\":\"20210927140916.0Z\"},{\"displayName\":\"LegacyExchangeDN\",\"newValue\":\"/o=ESF/ou=External (FYDIBOHF25SPDLT)/cn=Recipients/cn=b499521b46264967a6de75f1a08add7a\"},{\"displayName\":\"Mail\",\"newValue\":\"adelev@chicago.com\"},{\"displayName\":\"MSExchElcMailboxFlags\",\"newValue\":\"2\"},{\"displayName\":\"MSExchMailboxGuid\",\"newValue\":\"+klu7DM5yE+9tOs6MuGxsw==\"},{\"displayName\":\"MSExchRecipientDisplayType\",\"newValue\":\"-2147483642\"},{\"displayName\":\"MSExchRecipientTypeDetails\",\"newValue\":\"2147483648\"},{\"displayName\":\"MSExchRemoteRecipientType\",\"newValue\":\"4\"},{\"displayName\":\"MSExchSafeSendersHash\",\"newValue\":\"gny5JQ==\"},{\"displayName\":\"NetBiosName\",\"newValue\":\"ESF\"},{\"displayName\":\"OnPremisesDistinguishedName\",\"newValue\":\"CN=AdeleV,CN=Users,DC=corp,DC=chicago,DC=com\"},{\"displayName\":\"OnPremiseSecurityIdentifier\",\"newValue\":\"AQUAAAAAAAUVAAAAXAMNf/YJ8nmaUZofGG4BAA==\"},{\"displayName\":\"OnPremisesSamAccountName\",\"newValue\":\"adelev\"},{\"displayName\":\"OnPremisesUserPrincipalName\",\"newValue\":\"adelev@chicago.com\"},{\"displayName\":\"PostalCode\",\"newValue\":\"13210\"},{\"displayName\":\"ProxyAddresses\",\"newValue\":\"X, 5, 0,  ... X400:C=US;A= ;P=ESF;O=MAIL;S=AdeleV;G=Adele;I=S; (5)\"},{\"displayName\":\"State\",\"newValue\":\"NY\"},{\"displayName\":\"StreetAddress\",\"newValue\":\"One Microsoft Way\"},{\"displayName\":\"Surname\",\"newValue\":\"AdeleV\"},{\"displayName\":\"TargetAddress\",\"newValue\":\"SMTP:adelev@esf0.mail.onmicrosoft.com\"},{\"displayName\":\"UserPrincipalName\",\"newValue\":\"adelev@chicago.com\"}],\"action\":\"Update\",\"changeId\":\"582595f3-53be-4843-bf0c-f57dbf8fae96\",\"endTime\":\"2022-04-21T18:40:09.5496702Z\",\"reportableIdentifier\":\"adelev@chicago.com\",\"sourceIdentity\":{\"id\":\"38a2171b-8b04-4b21-8133-ca8ae52250f3\",\"type\":\"user\"},\"sourceSystem\":{\"name\":\"Active Directory\"},\"startTime\":\"2022-04-21T18:40:07.8309453Z\",\"statusInfo\":{\"status\":\"Success\"},\"targetIdentity\":{\"id\":\"87cb2512-8e7f-4543-a9c9-e7cf8756a3ad\",\"type\":\"User\"},\"targetSystem\":{\"name\":\"Azure Active Directory\"}}"
+}
+```
+
v1.0 Team Delete Incomingchannel https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/team-delete-incomingchannel.md
Title: "Remove incomingChannels"
+ Title: "Remove channel"
description: "Remove an incoming channel." doc_type: "apiPageType"
ms.localizationpriority: high
ms.prod: "microsoft-teams"
-# Remove incomingChannels
+# Remove channel
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-DELETE /teams/{team-id}/channels/{channel-id}/incomingChannels/{incoming-channel-id}
+DELETE /teams/{team-id}/incomingChannels/{incoming-channel-id}/$ref
``` ## Request headers
v1.0 Unifiedroledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroledefinition-get.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions/$entity",
- "id": "429c3819-053d-4250-9926-4c7dcb18ae17",
+ "id": "f189965f-f560-4c59-9101-933d4c87a91a",
"description": "Allows reading Application Registrations", "displayName": "Application Registration Reader", "isBuiltIn": false,
v1.0 Channel https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/channel.md
where files are shared, and where tabs are added.
|[Provision channel email address](../api/channel-provisionemail.md) |[provisionChannelEmailResult](../resources/provisionchannelemailresult.md)| Provision an email address for the channel.| |[Remove channel email address](../api/channel-removeemail.md) | None | Remove the email address of the channel.| |[Remove incoming channel](../api/team-delete-incomingchannel.md) | None| Remove an incoming channel.|
-|[List teams shared with channel](../api/sharedwithchannelteaminfo-list.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) collection|Get the list of teams shared with the channel.|
-|[Get team shared with channel](../api/sharedwithchannelteaminfo-get.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md)|Get a team that is shared with the channel.|
+|[List teams sharing a channel](../api/sharedwithchannelteaminfo-list.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) collection|Get the list of teams that has been shared the specified channel.|
+|[Get team sharing a channel](../api/sharedwithchannelteaminfo-get.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md)|Get a team that has been shared the specified channel.|
|[Unshare channel with team](../api/sharedwithchannelteaminfo-delete.md)|None|Unshare a channel with a team.| |[List allowed members](../api/sharedwithchannelteaminfo-list-allowedmembers.md)|[conversationMember](../resources/conversationmember.md) collection|Get the list of team members who have access to the shared channel.| |[Check user access](../api/channel-doesuserhaveaccess.md)|Boolean|Check whether a user has access to a shared channel or not.|
For a POST request example, see [Request (create channel in migration state)](/m
|members|[conversationMember](conversationmember.md) collection|A collection of membership records associated with the channel.| |[filesFolder](../api/channel-get-filesfolder.md)|[driveItem](driveitem.md)|Metadata for the location where the channel's files are stored.| |operations|[teamsAsyncOperation](teamsasyncoperation.md) collection| The async operations that ran or are running on this team. |
-|sharedWithTeams|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) collection|A collection of teams shared with the channel.|
+|sharedWithTeams|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) collection|A collection of teams with which a channel is shared.|
## JSON representation
v1.0 Groups Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/groups-overview.md
HTTP/1.1 201 OK
Content-type: application/json {
- "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#groups/$entity",
"id": "4c5ee71b-e6a5-4343-9e2c-4244bc7e0938", "deletedDateTime": null, "classification": "MBI",
To learn more about formulating membership rules, see [Dynamic membership rules
Microsoft 365 groups in Yammer are used to facilitate user collaboration through Yammer posts. This type of group can be returned through a read request, but their posts can't be accessed through the API. When Yammer posts and conversation feeds are enabled on a group, default Microsoft 365 group conversations are disabled. To learn more, see [Yammer developer API docs](https://developer.yammer.com/docs).
+## Group search limitations for guest users in organizations
+
+Group search capabilities allow the app to search for any groups in an organization's directory by performing queries against the `/groups` resource (for example, `https://graph.microsoft.com/beta/groups`). Both administrators and users who are members have this capability; however, guest users don't.
+
+If the signed-in user is a guest user, depending on the permissions an app has been granted, it can read the profile of a specific group (for example, `https://graph.microsoft.com/beta/group/fc06287e-d082-4aab-9d5e-d6fd0ed7c8bc`); however, it can't perform queries against the `/groups` resource that potentially returns more than a single resource.
+
+With the appropriate permissions, the app can read the profiles of groups that it obtains by following links in navigation properties; for example, `/groups/{id}/members`.
+
+For more information about what guest users can do with groups, see [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions).
+ ## Group-based licensing Group-based licensing capability can be used to assign one or more product licenses to an Azure AD group. Azure AD ensures that the licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. The feature can only be used with security groups, and Microsoft 365 groups that have the **securityEnabled** property set to `true`. To learn more about group-based licensing, see [What is group-based licensing in Azure Active Directory?](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal?context=/azure/active-directory/enterprise-users/context/ugr-context).
v1.0 Sharedwithchannelteaminfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/sharedwithchannelteaminfo.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents a [team](team.md) that is shared with a channel. A [team](team.md) can be shared with multiple channels.
+Represents a information for a [team](team.md) with which a channel is shared. A [team](team.md) can be shared multiple channels.
Inherits from [teamInfo](../resources/teaminfo.md).
v1.0 Synchronization Synchronizationjobsubject https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/synchronization-synchronizationjobsubject.md
Represents the objects that will be provisioned during on-demand provisioning.
## Properties |Property|Type|Description| |:|:|:|
-|objectId|String|The identifier of an object to which a synchronizationJob is to be applied.|
-|objectTypeName|String|The type of the object to which a synchronizationJob is to be applied.|
+|objectId|String|The identifier of an object to which a **synchronizationJob** is to be applied. Can be one of the following: <li>An **onPremisesDistinguishedName** for synchronization from Active Directory to Azure AD.</li><li>The user ID for synchronization from Azure AD to a third-party.</li><li>The Worker ID of the Workday worker for synchronization from Workday to either Active Directory or Azure AD.</li>|
+|objectTypeName|String|The type of the object to which a **synchronizationJob** is to be applied. Can be one of the following: <li>`user` for synchronization from Active Directory to Azure AD.</li><li>`User` for synchronization from Azure AD to a third-party application. </li><li>`Worker` for synchronization from Workday to either Active Directory or Azure AD.</li>|
## Relationships None.
v1.0 Users https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/users.md
doc_type: conceptualPageType
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-You can use Microsoft Graph to build compelling app experiences based on users, their relationships with other users and groups, and their mail, calendar, and files.
+You can use Microsoft Graph to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
You can access users through Microsoft Graph in two ways: - By their ID, `/users/{id}` - By using the `/me` alias for the signed-in user, which is the same as `/users/{signed-in user's id}`
+There are two types of users in Azure AD - members and guest users. Guest users join the organization through redeeming their invitation. Guest users can be converted to members to enjoy all the privileges of members.
+ ## Authorization One of the following [permissions](/graph/permissions-reference) is required to access user operations. The first three permissions can be granted to an app by a user. The rest can only be granted to an app by the administrator.
One of the following [permissions](/graph/permissions-reference) is required to
- Directory.ReadWrite.All - Directory.AccessAsUser.All
+## User and group search limitations for guest users in organizations
+
+User and group search capabilities allow the app to search for any user or group in an organization's directory by performing queries against the `/users` or `/groups` resource set (for example, `https://graph.microsoft.com/v1.0/users`). Both administrators and users who are members have this capability; however, guest users don't.
+
+If the signed-in user is a guest user, depending on the permissions an app has been granted, it can read the profile of a specific user or group (for example, `https://graph.microsoft.com/v1.0/users/241f22af-f634-44c0-9a15-c8cd2cea5531`); however, it can't perform queries against the `/users` or `/groups` resource set that potentially returns more than a single resource.
+
+With the appropriate permissions, the app can read the profiles of users or groups that it obtains by following links in navigation properties; for example, `/users/{id}/directReports` or `/groups/{id}/members`.
+
+For more information about search limitations for guest users, see [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions).
+ ## Common properties | Property | Description |
v1.0 Rbacapplication List Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/rbacapplication-list-roledefinitions.md
If successful, this method returns a `200 OK` response code and a collection of
## Example
-### Request
-
-The following is an example of the request.
-
+### Example 1: Retrieve role definitions for the directory provider
+#### Request
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleDefinitions
-### Response
+#### Response
The following is an example of the response.
Content-type: application/json
} ```
+### Example 2: Retrieve role definitions for the entitlement management provider
+
+#### Request
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_roledefinitions_entitlementmanagement_provider"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/roleManagement/entitlementManagement/roleDefinitions
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleDefinition",
+ "isCollection": true
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/entitlementManagement/roleDefinitions",
+ "value": [
+ {
+ "id": "ae79f266-94d4-4dab-b730-feca7e132178",
+ "displayName": "Catalog owner",
+ "description": "Catalog owner",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "templateId": "ae79f266-94d4-4dab-b730-feca7e132178",
+ "version": "1.0",
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "microsoft.entitlementManagement/allEntities/allTasks"
+ ],
+ "condition": null
+ }
+ ]
+ },
+ {
+ "id": "44272f93-9762-48e8-af59-1b5351b1d6b3",
+ "displayName": "Catalog reader",
+ "description": "Catalog reader",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "templateId": "44272f93-9762-48e8-af59-1b5351b1d6b3",
+ "version": "1.0",
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "microsoft.entitlementManagement/allEntities/Read"
+ ],
+ "condition": null
+ }
+ ]
+ },
+ {
+ "id": "7f480852-ebdc-47d4-87de-0d8498384a83",
+ "displayName": "AccessPackages manager",
+ "description": "AccessPackages manager",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "templateId": "7f480852-ebdc-47d4-87de-0d8498384a83",
+ "version": "1.0",
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "microsoft.entitlementManagement/AccessPackageCatalog/AccessPackage/allTasks",
+ "microsoft.entitlementManagement/AccessPackageCatalog/allEntities/Read"
+ ],
+ "condition": null
+ }
+ ]
+ },
+ {
+ "id": "ba92d953-d8e0-4e39-a797-0cbedb0a89e8",
+ "displayName": "Catalog creator",
+ "description": "Catalog creator",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "templateId": "ba92d953-d8e0-4e39-a797-0cbedb0a89e8",
+ "version": "1.0",
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "microsoft.entitlementManagement/AccessPackageCatalog/Create"
+ ],
+ "condition": null
+ }
+ ]
+ },
+ {
+ "id": "e2182095-804a-4656-ae11-64734e9b7ae5",
+ "displayName": "AccessPackage assignment manager",
+ "description": "AccessPackage assignment manager",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "templateId": "e2182095-804a-4656-ae11-64734e9b7ae5",
+ "version": "1.0",
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "microsoft.entitlementManagement/AccessPackageCatalog/AccessPackage/GrantRequests/allTasks",
+ "microsoft.entitlementManagement/AccessPackageCatalog/AccessPackage/Grants/allTasks",
+ "microsoft.entitlementManagement/AccessPackageCatalog/allEntities/Read"
+ ],
+ "condition": null
+ }
+ ]
+ }
+ ]
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Unifiedroledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/unifiedroledefinition-get.md
Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleDefinitions/$entity",
- "id": "429c3819-053d-4250-9926-4c7dcb18ae17",
+ "id": "f189965f-f560-4c59-9101-933d4c87a91a",
"description": "Allows reading Application Registrations", "displayName": "Application Registration Reader", "isBuiltIn": false,
v1.0 Groups Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/groups-overview.md
Title: "Working with groups in Microsoft Graph"
-description: "Groups are collections of users and other principals who share access to resources in Microsoft services or in your app. Microsoft Graph provides APIs that you can use to create and manage different types of groups and group functionality according to your scenario. All group-related operations in Microsoft Graph require administrator consent."
+description: "Groups are collections of principals with shared access to resources in Microsoft services or in your app. Different principals such as users, other groups, devices, and applications can be part of groups. Using groups helps you avoid working with individual principals and simplifies management of access to your resources."
ms.localizationpriority: high ms.prod: "groups"
doc_type: conceptualPageType
# Working with groups in Microsoft Graph
-Groups are collections of [users](user.md) and other principals who share access to resources in Microsoft services or in your app. Microsoft Graph provides APIs that you can use to create and manage different types of groups and group functionality according to your scenario. All group-related operations in Microsoft Graph require administrator consent.
+Groups are collections of principals with shared access to resources in Microsoft services or in your app. Different principals such as users, other groups, devices, and applications can be part of groups. Using groups helps you avoid working with individual principals and simplifies management of access to your resources.
-> **Note**: Groups can only be created through work or school accounts. Personal Microsoft accounts don't support groups.
+Microsoft Graph exposes the groups API to create and manage different types of groups and group functionality.
+
+> [!NOTE]
+> 1. Groups can only be created through work or school accounts. Personal Microsoft accounts don't support groups.
+> 2. All group-related operations in Microsoft Graph require administrator consent.
## Group types in Azure AD and Microsoft Graph
-Azure AD supports the following types of groups.
+Azure Active Directory (Azure AD) supports the following types of groups.
- Microsoft 365 groups - Security groups - Mail-enabled security groups - Distribution groups
-For more information about Azure AD groups, see [compare groups in Azure AD](/microsoft-365/admin/create-groups/compare-groups).
+Only Microsoft 365 and security groups can be managed through the Microsoft Graph groups API. Mail-enabled and distribution groups are read-only through Microsoft Graph.
In Microsoft Graph, the type of group can be identified by the settings of its **groupType**, **mailEnabled**, and **securityEnabled** properties as indicated in the table below.
-| Type | Use case | groupType | mailEnabled | securityEnabled | Created and managed via API |
-| | -- | - | -- | -- | |
-| [Microsoft 365 groups](#microsoft-365-groups) | Facilitating user collaboration with shared Microsoft online resources. | `["Unified"]` | `true` | `true` or `false` | Yes |
-| [Security groups](#security-groups-and-mail-enabled-security-groups) | Controlling user access to in-app resources. | `[]` | `false` | `true` | Yes |
-| [Mail-enabled security groups](#security-groups-and-mail-enabled-security-groups) | Controlling user access to in-app resources, with a shared group mailbox. | `[]` | `true` | `true` | No |
-| Distribution groups | Distributing mail to the members of the group. It is recommended to use Microsoft 365 groups due to the richer set of resources it provides. | `[]` | `true` | `false` | No |
+| Type |groupType | mailEnabled | securityEnabled | Created and managed via the groups API |
+|--|--|--|--|--|
+| [Microsoft 365 groups](#microsoft-365-groups) | `["Unified"]` | `true` | `true` or `false` | Yes |
+| [Security groups](#security-groups-and-mail-enabled-security-groups) | `[]` | `false` | `true` | Yes |
+| [Mail-enabled security groups](#security-groups-and-mail-enabled-security-groups) | `[]` | `true` | `true` | No |
+| Distribution groups | `[]` | `true` | `false` | No |
+
+For more information about groups, see the sections below. For more information about groups in Azure AD, see [compare groups in Azure AD](/microsoft-365/admin/create-groups/compare-groups).
## Microsoft 365 groups
-The power of Microsoft 365 groups is in its collaborative nature, perfect for people who work together on a project or a team. They are created with resources that members of the group share, including:
+The power of Microsoft 365 groups is in its collaborative nature, perfect for people who work together on a project or a team. They're created with resources that members of the group share, including:
- Outlook conversations - Outlook calendar
The power of Microsoft 365 groups is in its collaborative nature, perfect for pe
- Planner plans - Intune device management
-### Group in Outlook example
-
-The following is a JSON representation of groups in Outlook.
+The following JSON object shows a sample representation of a group when you call the Microsoft Graph groups API.
```http
+HTTP/1.1 201 OK
+Content-type: application/json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
To learn more about Microsoft 365 groups and the administrator experiences, see
## Security groups and mail-enabled security groups
-Security groups are for controlling user access to resources. By checking whether a user is a member of a security group, your app can make authorization decisions when that user is trying to access some secure resources in your app. Security groups can have users and other security groups as members.
-
-Mail-enabled security groups are used in the same way that security groups are, but with the added feature of a shared mailbox for the groups. Mail-enabled security groups are read only. Learn more in the [Manage mail-enabled security groups Exchange article](/Exchange/recipients/mail-enabled-security-groups).
+**Security groups** are for controlling user access to resources. By checking whether a user is a member of a security group, your app can make authorization decisions when that user is trying to access some secure resources in your app. Security groups can have users, other security groups, devices, and service principals as members.
-### Security group example
+**Mail-enabled security groups** are used in the same way as security groups, but with the added feature of a shared mailbox. Mail-enabled security groups can't be created or updated through the API; instead, they're read-only. Learn more in the [Manage mail-enabled security groups Exchange article](/Exchange/recipients/mail-enabled-security-groups).
-The following is a JSON representation of a security group.
+The following JSON object shows a sample representation of a group when you call the Microsoft Graph groups API.
```http
+HTTP/1.1 201 OK
+Content-type: application/json
+ { "@odata.type": "#microsoft.graph.group", "id": "f87faa71-57a8-4c14-91f0-517f54645106",
The following is a JSON representation of a security group.
## Dynamic membership
-All types of groups can have dynamic membership rules that automatically add or remove members from the group based on user properties. For example, a "Marketing employees" group would include every user with the department property set to "Marketing", so that new marketing employees are automatically added to the group and employees who leave the department are automatically removed from the group. This rule can be specified in a "membershipRule" field during group creation as `"membershipRule": 'user.department -eq "Marketing"'`. GroupTypes must also include `"DynamicMembership"`. The following request creates a new Microsoft 365 group for the marketing employees:
+All types of groups can have dynamic membership rules that automatically add or remove members from the group based on the principal's properties. For example, a "Marketing employees" group can define a dynamic membership rule that only users with their department property set to "Marketing" can be members of the group. In this case, any user's who leave the department are automatically removed from the group.
+
+The dynamic membership rules are specified through the **membershipRule** property during group creation. For example, `"membershipRule": 'user.department -eq "Marketing"'`. The **groupType** property must also include `"DynamicMembership"` value in the collection. The dynamic membership rule can be turned on or off through the **membershipRuleProcessingState** property.
+
+The following example request creates a new Microsoft 365 group that can only include employees in the Marketing department.
```http
-POST https://graph.microsoft.com/beta/groups
+POST https://graph.microsoft.com/v1.0/groups
+Content-type: application/json
+ { "description": "Marketing department folks", "displayName": "Marketing department",
POST https://graph.microsoft.com/beta/groups
"mailEnabled": true, "mailNickname": "marketing", "securityEnabled": false,
- "membershipRule": "user.department -eq \"Marketing\"",
+ "membershipRule": "'user.department -eq 'Marketing'",
"membershipRuleProcessingState": "on" } ```
-To learn more about formulating membershipRules, see [Create attribute-based rules for dynamic group membership in Azure Active Directory](/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal).
+To learn more about formulating membership rules, see [Dynamic membership rules for groups in Azure Active Directory](/azure/active-directory/enterprise-users/groups-dynamic-membership).
-> **Note**: Dynamic membership rules requires the tenant to have a license at tier [Azure Active Directory Premium P1](https://azure.microsoft.com/pricing/details/active-directory/) or greater.
+> **Note**: Dynamic membership rules requires the tenant to have at least an Azure AD Premium P1 license for each unique user that is a member of one or more dynamic groups.
## Other types of groups Microsoft 365 groups in Yammer are used to facilitate user collaboration through Yammer posts. This type of group can be returned through a read request, but their posts can't be accessed through the API. When Yammer posts and conversation feeds are enabled on a group, default Microsoft 365 group conversations are disabled. To learn more, see [Yammer developer API docs](https://developer.yammer.com/docs).
+## Group search limitations for guest users in organizations
+
+Group search capabilities allow the app to search for any groups in an organization's directory by performing queries against the `/groups` resource (for example, `https://graph.microsoft.com/v1.0/groups`). Both administrators and users who are members have this capability; however, guest users don't.
+
+If the signed-in user is a guest user, depending on the permissions an app has been granted, it can read the profile of a specific group (for example, `https://graph.microsoft.com/v1.0/group/fc06287e-d082-4aab-9d5e-d6fd0ed7c8bc`); however, it can't perform queries against the `/groups` resource that potentially returns more than a single resource.
+
+With the appropriate permissions, the app can read the profiles of groups that it obtains by following links in navigation properties; for example, `/groups/{id}/members`.
+
+For more information about what guest users can do with groups, see [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions).
+ ## Group-based licensing You can use group-based licensing to assign one or more product licenses to an Azure AD group. Azure AD ensures that the licenses are assigned to all members of the group. Any new members who join the group are assigned the appropriate licenses. When they leave the group, those licenses are removed. The feature can only be used with security groups and Microsoft 365 groups that have `securityEnabled=TRUE`. To learn more about group-based licensing, see [What is group-based licensing in Azure Active Directory?](/azure/active-directory/fundamentals/active-directory-licensing-whatis-azure-portal).
You can use group-based licensing to assign one or more product licenses to an A
Using Microsoft Graph, you can perform the following common operations.
-| **Use cases** | **REST resources** | **See also** |
-| :-- | :- | :- |
-| **Group object and methods** | | |
-| Create new groups, get existing groups, update the properties on groups, and delete groups. Currently, only security groups and groups in Outlook can be created through the API. | [group](group.md) | [Create new groups](../api/group-post-groups.md) <br/> [List groups](../api/group-list.md) <br/> [Update groups](../api/group-update.md) <br/> [Delete groups](../api/group-delete.md) |
-| **Group membership methods** | | |
-| List the members of a group, and add or remove members. | [user](user.md) <br/> [group](group.md) | [List members](../api/group-list-members.md) <br/> [Add member](../api/group-post-members.md) <br/> [Remove member](../api/group-delete-members.md) |
-| Determine whether a user is a member of a group, get all the groups the user is a member of. | [user](user.md) <br/> [group](group.md) <br/> [servicePrincipal](serviceprincipal.md) <br/> [orgContact](orgcontact.md) | [Check member groups](../api/directoryobject-checkmembergroups.md) <br/> [Get member groups](../api/directoryobject-getmembergroups.md) |
-| List the owners of a group, and add or remove owners. | [user](user.md) <br/> [group](group.md) | [List owners](../api/group-list-members.md) <br/> [Add member](../api/group-post-members.md) <br/> [Remove member](../api/group-delete-members.md) |
+
+Using Microsoft Graph, you can perform the following common operations on groups.
+
+| **Use cases** | **REST resources** | **See also** |
+|:-|:-|:-|
+| **Create groups, manage group characteristics** | | |
+| Create new groups, get existing groups, update the properties on groups, and delete groups. Currently, only security groups and groups in Outlook can be created through the API. | [group](group.md) | [Create new groups](../api/group-post-groups.md) <br/> [List groups](../api/group-list.md) <br/> [Update groups](../api/group-update.md) <br/> [Delete groups](../api/group-delete.md) |
+| **Manage group membership** | | |
+| List the members of a group, and add or remove members. | [user](user.md) <br/> [group](group.md) | [List members](../api/group-list-members.md) <br/> [Add member](../api/group-post-members.md) <br/> [Remove member](../api/group-delete-members.md) |
+| Determine whether a user is a member of a group, get all the groups the user is a member of. | [user](user.md) <br/> [group](group.md) <br/> [servicePrincipal](serviceprincipal.md) <br/> [orgContact](orgcontact.md) | [Check member groups](../api/directoryobject-checkmembergroups.md) <br/> [Get member groups](../api/directoryobject-getmembergroups.md) |
+| List the owners of a group, and add or remove owners. | [user](user.md) <br/> [group](group.md) | [List owners](../api/group-list-members.md) <br/> [Add member](../api/group-post-members.md) <br/> [Remove member](../api/group-delete-members.md) |
## What's new
v1.0 Users https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/users.md
doc_type: conceptualPageType
# Working with users in Microsoft Graph
-You can use Microsoft Graph to build compelling app experiences based on users, their relationships with other users and groups, and their mail, calendar, and files.
+You can use Microsoft Graph to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
-You can access [users](user.md) through Microsoft Graph in two ways:
+You can access users through Microsoft Graph in two ways:
-- By their ID, `/users/{id | userPrincipalName}`
+- By their ID, `/users/{id}`
- By using the `/me` alias for the signed-in user, which is the same as `/users/{signed-in user's id}`
+There are two types of users in Azure AD - members and guest users. Guest users join the organization through redeeming their invitation. Guest users can be converted to members to enjoy all the privileges of members.
+ ## Authorization One of the following [permissions](/graph/permissions-reference) is required to access user operations. The first three permissions can be granted to an app by a user. The rest can only be granted to an app by the administrator.
The following represent the default set of properties that are returned when get
For details and a list of all the properties, see the [user](user.md) object.
+## User and group search limitations for guest users in organizations
+
+User and group search capabilities allow the app to search for any user or group in an organization's directory by performing queries against the `/users` or `/groups` resource set (for example, `https://graph.microsoft.com/v1.0/users`). Both administrators and users who are members have this capability; however, guest users don't.
+
+If the signed-in user is a guest user, depending on the permissions an app has been granted, it can read the profile of a specific user or group (for example, `https://graph.microsoft.com/v1.0/users/241f22af-f634-44c0-9a15-c8cd2cea5531`); however, it can't perform queries against the `/users` or `/groups` resource set that potentially returns more than a single resource.
+
+With the appropriate permissions, the app can read the profiles of users or groups that it obtains by following links in navigation properties; for example, `/users/{id}/directReports` or `/groups/{id}/members`.
+
+For more information about search limitations for guest users, see [Compare member and guest default permissions](/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions).
+ ## Common operations > **Note:** Some of these operations require additional permissions.