-It includes apps from the Microsoft Teams store, and apps from your organization's app catalog (the tenant app catalog). To get apps from your organization's app catalog only, specify `organization` as the **distributionMethod** in the request.

-> **Note**:

-The Directory.Read.All and Directory.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission and avoid using these permissions going forward.

-The following example lists applications with a given ID, and expands **appDefinitions** to return the **publishingState**, which reflects the submission review state of the app. `Submitted` means the review is pending, `published` means the admin approved the app, and `rejected` means the the admin rejected the app.

-> **Notes:**

-> - For a call with app-hosted media, you need the Calls.AccessMedia.All permission in addition to one of the permissions listed in the previous table.

-> - Cloud Video Interop solutions that are [Certified for Microsoft Teams](/MicrosoftTeams/cloud-video-interop) have permission to call this API to join meetings for which they have meeting join links, similar to external users joining through a browser.

-To use the OnlineMeetings.ReadWrite.All application permission for this API, tenant administrators must create an [application access policy](/graph/cloud-communication-online-meeting-application-access-policy) and grant it to a user to authorize the app configured in the policy to create online meetings on behalf of that user (with user ID specified in the request path).

->- **userId** is the object ID of a user in [Microsoft Entra admin center > user management page](https://entra.microsoft.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

- "moderationSettings": null

- "membershipType": "private"

-> **Note**: The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams).

-In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

-> **Note**: The Chat.Manage.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The Chat.Manage.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The TeamsTab.Delete.Chat and TeamsTab.ReadWrite.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**:

-The TeamsAppInstallation.Read.Chat and Chat.Manage.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-The following example gets the list of any [resource-specific permissions that were granted to an app](../resources/teamsapppermissionset.md) as part of installation. A `$select` query parameterd is required to show the consented permission set.

-> **Note**: The TeamsAppInstallation.Read.Chat and Chat.Manage.Chat pPermissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-This operation does not support the [OData query parameters](/graph/query-parameters) to customize the response.

-> **Note**: The TeamsTab.Read.Chat and TeamsTab.ReadWrite.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The ChatSettings.Read.Chat, ChatSettings.ReadWrite.Chat, and Chat.Manage.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:**

-The following permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent):

-> **Note**: The ChatMember.Read.Chat and Chat.Manage.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:** The ChatMessage.Read.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-The other [OData query parameters](/graph/query-parameters) are not currently supported.

-> **Note:** The ChatSettings.Read.Chat and ChatSettings.ReadWrite.Chat, and Chat.Manage.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The TeamsAppInstallation.Read.Chat and Chat.Manage.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:** The TeamsTab.ReadWrite.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:**S The ChatSettings.ReadWrite.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Notes:**

-> **Note:** The Chat.Manage.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:** The TeamsTab.Create.Chat and TeamsTab.ReadWrite.Chat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

->**Note:** The TeamsActivity.Send.Chat permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Notes:**

-> **Note**: The _ChannelMessage.Read.Group_ and _ChatMessage.Read.Chat_ permissions use [resource-specific consent]( https://aka.ms/teams-rsc).

-This method does not support the [OData query parameters](/graph/query-parameters) to customize the response.

-Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedcontent.md) objects from a message. This API only lists the hosted content objects. To get the content bytes, see [get chatmessage hosted content](chatmessagehostedcontent-get.md)

-> **Note**: The Group.Read.All and Group.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: The _ChannelMessage.Read.Group_ and _ChatMessage.Read.Chat_ permissions use [resource-specific consent]( https://aka.ms/teams-rsc).

-> **Note:** The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams).

-In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

-> **Note**: The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

-This method does not support federation. Only the user in the tenant who sent the message can perform data loss prevention (DLP) updates on the specified chat message.

-> **Note:** The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-If no `model` is specified, [evaluation mode](/graph/teams-licenses#evaluation-mode-default-requirements) will be used.

-> **Note:**: The Group.Read.All and Group.ReadWrite.All permissionsare supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-This operation does not support the [OData query parameters](/graph/query-parameters) to customize the response.

- "domainJoinConfiguration": {

- "domainJoinType": "hybridAzureADJoin",

- "onPremisesConnectionId": "16ee6c71-fc10-438b-88ac-daa1ccafffff"

- },

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "windowsSettings": {

- "language": "en-US"

- },

- "domainJoinConfiguration": {

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "regionName": null,

- "type": "hybridAzureADJoin"

- },

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "windowsSettings": {

- "language": "en-US"

- },

-GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/provisioningPolicies/60b94f83-3e22-430e-a69d-440f65b922d6?$select=id,description,displayName,domainJoinConfiguration,imageDisplayName,imageId,imageType,onPremisesConnectionId,windowsSetting,managedBy,cloudPcGroupDisplayName,gracePeriodInHours,localAdminEnabled,alternateResourceUrl

- "domainJoinConfiguration": {

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "regionName": null,

- "type": "hybridAzureADJoin"

- },

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "windowsSettings": {

- "language": "en-US"

- },

-|domainJoinConfiguration (deprecated)|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs join Microsoft Entra ID.|

-|onPremisesConnectionId (deprecated)|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network thatΓÇÖs validated by the Cloud PC service.|

-|filter|String|OData filter syntax. Supported filters include `and`, `or`, `lt`, `le`, `gt`, `ge` and `eq`.|

- "RemoteSignInTimeInSec",

- "skip": 0,

-|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br>This property is used in the following scenarios: <li> If a rollover is required outside of the autorollover update <li> A new federation service is being set up <li> If the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated.<br>Microsoft Entra ID updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Microsoft Entra ID monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.|

-|nextSigningCertificate|String|Fallback token signing certificate that is used to sign tokens when the primary signing certificate expires. Formatted as Base64 encoded strings of the public portion of the federated IdP's token signing certificate. Needs to be compatible with the X509Certificate2 class. Much like the **signingCertificate**, the **nextSigningCertificate** property is used if a rollover is required outside of the auto-rollover update, a new federation service is being set up, or if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated.|

-+ Switching between **federatedIdpMfaBehavior** and **SupportsMfa** is not supported.

-This API is part of Microsoft SharePoint and OneDrive APIs that perform advanced premium administrative functions and is considered a protected API. Protected APIs require you to have more validation, beyond permission and consent, before you can use them. Before you call this API, you must [request access](https://aka.ms/PreviewSPOPremiumAPI).

-For more information about sensitivity labels from an administrator's perspective, see [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide&preserve-view=true).

-> This is a metered API and some charges for use may apply. For details, see [Overview of metered Microsoft 365 APIs in Microsoft Graph](/graph/metered-api-overview).

-|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base 64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br>This property is used in the following scenarios: <li> If a rollover is required outside of the autorollover update <li> A new federation service is being set up <li> If the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated.<br>Microsoft Entra ID updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Microsoft Entra ID monitors the metadata daily and will update the federation settings for the domain when a new certificate is available. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

-After you have received all the changes, you might apply them to your local state.

-The delta feed shows the latest state for each item, not each change. If an item were renamed twice, it will only show up once, with its latest name.

-Deleted items are returned with the [deleted facet](../resources/deleted.md). Deleted indicates that the item is deleted and cannot be restored.

-| token | string | Optional. If unspecified, enumerates the current state of the hierarchy. If `latest`, returns an empty response with the latest delta token. If a previous delta token, returns a new state since that token.|

-This method supports the `$select`, `$expand`, and `$top` [OData query parameters](/graph/query-parameters) to customize the response.

-In addition to a collection of **listItem** objects, the response will also include one of the following properties.

-| Name | Value | Description |

-|:|:-|:-|

-| **@odata.nextLink** | URL | A URL to retrieve the next available page of changes, if there are additional changes in the current set. |

-| **@odata.deltaLink** | URL | A URL returned instead of **@odata.nextLink** after all current changes have been returned. Used to read the next set of changes in the future. |

-In some cases, the service will return a `410 Gone` response code with an error response that contains one of the following error codes, and a `Location` header containing a new `nextLink` that starts a fresh delta enumeration. This occurs when the service can't provide a list of changes for a given token (for example, if a client tries to reuse an old token after being disconnected for a long time, or if the server state has changed and a new token is required).

-| `resyncChangesApplyDifferences` | Replace any local items with the versions from the server (including deletes) if you're sure that the service was up to date with your local changes when you last synchronized. Upload any local changes that the server doesn't know about. |

-| `resyncChangesUploadDifferences` | Upload any local items that the service did not return, and upload any items that differ from the versions from the server (keep both copies if you're not sure which one is more up-to-date). |

-In addition to the resync errors and for more details about how errors are returned, see [Microsoft Graph error responses and resource types][error-response].

-The following is an example of the initial request that shows how to call this API to establish your local state.

-The following is an example of the initial request.

-The following is an example of the response that includes the first page of changes and the **@odata.nextLink** property that indicates that no more items are available in the current set of items. Your app should continue to request the URL value of **@odata.nextLink** until all pages of items have been retrieved.

-<!-- { "blockType": "response", "name": "get_listItem_delta_first", "@odata.type": "microsoft.graph.listItem", "isCollection": true, "truncated": true, "scope": "site.read" } -->

- "value": [

- {

- "createdDateTime": "2020-06-02T22:46:58Z",

- "eTag": "\"{12AD05BB-59B8-43AA-9456-77C44E9BC066},756\"",

- "id": "1",

- "lastModifiedDateTime": "2021-10-14T23:27:27Z",

- "webUrl": "http://contoso.sharepoint.com/Shared%20Documents/TestFolder",

- "createdBy": {

- "user": {

- "displayName": "John doe",

- }

- },

- "parentReference": {

- "id": "1",

- "path": "Shared%20Documents",

- "siteId": "12AD05BB-59B8-43AA-9456-77C44E9BC066"

- },

- "contentType": {

- "id": "0x00123456789abc",

- "name": "Folder"

- }

- },

- {

- "createdDateTime": "2020-06-02T22:46:58Z",

- "eTag": "\"{12AD05BB-59B8-43AA-9456-77C44E9BC067},756\"",

- "id": "2",

- "lastModifiedDateTime": "2021-10-14T23:27:27Z",

- "webUrl": "http://contoso.sharepoint.com/Shared%20Documents/TestItemA.txt",

- "createdBy": {

- "user": {

- "displayName": "John doe",

- }

- },

- "parentReference": {

- "id": "2",

- "path": "Shared%20Documents",

- "siteId": "12AD05BB-59B8-43AA-9456-77C44E9BC066"

- },

- "contentType": {

- "id": "0x00123456789abc",

- "name": "Document"

- }

- },

- {

- "createdDateTime": "2020-06-02T22:46:58Z",

- "eTag": "\"{12AD05BB-59B8-43AA-9456-77C44E9BC068},756\"",

- "id": "3",

- "lastModifiedDateTime": "2021-10-14T23:27:27Z",

- "webUrl": "http://contoso.sharepoint.com/Shared%20Documents/TestItemB.txt",

- "createdBy": {

- "user": {

- "displayName": "John doe",

- }

- },

- "parentReference": {

- "id": "3",

- "path": "Shared%20Documents",

- "siteId": "12AD05BB-59B8-43AA-9456-77C44E9BC066"

- },

- "contentType": {

- "id": "0x00123456789abc",

- "name": "Document"

- }

- ],

- "@odata.nextLink": "https://graph.microsoft.com/beta/sites/contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE/lists/22e03ef3-6ef4-424d-a1d3-92a337807c30/items/delta?token=1230919asd190410jlka"

-The following is an example of the response that indicates that the item named `TestItemB.txt` was deleted and the item `TestFolder` was either added or modified between the initial request and this request to update the local state.

-The final page of items will include the **@odata.deltaLink** property, which provides the URL that can be used later to retrieve changes since the current set of items.

-<!-- { "blockType": "response", "name": "get-listItem-delta-last", "truncated": true, "@odata.type": "microsoft.graph.listItem", "isCollection": true, "scope": "site.read" } -->

- "value": [

- {

- "createdDateTime": "2020-06-02T22:46:58Z",

- "eTag": "\"{12AD05BB-59B8-43AA-9456-77C44E9BC066},756\"",

- "id": "1",

- "lastModifiedDateTime": "2016-03-21T20:01:37Z",

- "webUrl": "http://contoso.sharepoint.com/Shared%20Documents/TestFolder",

- "createdBy": {

- "user": {

- "displayName": "John doe",

- }

- },

- "parentReference": {

- "id": "1",

- "path": "Shared%20Documents",

- "siteId": "12AD05BB-59B8-43AA-9456-77C44E9BC066"

- },

- "contentType": {

- "id": "0x00123456789abc",

- "name": "Folder"

- }

- },

- {

- "id": "3",

- "parentReference": {

- "siteId": "12AD05BB-59B8-43AA-9456-77C44E9BC066"

- },

- "contentType": {

- "id": "0x00123456789abc",

- "name": "Document"

- },

- "deleted": {"state": "deleted"}

- ],

- "@odata.deltaLink": "https://graph.microsoft.com/beta/sites/contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE/lists/22e03ef3-6ef4-424d-a1d3-92a337807c30/items/delta?token=1230919asd190410jlka"

-In some scenarios, it might be useful to request the current `deltaLink` value without first enumerating all of the items in the list already. This can be useful if your app only wants to know about changes and doesn't need to know about existing items.

-GET /sites/contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE/lists/22e03ef3-6ef4-424d-a1d3-92a337807c30/items/delta?token=latest

-<!-- { "blockType": "response", "name": "get-delta-latest_datalink_tokenislatest", "isEmpty": true, "@odata.type": "microsoft.graph.listItem", "isCollection": true } -->

- "value": [ ],

- "@odata.deltaLink": "https://graph.microsoft.com/beta/sites/contoso.sharepoint.com,2C712604-1370-44E7-A1F5-426573FDA80A,2D2244C3-251A-49EA-93A8-39E1C3A060FE/lists/22e03ef3-6ef4-424d-a1d3-92a337807c30/items/delta?token=1230919asd190410jlka"

-[Use delta query to track changes in Microsoft Graph data](/graph/delta-query-overview)

-[Best practices for discovering files and detecting changes at scale](/onedrive/developer/rest-api/concepts/scan-guidance)

-[error-response]: /graph/errors

-| Name | Type | Description |

-|:--|:-|:--|

-| Authorization | string | Bearer {token}. Required. |

-description: "Update the writable property, **color**, of the specified outlookCategory object. You can't modify the **displayName** property "

-# Update Outlook category

-Update the writable property, **color**, of the specified [outlookCategory](../resources/outlookcategory.md) object. You can't modify the **displayName** property

-once you have created the category.

-If successful, this method returns a `200 OK` response code and updated [outlookCategory](../resources/outlookcategory.md) object in the response body.

-##### Request

-##### Response

-The following example shows the response. Note: The response object shown here might be shortened for readability.

-description: "Get all the categories that have been defined for the user."

-# List Outlook categories

-Get all the categories that have been defined for the user.

-GET https://graph.microsoft.com/beta/security/labels/authorities/{authorityTemplateId}

-The following example shows the response.

- "id": "a94af2e3-853b-6fcc-c898-d61d3a6d9efc",

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

- }

-DELETE /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories/{subCategoryTemplateId}/$ref

-DELETE https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories/{subCategoryTemplateId}

-The following example shows the response.

-This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

-GET https://graph.microsoft.com/beta/security/labels/categories/{categoryTemplateId}

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

- }

-GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories

-GET https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

-POST /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories

-|displayName|String| Unique string that defines a sub-category name. Inherited from [microsoft.graph.security.filePlanDescriptorTemplate](../resources/security-fileplandescriptor.md). Optional.|

-POST https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- }

-The following example shows the response.

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

-}

-GET https://graph.microsoft.com/beta/security/labels/citations/{citationTemplateId}

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)",

- "citationUrl": "String",

- "citationJurisdiction": "String"

-GET https://graph.microsoft.com/beta/security/labels/departments/{departmentTemplateId}

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

- }

-GET https://graph.microsoft.com/beta/security/labels/filePlanReferences/{filePlanReferenceTemplateId}

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

- }

-DELETE https://graph.microsoft.com/beta/security/labels/authorities/{authorityTemplateId}

-The following example shows the response.

-DELETE https://graph.microsoft.com/beta/security/labels/categories/{categoryTemplateId}

-The following example shows the response.

-DELETE https://graph.microsoft.com/beta/security/labels/citations/{citationTemplateId}

-```

-The following example shows the response.

-DELETE https://graph.microsoft.com/beta/security/labels/departments/{departmentTemplateId}

-The following example shows the response.

-DELETE https://graph.microsoft.com/beta/security/labels/filePlanReferences/{filePlanReferenceTemplateId}

-The following example shows the response.

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

- }

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)",

- "citationUrl": "String",

- "citationJurisdiction": "String"

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

- "displayName": "String",

- "behaviorDuringRetentionPeriod": "String",

- "actionAfterRetentionPeriod": "String",

- "retentionTrigger": "String",

- "@odata.type": "microsoft.graph.security.retentionDuration"

- "isInUse": "Boolean",

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)",

- "@odata.type": "microsoft.graph.identitySet"

- "lastModifiedDateTime": "String (timestamp)",

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String"

-|displayName|String|Unique string that defines an authortiy name. Inherited from [microsoft.graph.security.filePlanDescriptorTemplate](../resources/security-fileplandescriptor.md).|

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- }

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- }

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- },

- "citationUrl": "String",

- "citationJurisdiction": "String"

-The following example shows the response.

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- "citationUrl": "String",

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- }

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

- "displayName": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- }

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- "createdDateTime": "String (timestamp)"

-|defaultRecordBehavior|microsoft.graph.security.defaultRecordBehavior|Specifies the locked or unlocked state of a record label when it is created.The possible values are: `startLocked`, `startUnlocked`, `unknownFutureValue`. |

- "displayName": "String",

- "behaviorDuringRetentionPeriod": "String",

- "actionAfterRetentionPeriod": "String",

- "retentionTrigger": "String",

- "@odata.type": "microsoft.graph.security.retentionDuration"

- "isInUse": "Boolean",

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- },

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String",

-The following example shows the response.

- "displayName": "String",

- "behaviorDuringRetentionPeriod": "String",

- "actionAfterRetentionPeriod": "String",

- "retentionTrigger": "String",

- "@odata.type": "microsoft.graph.security.retentionDuration"

- "isInUse": "Boolean",

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)",

- "lastModifiedBy": {

- "@odata.type": "microsoft.graph.identitySet"

- "lastModifiedDateTime": "String (timestamp)",

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String",

- "@odata.type": "microsoft.graph.security.eventQueries"

- "@odata.type": "microsoft.graph.security.eventQueries"

-|eventQuery|[microsoft.graph.security.eventQueries](../resources/security-eventqueries.md) collection| Represents the workload (SharePoint Online, OneDrive for Business, Exchange Online) and identification information associated with a retention event.|

- "@odata.type": "microsoft.graph.security.eventQueries"

-The following example shows the response.

- "@odata.type": "microsoft.graph.security.eventQueries"

-DELETE https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}

-This method supports the expand OData query parameters to help customize the response. For example, to retrieve the **retentionEventType** property, you can use the `expand` parameter:`$expand=retentionEventType`. For general information, see [OData query parameters](/graph/query-parameters).

- "displayName": "String",

- "behaviorDuringRetentionPeriod": "String",

- "actionAfterRetentionPeriod": "String",

- "retentionTrigger": "String",

- "retentionDuration": {

- "@odata.type": "microsoft.graph.security.retentionDuration"

- },

- "isInUse": "Boolean",

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "createdBy": {

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)",

- "lastModifiedBy": {

- "@odata.type": "microsoft.graph.identitySet"

- },

- "lastModifiedDateTime": "String (timestamp)",

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String"

-|defaultRecordBehavior|microsoft.graph.security.defaultRecordBehavior|Specifies the locked or unlocked state of a record label when it is created.The possible values are: `startLocked`, `startUnlocked`, `unknownFutureValue`.|

-If successful, this method returns a `200 OK` response code and an updated [microsoft.graph.security.retentionLabel](../resources/security-retentionlabel.md) object in the response body.

-PATCH https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}

- "@odata.type": "microsoft.graph.security.retentionDuration"

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String"

->**Note:** The response object shown here might be shortened for readability.

- "blockType": "response",

- "truncated": true,

- "@odata.type": "microsoft.graph.security.retentionLabel"

-HTTP/1.1 200 OK

-Content-Type: application/json

-{

- "@odata.type": "#microsoft.graph.security.retentionLabel",

- "id": "64a99fb4-07be-0481-8746-44c15c0eef1f",

- "retentionDuration": {

- "@odata.type": "microsoft.graph.security.retentionDuration"

- },

- "descriptionForAdmins": "String",

- "descriptionForUsers": "String",

- "labelToBeApplied": "String",

- "defaultRecordBehavior": "String"

-}

-GET /security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories/{subCategoryTemplateId}

-GET https://graph.microsoft.com/beta/security/labels/retentionLabels/{retentionLabelId}/descriptors/categoryTemplate/subCategories/{subCategoryTemplateId}

-The following example shows the response.

- "displayName": "String",

- "@odata.type": "microsoft.graph.identitySet"

- },

- "createdDateTime": "String (timestamp)"

- }

-```http

-```http

-```http

-If successful, this method returns a `200 OK` response code and a collection of [channel](../resources/channel.md) objects in the response body. The response also includes the **@odata.id** property which can be used to access the channel and run other operations on the [channel](../resources/channel.md) object.

-> Currently, invoking the URL returned from the **@odata.id** property fails for cross-tenant shared channels. You can solve this issue if you remove the `/tenants/{tenant-id}` part from the URL before you call this API. For more details, see [Known issues with Microsoft Graph](https://developer.microsoft.com/en-us/graph/known-issues/?search=14971).

- "moderationSettings": null

-This method does not currently support the [OData query parameters](/graph/query-parameters) to customize the response.

- }

- "domainJoinConfiguration": {

- "onPremisesConnectionId": "16ee6c71-fc10-438b-88ac-daa1ccafffff",

- "type": "hybridAzureADJoin"

- },

- "onPremisesConnectionId": "4e47d0f6-6f77-44f0-8893-c0fe1701ffff",

- "windowsSettings": {

- "language": "en-US"

- },

-|domainJoinConfiguration (deprecated)|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs join Microsoft Entra ID.|

-|onPremisesConnectionId (deprecated)|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network thatΓÇÖs validated by the Cloud PC service.|

-|originId|String|The unique identifier of the resource in the origin system. In the case of a Microsoft Entra group, originId is the identifier of the group. |

-|originSystem|String|The type of the resource in the origin system, such as `SharePointOnline`, `AadApplication`, or `AadGroup`.|

-| signInAudience | String | Specifies the Microsoft accounts that are supported for the current application. The possible values are: `AzureADMyOrg`, `AzureADMultipleOrgs`, `AzureADandPersonalMicrosoftAccount` (default), and `PersonalMicrosoftAccount`. See more in the [table](#signinaudience-values). <br/><br/>The value of this object also limits the number of permissions an app can request. For more information, see [Limits on requested permissions per app](#limits-on-requested-permissions-per-app). <br><br>The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first. For more information, see [Validation differences for signInAudience](/azure/active-directory/develop/supported-accounts-validation?context=graph/context).<br><br>Supports `$filter` (`eq`, `ne`, `not`).|

-|AzureADMyOrg|Users with a Microsoft work or school account in my organization's Microsoft Entra tenant (single-tenant).|

-|AzureADandPersonalMicrosoftAccount|Users with a personal Microsoft account, or a work or school account in any organization's Microsoft Entra tenant. For authenticating users with Azure AD B2C user flows, use `AzureADandPersonalMicrosoftAccount`. This value allows for the widest set of user identities including local accounts and user identities from Microsoft, Facebook, Google, Twitter, or any OpenID Connect provider. This is the default value for the **signInAudience** property.|

-description: "Represents an abstract type that provides the ability to launch a realistic phishing attack that organizations can learn from."

-Represents an abstract type that provides the ability to launch a realistic phishing attack that organizations can learn from.

-Here's a JSON representation of the resource.

-|[List teams sharing a channel](../api/sharedwithchannelteaminfo-list.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md) collection|Get the list of teams that has been shared the specified channel.|

-|[Get team sharing a channel](../api/sharedwithchannelteaminfo-get.md)|[sharedWithChannelTeamInfo](../resources/sharedwithchannelteaminfo.md)|Get a team that has been shared the specified channel.|

-|displayName|String|Channel name as it will appear to the user in Microsoft Teams. The maximum length is 50 characters.|

-|webUrl|String|A hyperlink that will go to the channel in Microsoft Teams. This is the URL that you get when you right-click a channel in Microsoft Teams and select Get link to channel. This URL should be treated as an opaque blob, and not parsed. Read-only.|

-|membershipType|[channelMembershipType](../resources/channel.md#channelmembershiptype-values)|The type of the channel. Can be set during creation and can't be changed. The possible values are: `standard`, `private`, `unknownFutureValue`, `shared`. The default value is `standard`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `shared`.|

-|summary|[channelSummary](../resources/channelsummary.md)|Contains summary information about the channel, including number of guests, members, owners, and an indicator for members from other tenants. The **summary** property will only be returned if it is specified in the `$select` clause of the [Get channel](../api/channel-get.md) method.|

-Instance attributes are properties with special behaviors. These properties are temporary and either a) define behavior the service should perform or b) provide short-term property values, like a download URL for an item that expires.

-The following is a JSON representation of the resource.

-description: "Cloud managed virtual desktops."

-|[List cloudPCs](../api/virtualendpoint-list-cloudpcs.md)|[cloudPC](../resources/cloudpc.md) collection|List properties and relationships of the [cloudPC](../resources/cloudpc.md) objects.|

-|[Get cloudPC](../api/cloudpc-get.md)|[cloudPC](../resources/cloudpc.md)|Read the properties and relationships of a [cloudPC](../resources/cloudpc.md) object.|

-|[Get provisioned cloudPCs](../api/cloudpc-getprovisionedcloudpcs.md)|[cloudPC](../resources/cloudpc.md) collection|Get all provisioned Cloud PCs of a specific service plan for users under a Microsoft Entra user group.|

-|[End grace period](../api/cloudpc-endgraceperiod.md)|None|End the grace period for a [cloudPC](../resources/cloudpc.md) object.|

-|[Power on](../api/cloudpc-poweron.md)|None|Power on a specific Windows Frontline [cloudPC](../resources/cloudpc.md) object. This action supports MEM admin scenarios.|

-|[Power off](../api/cloudpc-poweroff.md)|None|Power off a specific Windows Frontline [cloudPC](../resources/cloudpc.md) object.This action supports MEM admin scenarios.|

-|[Reboot](../api/cloudpc-reboot.md)|None|Reboot a specific [cloudPC](../resources/cloudpc.md) object.|

-|[Rename](../api/cloudpc-rename.md)|None|Rename a specific [cloudPC](../resources/cloudpc.md) object. Use this API to update the **displayName** for the Cloud PC entity.|

-|[Reprovision](../api/cloudpc-reprovision.md)|None|Reprovision a [cloudPC](../resources/cloudpc.md) object.|

-|[Start](../api/cloudpc-start.md)|None|Start a specific [cloudPC](../resources/cloudpc.md) for a user. Currently, only Windows 365 Frontline Cloud PCs are supported. |

-|[Stop](../api/cloudpc-stop.md)|None|Stop a specific [cloudPC](../resources/cloudpc.md) for a user. Currently, only Windows 365 Frontline Cloud PCs are supported. |

-|[Troubleshoot](../api/cloudpc-troubleshoot.md)|None|Troubleshoot a specific [cloudPC](../resources/cloudpc.md) object. Use this API to check the health status of the Cloud PC and the session host.|

-|[Restore](../api/cloudpc-restore.md)|None|Restore a [cloudPC](../resources/cloudpc.md) object to a previous state from a snapshot.|

-|[List for user](../api/user-list-cloudpcs.md)|[cloudPC](../resources/cloudpc.md) collection|List the [cloudPC](../resources/cloudpc.md) devices that are attributed to the signed-in user.|

-|[Get launch info for user](../api/cloudpc-getcloudpclaunchinfo.md)|[cloudPCLaunchInfo](../resources/cloudpclaunchinfo.md)|Get the [cloudPCLaunchInfo](../resources/cloudpclaunchinfo.md) for the signed-in user.|

-|[Retry partner agent installation](../api/cloudpc-retrypartneragentinstallation.md)|None|Retry installation for the partner agents that failed to install on the [cloudPC](../resources/cloudpc.md).|

-|[Bulk resize](../api/cloudpc-retrypartneragentinstallation.md)|[cloudPcRemoteActionResult](../resources//cloudpcremoteactionresult.md) collection|Perform a bulk resize action to resize a group of [cloudPCs](../resources/cloudpc.md) that have successfully passed validation (cloudPC: validateBulkResize). If any devices can't be resized, they're labeled as "resize failed", while the remaining devices are `provisioned` for the resize process.|

-|[Validate bulk resize](../api/cloudpc-validatebulkresize.md)|[cloudPcResizeValidateResult](../resources/cloudPcResizeValidationResult.md) collection|Validate that a set of [cloudPC](../resources/cloudpc.md) devices meet the requirements to be bulk resized.|

-|lastRemoteActionResult|[cloudPcRemoteActionResult](../resources/cloudpcremoteactionresult.md)|The last remote action result of the enterprise Cloud PCs. The supported remote actions are: `Reboot`, `Rename`, `Reprovision`, `Restore`, and `Troubleshoot`.|

-|osVersion|[cloudPcOperatingSystem](../resources/cloudpcorganizationsettings.md#cloudpcoperatingsystem-values)|The version of the operating system (OS) to provision on Cloud PCs. Possible values are: `windows10`, `windows11`, and `unknownFutureValue`.|

-|powerState|[cloudPcPowerState](#cloudpcpowerstate-values)|The power state of a Cloud PC. The possible values are: `running`, `poweredOff` and `unknown`. This property only supports shift work Cloud PCs.|

-|status|[microsoft.graph.cloudPcStatus](#cloudpcstatus-values)|The status of the Cloud PC. Possible values are: `notProvisioned`, `provisioning`, `provisioned`, `upgrading`, `inGracePeriod`, `deprovisioning`, `failed`, `restoring`.|

-|userAccountType|[cloudPcUserAccountType](../resources/cloudpcorganizationsettings.md#cloudpcuseraccounttype-values)|The account type of the user on provisioned Cloud PCs. Possible values are: `standardUser`, `administrator`, and `unknownFutureValue`.|

-|encryptedUsingPlatformManagedKey|The Cloud PC is encrypted using a platform managed key. This is the default value if the customer-managed key isn't enabled.|

-The following table lists the members of an [evolvable enumeration](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations). You must use the `Prefer: include-unknown-enum-members` request header to get the following values in this evolvable enum: `movingRegion`, `resizePendingLicense`.

-|notProvisioned|The Cloud PC hasn't been provisioned.|

-|provisioned|The Cloud PC is provisioned and can be accessed by end users.|

-|inGracePeriod|The Cloud PC is in the one week grace period before itΓÇÖs deprovisioned.|

-|failed|The operation on Cloud PC has failed.|

-|provisionedWithWarnings|The Cloud PC is provisioned and can be accessed by end users but with some warnings. The user can continue to use this Cloud PC.|

-|resizePendingLicense|Indicates that the Cloud PC resize process has been initiated but can't be completed because the target license hasn't been identified. It's currently awaiting customer action to resolve the licensing issue.|

-|domainJoinConfiguration (deprecated)|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs join Microsoft Entra ID.|

-|onPremisesConnectionId (deprecated)|String|The ID of the [cloudPcOnPremisesConnection](../resources/cloudpconpremisesconnection.md). To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network thatΓÇÖs validated by the Cloud PC service.|

-Connectors are lightweight agents that sit on-premises and facilitate the outbound connection to the [Microsoft Entra application proxy](/azure/active-directory/app-proxy/what-is-application-proxy) service. Each connector is part of a [connectorGroup](connectorgroup.md).

-| [Get connector](../api/connector-get.md) | [connector](connector.md) | Read properties and relationships of connector object. |

-| [List memberOf](../api/connector-list-memberof.md) | [connectorGroup](connectorgroup.md) collection | List the connectorGroup object collection the connector is a member of. |

-| [Add connector to connectorGroup](../api/connector-post-memberof.md)| [connectorGroup](connectorgroup.md) | Add a connector to a connectorGroup. |

-|externalIp|String| The external IP address as detected by the the connector server. Read-only. |

-|id|String| Unique identifier of the connector. Read-only. |

-|machineName|String| The machine name the connector is installed and running on. |

-|status|connectorStatus| Indicates the status of the connector. Possible values are: `active`, `inactive`. Read-only. |

-|memberOf|[connectorGroup](connectorgroup.md) collection| The connectorGroup that the connector is a member of. Read-only. |

-The following is a JSON representation of the resource.

- "status": "string"

-# FilterDatetime resource type

-|date|string|The date in ISO8601 format used to filter data.|

-|specificity|string|How specific the date should be used to keep data. For example, if the date is 2005-04-02 and the specificity is set to "month," the filter operation will keep all rows with a date in the month of April 2009. Possible values are: `Year`, `Monday`, `Day`, `Hour`, `Minute`, `Second`.|

-None

-Here's a JSON representation of the resource.

- "date": "string",

- "specificity": "string"

-description: "A rule that applies to messages in the Inbox of a user."

-A rule that applies to messages in the Inbox of a user.

-| conditions | [messageRulePredicates](messagerulepredicates.md) | Conditions that when fulfilled, will trigger the corresponding actions for that rule. |

-Here is a JSON representation of the resource.

-|isEnabled|Boolean| Represents if [Microsoft Entra application proxy](/azure/active-directory/app-proxy/what-is-application-proxy) is enabled for the tenant. |

-Represents a Planner task in Microsoft 365. A Planner task is contained in a [plan](plannerplan.md) and can be assigned to a [bucket](plannerbucket.md) in a plan. Each task object has a [details](plannertaskdetails.md) object that can contain more information about the task. For more information about relationships between group, plan, and task, see [Use the Planner REST API](planner-overview.md)

-|appliedCategories|[plannerAppliedCategories](plannerappliedcategories.md)|The categories to which the task has been applied. See [applied Categories](plannerappliedcategories.md) for possible values.|

-|bucketId|String|Bucket ID to which the task belongs. The bucket needs to be in the plan that the task is in. It is 28 characters long and case-sensitive. [Format validation](tasks-identifiers-disclaimer.md) is done on the service. |

-|id|String|Read-only. ID of the task. It is 28 characters long and case-sensitive. [Format validation](tasks-identifiers-disclaimer.md) is done on the service.|

-|priority|Int32|Priority of the task. Valid range of values is between `0` and `10` (inclusive), with increasing value being lower priority (`0` has the highest priority and `10` has the lowest priority). Currently, Planner interprets values `0` and `1` as "urgent", `2` and `3` and `4` as "important", `5`, `6`, and `7` as "medium", and `8`, `9`, and `10` as "low". Currently, Planner sets the value `1` for "urgent", `3` for "important", `5` for "medium", and `9` for "low".|

-|details|[plannerTaskDetails](plannertaskdetails.md)| Read-only. Nullable. Additional details about the task.|

-Represents the file plan descriptor of type category applied to a particular retention label.

-Represents the file plan descriptor of type authority applied to a particular retention label.

-Specifies the underlying authority that describes the type of content to be retained and its retention schedule.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the authority. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the authority is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines an authority name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|id|String|Unique ID of the authority. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-Specifies a group of similar types of content in a particular department.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the category. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the category is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines a category name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|id|String|Unique ID of the category. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-Represents the file plan descriptor of type citation applied to a particular retention label.

-The specific rule or regulation created by a jurisdiction used to determine whether certain labels and content should be retained or deleted.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the citation. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the citation is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines a citation name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|id|String|Unique ID of the citation. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-Represents the file plan descriptor of type department applied to a particular retention label.

-Specifies the department or business unit of an organization to which a label belongs.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the department. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the department is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines a department name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|id|String|Unique ID of the department. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-description: "Represents a group of columns associated with a particular retention label, to improve the manageability and organization of the content you need to label."

-Represents a group of columns to improve the manageability and organization of the content you need to label.

-The following is a JSON representation of the resource.

-description: "Represents the name for each file plan descriptor column associated with a particular label."

-Represents the name for each [file plan descriptor](../resources/security-fileplandescriptor.md) column associated with a particular label.

-|displayName|String|Unique string that defines the name for each [file plan descriptor](../resources/security-fileplandescriptor.md) associated with a particular retention label.|

-description: "Represents a group of columns to improve the manageability and organization of the content you need to label."

-Represents a group of columns to improve the manageability and organization of the content you need to label.

-|Method|Return type|Description|

-|:|:|:|

-|[List authorities](../api/security-labelsroot-list-authorities.md)|[microsoft.graph.security.authorityTemplate](../resources/security-authoritytemplate.md) collection|Get the authorityTemplate resources from the authorityTemplate navigation property.|

-|[Add authorities](../api/security-labelsroot-post-authorities.md)|[microsoft.graph.security.authorityTemplate](../resources/security-authoritytemplate.md)|Add authorityTemplate by posting to the authorityTemplate collection.|

-|[Remove authorities](../api/security-labelsroot-delete-authorities.md)|None|Remove a [microsoft.graph.security.authorityTemplate](../resources/security-authoritytemplate.md) object.|

-|[List categories](../api/security-labelsroot-list-categories.md)|[microsoft.graph.security.categoryTemplate](../resources/security-categorytemplate.md) collection|Get the categoryTemplate resources from the categoryTemplate navigation property.|

-|[Add categories](../api/security-labelsroot-post-categories.md)|[microsoft.graph.security.categoryTemplate](../resources/security-categorytemplate.md)|Add categoryTemplate by posting to the categoryTemplate collection.|

-|[Remove categories](../api/security-labelsroot-delete-categories.md)|None|Remove a [microsoft.graph.security.categoryTemplate](../resources/security-categorytemplate.md) object.|

-|[List citations](../api/security-labelsroot-list-citations.md)|[microsoft.graph.security.citationTemplate](../resources/security-citationtemplate.md) collection|Get the citationTemplate resources from the citationTemplate navigation property.|

-|[Add citations](../api/security-labelsroot-post-citations.md)|[microsoft.graph.security.citationTemplate](../resources/security-citationtemplate.md)|Add citationTemplate by posting to the citationTemplate collection.|

-|[Remove citations](../api/security-labelsroot-delete-citations.md)|None|Remove a [microsoft.graph.security.citationTemplate](../resources/security-citationtemplate.md) object.|

-|[List departments](../api/security-labelsroot-list-departments.md)|[microsoft.graph.security.departmentTemplate](../resources/security-departmenttemplate.md) collection|Get the departmentTemplate resources from the departmentTemplate navigation property.|

-|[Add departments](../api/security-labelsroot-post-departments.md)|[microsoft.graph.security.departmentTemplate](../resources/security-departmenttemplate.md)|Add departmentTemplate by posting to the departmentTemplate collection.|

-|[Remove departments](../api/security-labelsroot-delete-departments.md)|None|Remove a [microsoft.graph.security.departmentTemplate](../resources/security-departmenttemplate.md) object.|

-|[List filePlanReferences](../api/security-labelsroot-list-fileplanreferences.md)|[microsoft.graph.security.filePlanReferenceTemplate](../resources/security-fileplanreferencetemplate.md) collection|Get the filePlanReferenceTemplate resources from the filePlanReferenceTemplate navigation property.|

-|[Add filePlanReferences](../api/security-labelsroot-post-fileplanreferences.md)|[microsoft.graph.security.filePlanReferenceTemplate](../resources/security-fileplanreferencetemplate.md)|Add filePlanReferenceTemplate by posting to the filePlanReferenceTemplate collection.|

-|[Remove filePlanReferences](../api/security-labelsroot-delete-fileplanreferences.md)|None|Remove a [microsoft.graph.security.filePlanReferenceTemplate](../resources/security-fileplanreferencetemplate.md) object.|

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the filePlanDescriptorTemplate column.|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the filePlanDescriptorTemplate is created.|

-|id|String|Unique ID of the filePlanDecriptorTemplate column. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-description: "Represents the file plan descriptor of type filePlanReference applied to a particular retention label."

-Represents the file plan descriptor of type filePlanReference applied to a particular retention label.

-|displayName|String|Unique string that defines a filePlanReference name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-Specifies a unique alpha-numeric identifier for an organizationΓÇÖs retention schedule.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the file plan reference. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the filePlanReference is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines a filePlanReference name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-description: "Represents the entry point for the retentionLabels resource type."

-Represents the entry point for the [retentionLabel](security-retentionlabel.md) resource type.

-Records management admins and developers need to maintain records management systems with labels that are created, updated, and deleted periodically.

-Developers and compliance admins can use the records management APIs to perform operations on records management labels in order to maintain their systems.

-When an employee leaves a company, information is updated in the HR management system. From the leave date, confidential documents need to be retained for a period for 7 years. These documents have the label `Employee_departure` applied.

-Developers and compliance administrators can use records management APIs to read the label `Employee_departure` and look up the associated event type `Event-employee_departure`.

-Compliance admins can use records management APIs to create an event for the associated event type. The retention period for the confidential documents starts after the creation of this event.

-|eventQueries|[microsoft.graph.security.eventQueries](../resources/security-eventqueries.md) collection| Represents the workload (SharePoint Online, OneDrive for Business, Exchange Online) and identification information associated with a retention event.|

- "@odata.type": "microsoft.graph.security.eventQueries"

-```

-Represents how customers can manage their data, including whether and for how long to retain or delete it.

-|actionAfterRetentionPeriod|microsoft.graph.security.actionAfterRetentionPeriod| Specifies the action to take on a document with this label applied during the retention period. The possible values are: `none`, `delete`, `startDispositionReview`, `unknownFutureValue`.|

-Represents a unique subcategory applied to a retention label.

-Represents the file plan descriptor of type subcategory for retention labels.

-|createdBy|[microsoft.graph.identitySet](/graph/api/resources/identityset)|Represents the user who created the subcategory. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|createdDateTime|DateTimeOffset|Represents the date and time in which the subcategory is created. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|displayName|String|Unique string that defines a subcategory name. Inherited from [microsoft.graph.security.filePlanDescriptor](../resources/security-fileplandescriptor.md).|

-|ID|String|Unique ID of the subcategory. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-|unknown| The simulation status is not defined. |

-|succeeded| The simulation has succeeded. |

-|failed| The simulation has failed. |

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-|unknown| The simulation content status is not defined. |

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-|unknown| The simulation content source is not defined. |

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-description: "Types of teamsAsyncOperation. Members will be added here as more async operations are supported."

-Types of [teamsAsyncOperation](teamsasyncoperation.md). Members will be added here as more async operations are supported.

-The following table lists the members of an [evolvable enumeration](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations). You must use the `Prefer: include-unknown-enum-members` request header to get the following values in this evolvable enum: `teamifyGroup`, `createChannel`, `createChat`.

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-|availabilityStatus|trainingAvailabilityStatus|Training availability status. Possible values are: `unknown`, `notAvailable`, `available`, `archive`, `delete`, `unknownFutureValue`.|

-|createdBy|[emailIdentity](../resources/emailidentity.md)|Identity of the user who created the training.|

-|createdDateTime|DateTimeOffset|Date and time when the training was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|

-|durationInMinutes|Int32|Training duration.|

-|hasEvaluation|Boolean|Indicates whether the training has any evaluation.|

-|id|String|Unique identifier for the **training** object. Inherited from [entity](../resources/entity.md).|

-|lastModifiedBy|[emailIdentity](../resources/emailidentity.md)|Identity of the user who last modified the training.|

-|lastModifiedDateTime|DateTimeOffset|Date and time when the training was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|

-|source|[simulationContentSource](../resources/simulation.md#simulationcontentsource-values)|Training content source. Possible values are: `unknown`, `global`, `tenant`, `unknownFutureValue`.|

-|supportedLocales|String collection|Supported locales for content for the associated training.|

-|languageDetails|[trainingLanguageDetail](../resources/traininglanguagedetail.md) collection|Language specific details on a training.|

-| userType | String | A String value that can be used to classify user types in your directory, such as `Member` and `Guest`. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). **NOTE:** For more information about the permissions for member and guest users, see [What are the default user permissions in Microsoft Entra ID?](/azure/active-directory/fundamentals/users-default-permissions?context=graph/context#member-and-guest-users) |

-This includes apps from the Microsoft Teams store, as well as apps from your organization's app catalog (the tenant app catalog). To get apps from your organization's app catalog only, specify `organization` as the **distributionMethod** in the request.

-> **Note**:

-The Directory.Read.All and Directory.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission and avoid using these permissions going forward.

-Using `$expand=AppDefinitions` will return more information about the state of the app, such as the **publishingState**, which reflects the app submission review status and returns whether an app has been approved, rejected, or remains under review.

-The following example lists applications with a given ID, and expands **appDefinitions** to return the **publishingState**, which reflects the app's submission review state. `Submitted` means the review is pending, `published` means the app was approved by the admin, and `rejected` means the app was rejected by the admin.

-> **Notes:**

-> - Cloud Video Interop solutions that are [Certified for Microsoft Teams](/MicrosoftTeams/cloud-video-interop) have permission to call this API to join meetings for which they have meeting join links, similar to external users joining through a browser.

-> **Note**: The Group.Read.All and Group.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams).

-In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

-In the request body, supply a JSON representation of a [chatMessage](../resources/chatmessage.md) object. Only the body property is mandatory. )ther properties are optional.

-Create a new [channel](../resources/channel.md) in a team, as specified in the request body. When you create a channel, the maximum length of the channel's `displayName` is 50 characters. This is the name that appears to the user in Microsoft Teams.

-|Application | Channel.Create.Group*, Channel.Create, Teamwork.Migrate.All, Group.ReadWrite.All, Directory.ReadWrite.All |

-> **Notes**:

-> The Group.ReadWrite.All and Directory.ReadWrite.All permissions are supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward. Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

->

-> This API supports admin permissions. Global admins and Microsoft Teams service admins can access teams that they are not a member of.

->

-> In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported

-using Teamwork.Migrate.All and/or [migration APIs](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams).

-The following example shows a request to create a private channel and add a user as an team owner.

-> **Note:**

-The TeamsAppInstallation.ReadWriteAndConsentSelfForChat and TeamsAppInstallation.ReadWriteAndConsentForChat permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-The following example gets the list of any [resource-specific permissions that were granted to an app](../resources/teamsapppermissionset.md) as part of installation. A `$select` query parameterd is required to show the consented permission set.

-> **Note:**

-The following permissions use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent):

-> **Note:** These TeamsAppInstallation.ReadWriteSelfForChat, TeamsAppInstallation.ReadWriteForChat, TeamsAppInstallation.ReadWriteSelfForChat.All, and TeamsAppInstallation.ReadWriteForChat.All permissions cannot be used to install apps that require consent to resource-specific permissions.

-The following table lists additional parameters that can be used with the request body.

-### Example 2: Install app in a chat and and consent to the resource-specific permissions required by the app

-> **Note:** The TeamsAppInstallation.ReadWriteSelfForChat, TeamsAppInstallation.ReadWriteForChat, TeamsAppInstallation.ReadWriteSelfForChat.All, and TeamsAppInstallation.ReadWriteForChat.All permissions can't be used to install apps that require consent to resource-specific permissions.

-The following table lists additional parameters that can be used with the upgrade action.

-> **Note**: The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:** The _ChannelMessage.Read.Group_ and _ChatMessage.Read.Chat_ permissions use [resource-specific consent]( https://aka.ms/teams-rsc).

-This method does not support the [OData query parameters](/graph/query-parameters) to customize the response.

-Retrieve the list of [chatMessageHostedContent](../resources/chatmessagehostedcontent.md) objects from a message. This API only lists the hosted content objects. To get the content bytes, see [get chatmessage hosted content](chatmessagehostedcontent-get.md)

-> **Note:** The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note:** The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-> **Note**: The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams).

-In the future, Microsoft may require you or your customers to pay additional fees based on the amount of data imported.

-> **Note**: The Group.ReadWrite.All permissino is supported only for backward compatibility. We recommend that you update your solutions to use the alternative permissions listed in the table.

-> **Note**: Application permissions are *only* supported for [migration](/microsoftteams/platform/graph-api/import-messages/import-external-messages-to-teams). In the future, Microsoft might require you or your customers to pay additional fees based on the amount of data imported.

-> **Note:** The Group.ReadWrite.All permission is supported only for backward compatibility. We recommend that you update your solutions to use an alternative permission listed in the previous table and avoid using these permissions going forward.

-> **Note:** The ChannelMessage.Read.Group permission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-This operation does not support the [OData query parameters](/graph/query-parameters) to customize the response.

-<!-- { "blockType": "permissions", "name": "cloudpcauditevent_getAuditActivityTypes" } -->

-<!-- { "blockType": "permissions", "name": "cloudPcOnPremisesConnection_delete" } -->

-<!-- { "blockType": "permissions", "name": "cloudPcOnPremisesConnection_get" } -->

-<!-- { "blockType": "permissions", "name": "cloudPcOnPremisesConnection_runhealthcheck" } -->

-<!-- { "blockType": "permissions", "name": "cloudPcOnPremisesConnection_update" } -->

-> **Note:** The TeamMember.Read.Group permmission uses [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

-### Request

-# [HTTP](#tab/http)

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [PowerShell](#tab/powershell)

-# [Python](#tab/python)

-### Response

-|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br>This property is used in the following scenarios: <li> If a rollover is required outside of the autorollover update <li> A new federation service is being set up <li> If the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated.<br>Microsoft Entra ID updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Microsoft Entra ID monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.|

-|isSignedAuthenticationRequestRequired|Boolean|If true, when SAML authentication requests are sent to the federated SAML IDP, Microsoft Entra ID will sign those requests using the OrgID signing key. If false (default), the SAML authentication requests sent to the federated IDP are not signed.|

-|nextSigningCertificate|String|Fallback token signing certificate that is used to sign tokens when the primary signing certificate expires. Formatted as Base64 encoded strings of the public portion of the federated IdP's token signing certificate. Needs to be compatible with the X509Certificate2 class. Much like the **signingCertificate**, the **nextSigningCertificate** property is used if a rollover is required outside of the auto-rollover update, a new federation service is being set up, or if the new token signing certificate is not present in the federation properties after the federation service certificate has been updated.|

-|isSignedAuthenticationRequestRequired|Boolean|If `true`, when SAML authentication requests are sent to the federated SAML IdP, Microsoft Entra ID will sign those requests using the OrgID signing key. If `false` (default), the SAML authentication requests sent to the federated IdP are not signed.|

-|nextSigningCertificate|String|Fallback token signing certificate that is used to sign tokens when the primary signing certificate expires. Formatted as Base64 encoded strings of the public portion of the federated IdP's token signing certificate. Needs to be compatible with the X509Certificate2 class. Much like the **signingCertificate**, the **nextSigningCertificate** property is used if a rollover is required outside of the auto-rollover update, a new federation service is being set up, or if the new token signing certificate is not present in the federation properties after the federation service certificate has been updated.|

-|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br>This property is used in the following scenarios: <li> If a rollover is required outside of the autorollover update <li> A new federation service is being set up <li> If the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated.<br>Microsoft Entra ID updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Microsoft Entra ID monitors the metadata daily and will update the federation settings for the domain when a new certificate is available. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

-| Name | Type | Description|

-|:--|:|:-|

-| Authorization | string | Bearer {token}. Required. |

-description: "Update the writable property, **color**, of the specified outlookCategory object. You can't modify the **displayName** property "

-# Update Outlook category

-Update the writable property, **color**, of the specified [outlookCategory](../resources/outlookcategory.md) object. You can't modify the **displayName** property

-once you have created the category.

-If successful, this method returns a `200 OK` response code and updated [outlookCategory](../resources/outlookcategory.md) object in the response body.

-##### Request

-##### Response

-The following example shows the response. Note: The response object shown here might be shortened for readability.

-description: "Get all the categories that have been defined for the user."

-# List Outlook categories

-Get all the categories that have been defined for the user.