+This method supports the following [OData query parameters](/graph/query-parameters).

+| Name | Description |

+|:-|:|

+| [$top](/graph/query-parameters#top-parameter)| Apply `$top` to specify the number of channel messages returned per page in the response. The default page size is 20 messages. You can extend up to 50 channel messages per page. |

+| [$expand](/graph/query-parameters#expand) | Apply `$expand` to get the properties of channel messages that are replies. By default, a response can include up to 1000 replies. For an operation that expands channel messages with more than 1000 replies, use the request URL returned in `replies@odata.nextLink` to get the next page of replies. |

+## Examples

+### Example 1: Request with $top query parameter and without optional prefer header

+#### Request

+The following is an example of the request with $top query option and without optional prefer header.

+GET https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?top=3

+### Example 2: Request with optional Prefer header

+#### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "get_listchannelmessages_2"

+}-->

+```http

+GET https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?top=3

+Prefer: include-unknown-enum-members

+```

+#### Response

+The following is an example of the response when `Prefer: include-unknown-enum-members` is provided in the request header.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chatMessage",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#teams('fbe2bf47-16c8-47cf-b4a5-4b9b187c508b')/channels('19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2')/messages",

+ "@odata.count": 3,

+ "@odata.nextLink": "https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?$skiptoken=%5b%7B%22token%22%3a%22%2bRID%3a~vpsQAJ9uAC047gwAAACcBQ%3d%3d%23RT%3a1%23TRC%3a20%23RTD%3aAyAER1ygxSHVHGAn2S99BTI6OzViOjZnOGU5ZWM1ZDVmOGdiZjk2OGNkZmNmMTczNGY3QXVpc2ZiZS91YmR3MzwyNzIyNDY2OTU0NTg6AA%3d%3d%23ISV%3a2%23IEO%3a65551%23QCF%3a3%23FPC%3aAggEAAAAcBYAABUFAADQKgAABAAAAHAWAAACALu4GwAAAHAWAAACAPSTMwAAAHAWAACaAFWa84BXgQKAEIAMgBaAE4AUgAuAAoAIwAIgACAAAiAACAABACCAAAEVgBSAI4AYgA%2bAGQAEEAAQAAEABACAAAIEEBBAACAYgB%2bAH4AbgBqACoAHwAICCBAEEIAAAgEQAACAIoAZgB2ADoAMgAKAPoAZgB2AJoAXgBIAgiAAQUqLF4AJgALACARAgBCACoAfgB6AIwABgYCQAAFXAAAAcBYAAAYA%2f50ZgGeEXwAAAHAWAAAEAPaBS4V7AAAAcBYAAAIA1aSJAAAAcBYAAAIAtLmbAAAAcBYAAAIAqKXdAAAAcBYAAAQAppUugOMAAABwFgAABADQoAWA6wAAAHAWAAAEABGl94M5AAAA0CoAAAYA6pF7iYOBaQIAANAqAAAcAEUPAMAAMAACAQCBAHQAADDAgCAAQgByAQAzUJDRBAAA0CoAAAQAETwKAA4FAADQKgAAAgBekRUFAADQKgAAHAB2pQCABYAMgJeAH4ATgAGAvIIIgASABIAFgCWA%22%2c%22range%22%3a%7B%22min%22%3a%2205C1D79B33ADE4%22%2c%22max%22%3a%2205C1D7A52F89EC%22%7D%7D%5d",

+ "value": [

+ {

+ "id": "1616965872395",

+ "replyToId": null,

+ "etag": "1616965872395",

+ "messageType": "message",

+ "createdDateTime": "2021-03-28T21:11:12.395Z",

+ "lastModifiedDateTime": "2021-03-28T21:11:12.395Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616965872395?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616965872395&parentMessageId=1616965872395",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "html",

+ "content": "Hello World <at id=\"0\">Jane Smith</at>"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [

+ {

+ "id": 0,

+ "mentionText": "Jane Smith",

+ "mentioned": {

+ "application": null,

+ "device": null,

+ "conversation": null,

+ "user": {

+ "id": "ef1c916a-3135-4417-ba27-8eb7bd084193",

+ "displayName": "Jane Smith",

+ "userIdentityType": "aadUser"

+ }

+ }

+ }

+ ],

+ "reactions": []

+ },

+ {

+ "id": "1616963377068",

+ "replyToId": null,

+ "etag": "1616963377068",

+ "messageType": "message",

+ "createdDateTime": "2021-03-28T20:29:37.068Z",

+ "lastModifiedDateTime": "2021-03-28T20:29:37.068Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": "",

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616963377068?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616963377068&parentMessageId=1616963377068",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "html",

+ "content": "<div><div><div><span><img height=\"145\" src=\"https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZC92aWV3cy9pbWdv/$value\" width=\"131\" style=\"vertical-align:bottom; width:131px; height:145px\"></span><div>&nbsp;</div></div><div><div><span><img height=\"65\" src=\"https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNC92aWV3cy9pbWdv/$value\" width=\"79\" style=\"vertical-align:bottom; width:79px; height:65px\"></span></div></div></div></div>"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ },

+ {

+ "id": "1616883610266",

+ "replyToId": null,

+ "etag": "1616883610266",

+ "messageType": "systemEventMessage",

+ "createdDateTime": "2021-03-28T03:50:10.266Z",

+ "lastModifiedDateTime": "2021-03-28T03:50:10.266Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616883610266?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616883610266&parentMessageId=1616883610266",

+ "policyViolation": null,

+ "from": null,

+ "body": {

+ "contentType": "html",

+ "content": "<systemEventMessage/>"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": [],

+ "eventDetail": {

+ "@odata.type": "#microsoft.graph.teamDescriptionUpdatedEventMessageDetail",

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "teamDescription": "Team for Microsoft Teams members",

+ "initiator": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "1fb8890f-423e-4154-8fbf-db6809bc8756",

+ "displayName": null,

+ "userIdentityType": "aadUser"

+ }

+ }

+ }

+ }

+ ]

+}

+```

+### Example 3: Request with $top and $expand query options on replies

+#### Request

+The following request uses `$top` to return one channel message per page, and `$expand` to include replies to that channel message.

+<!-- {

+ "blockType": "request",

+ "name": "get_listchannelmessages_3"

+}-->

+```http

+GET https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?$top=1&$expand=replies

+```

+#### Response

+The following response shows one channel message on the page, and includes a URL in `@odata.nextLink` for a subsequent operation to get the next message in that channel.

+The response includes replies of that channel message. In practice, this operation can return up to 1000 replies of a channel message, and includes a URL in `replies@odata.nextLink` to get any further replies beyond the page size of 1000. This example assumes more than 1000 replies in that channel message, but for readability, the following response shows only 3 replies.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chatMessage",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#teams('fbe2bf47-16c8-47cf-b4a5-4b9b187c508b')/channels('19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2')/messages",

+ "@odata.count": 1,

+ "@odata.nextLink": "https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?$skiptoken=%5b%7B%22token%22%3a%22%2bRID%3a~vpsQAJ9uAC047gwAAACcBQ%3d%3d%23RT%3a1%23TRC%3a20%23RTD%3aAyAER1ygxSHVHGAn2S99BTI6OzViOjZnOGU5ZWM1ZDVmOGdiZjk2OGNkZmNmMTczNGY3QXVpc2ZiZS91YmR3MzwyNzIyNDY2OTU0NTg6AA%3d%3d%23ISV%3a2%23IEO%3a65551%23QCF%3a3%23FPC%3aAggEAAAAcBYAABUFAADQKgAABAAAAHAWAAACALu4GwAAAHAWAAACAPSTMwAAAHAWAACaAFWa84BXgQKAEIAMgBaAE4AUgAuAAoAIwAIgACAAAiAACAABACCAAAEVgBSAI4AYgA%2bAGQAEEAAQAAEABACAAAIEEBBAACAYgB%2bAH4AbgBqACoAHwAICCBAEEIAAAgEQAACAIoAZgB2ADoAMgAKAPoAZgB2AJoAXgBIAgiAAQUqLF4AJgALACARAgBCACoAfgB6AIwABgYCQAAFXAAAAcBYAAAYA%2f50ZgGeEXwAAAHAWAAAEAPaBS4V7AAAAcBYAAAIA1aSJAAAAcBYAAAIAtLmbAAAAcBYAAAIAqKXdAAAAcBYAAAQAppUugOMAAABwFgAABADQoAWA6wAAAHAWAAAEABGl94M5AAAA0CoAAAYA6pF7iYOBaQIAANAqAAAcAEUPAMAAMAACAQCBAHQAADDAgCAAQgByAQAzUJDRBAAA0CoAAAQAETwKAA4FAADQKgAAAgBekRUFAADQKgAAHAB2pQCABYAMgJeAH4ATgAGAvIIIgASABIAFgCWA%22%2c%22range%22%3a%7B%22min%22%3a%2205C1D79B33ADE4%22%2c%22max%22%3a%2205C1D7A52F89EC%22%7D%7D%5d",

+ "value": [

+ {

+ "id": "1616963377068",

+ "replyToId": null,

+ "etag": "1616963377068",

+ "messageType": "message",

+ "createdDateTime": "2021-03-28T20:29:37.068Z",

+ "lastModifiedDateTime": "2021-03-28T20:29:37.068Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": "",

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616963377068?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616963377068&parentMessageId=1616963377068",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "html",

+ "content": "<div><div><div><span><img height=\"145\" src=\"https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZC92aWV3cy9pbWdv/$value\" width=\"131\" style=\"vertical-align:bottom; width:131px; height:145px\"></span><div>&nbsp;</div></div><div><div><span><img height=\"65\" src=\"https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNC92aWV3cy9pbWdv/$value\" width=\"79\" style=\"vertical-align:bottom; width:79px; height:65px\"></span></div></div></div></div>"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": [],

+ "replies@odata.count": 3,

+ "replies@odata.nextLink": "https://graph.microsoft.com/beta/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/replies?$skiptoken=MSwwLDE2NDQ0MzkzODAxNDU",

+ "replies": [

+ {

+ "id": "1616989753153",

+ "replyToId": "1616963377068",

+ "etag": "1616989753153",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:13.153Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:13.153Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989753153?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989753153&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply3"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ },

+ {

+ "id": "1616989750004",

+ "replyToId": "1616963377068",

+ "etag": "1616989750004",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:10.004Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:10.004Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989750004?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989750004&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply2"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ },

+ {

+ "id": "1616989747416",

+ "replyToId": "1616963377068",

+ "etag": "1616989747416",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:07.416Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:07.416Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989747416?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989747416&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply1"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ }

+ ]

+ }

+ ]

+}

+```

+- `$filter` allows returning messages that meet a certain criteria. The only property that supports filtering is `lastModifiedDateTime`, and only the **gt** operator is supported. For example, `../messages/delta?$filter=lastModifiedDateTime gt 2019-02-27T07:13:28.000z` will fetch any **reply chain (each channel post message and associated reply messages)** created or changed after the specified date time.

+- `$expand` allows expanding properties for each channel message. Only **replies** is supported. If a channel messsage contains more than 1000 replies, `replies@odata.nextLink` will be provided for pagination.

+> **Note:** For `$expand` query parameter, please refer to [List Channel Messages](channel-list-messages.md#example-3-request-with-top-and-expand-query-options-on-replies).

+Delete the definition of a [schema extension](../resources/schemaextension.md). Only the app that created the schema extension (owner app) can delete the schema extension definition, and only when the extension is in the `InDevelopment` state. Deleting a schema extension definition does not affect accessing custom data that has been added to resource instances based on that definition.

+> Additionally for the delegated flow, the signed-in user can only delete schemaExtensions they own (where the **owner** property of the schemaExtension is the **appId** of an application the signed-in user owns).

+Get a list of [schemaExtension](../resources/schemaextension.md) objects in your tenant. The schema extensions can be `InDevelopment`, `Available`, or `Deprecated` and includes schema extensions:

+|Application | Application.ReadWrite.All and Directory.ReadWrite.All |

+> Additionally for the delegated flow, the signed-in user must be the owner of the calling application OR the owner of the (application with the) **appId** used to set the **owner** property.

+Update properties in the definition of the specified [schemaExtension](../resources/schemaextension.md). Additive updates to the extension can only be made when the extension is in the `InDevelopment` or `Available` status. This means custom properties or target resource types cannot be removed from the definition, but new custom properties can be added and the description of the extension changed.

+The update applies to all the resources that are included in the **targetTypes** property of the extension. These resources are among the [supporting resource types](/graph/extensibility-overview#supported-resources).

+|Application | Application.ReadWrite.All and Directory.ReadWrite.All |

+|status|String|The lifecycle state of the schema extension. The initial state upon creation is `InDevelopment`. Possible states transitions are from `InDevelopment` to `Available` and `Available` to `Deprecated`.|

+|replies|[chatMessage](chatmessage.md)| Replies for a specified message. Supports `$expand` for channel messages. |

+> [!NOTE]

+> Microsoft also supports [dynamic distribution groups](/exchange/recipients/dynamic-distribution-groups/dynamic-distribution-groups?view=exchserver-2019) which cannot be managed or retrieved through Microsoft Graph.

+|[List](../api/schemaextension-list.md) | schemaExtension |List the available schemaExtension definitions and their properties.|

+|status|String|The lifecycle state of the schema extension. Possible states are `InDevelopment`, `Available`, and `Deprecated`. Automatically set to `InDevelopment` on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|

+|ruleId|String|The identifier of the [synchronizationRule](synchronization-synchronizationrule.md) to be applied. This rule ID is defined in the [schema for a given synchronization job or template](../api/synchronization-synchronizationschema-get.md). |

+This method supports the following [OData query parameters](/graph/query-parameters).

+| Name | Description |

+|:-|:|

+| [$top](/graph/query-parameters#top-parameter)| Apply `$top` to specify the number of channel messages returned per page in the response. The default page size is 20 messages. You can extend up to 50 channel messages per page. |

+| [$expand](/graph/query-parameters#expand) | Apply `$expand` to get the properties of channel messages that are replies. By default, a response can include up to 1000 replies. For an operation that expands channel messages with more than 1000 replies, use the request URL returned in `replies@odata.nextLink` to get the next page of replies. |

+### Example 1: Request with $top query parameter and without optional prefer header

+The following is an example of the request with $top query option and without optional prefer header.

+GET https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?top=3

+GET https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?top=3

+### Example 3: Request with $top and $expand query options on replies

+#### Request

+The following request uses `$top` to return one channel message per page, and `$expand` to include replies to that channel message.

+<!-- {

+ "blockType": "request",

+ "name": "get_listchannelmessages_3"

+}-->

+```http

+GET https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?$top=1&$expand=replies

+```

+#### Response

+The following response shows one channel message on the page, and includes a URL in `@odata.nextLink` for a subsequent operation to get the next message in that channel.

+The response includes replies of that channel message. In practice, this operation can return up to 1000 replies of a channel message, and includes a URL in `replies@odata.nextLink` to get any further replies beyond the page size of 1000. This example assumes more than 1000 replies in that channel message, but for readability, the following response shows only 3 replies.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.chatMessage",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#teams('fbe2bf47-16c8-47cf-b4a5-4b9b187c508b')/channels('19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2')/messages",

+ "@odata.count": 1,

+ "@odata.nextLink": "https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages?$skiptoken=%5b%7B%22token%22%3a%22%2bRID%3a~vpsQAJ9uAC047gwAAACcBQ%3d%3d%23RT%3a1%23TRC%3a20%23RTD%3aAyAER1ygxSHVHGAn2S99BTI6OzViOjZnOGU5ZWM1ZDVmOGdiZjk2OGNkZmNmMTczNGY3QXVpc2ZiZS91YmR3MzwyNzIyNDY2OTU0NTg6AA%3d%3d%23ISV%3a2%23IEO%3a65551%23QCF%3a3%23FPC%3aAggEAAAAcBYAABUFAADQKgAABAAAAHAWAAACALu4GwAAAHAWAAACAPSTMwAAAHAWAACaAFWa84BXgQKAEIAMgBaAE4AUgAuAAoAIwAIgACAAAiAACAABACCAAAEVgBSAI4AYgA%2bAGQAEEAAQAAEABACAAAIEEBBAACAYgB%2bAH4AbgBqACoAHwAICCBAEEIAAAgEQAACAIoAZgB2ADoAMgAKAPoAZgB2AJoAXgBIAgiAAQUqLF4AJgALACARAgBCACoAfgB6AIwABgYCQAAFXAAAAcBYAAAYA%2f50ZgGeEXwAAAHAWAAAEAPaBS4V7AAAAcBYAAAIA1aSJAAAAcBYAAAIAtLmbAAAAcBYAAAIAqKXdAAAAcBYAAAQAppUugOMAAABwFgAABADQoAWA6wAAAHAWAAAEABGl94M5AAAA0CoAAAYA6pF7iYOBaQIAANAqAAAcAEUPAMAAMAACAQCBAHQAADDAgCAAQgByAQAzUJDRBAAA0CoAAAQAETwKAA4FAADQKgAAAgBekRUFAADQKgAAHAB2pQCABYAMgJeAH4ATgAGAvIIIgASABIAFgCWA%22%2c%22range%22%3a%7B%22min%22%3a%2205C1D79B33ADE4%22%2c%22max%22%3a%2205C1D7A52F89EC%22%7D%7D%5d",

+ "value": [

+ {

+ "id": "1616963377068",

+ "replyToId": null,

+ "etag": "1616963377068",

+ "messageType": "message",

+ "createdDateTime": "2021-03-28T20:29:37.068Z",

+ "lastModifiedDateTime": "2021-03-28T20:29:37.068Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": "",

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616963377068?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616963377068&parentMessageId=1616963377068",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "html",

+ "content": "<div><div><div><span><img height=\"145\" src=\"https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kMS02YmI3Nzk3ZGU2MmRjODdjODA4YmQ1ZmI0OWM4NjI2ZC92aWV3cy9pbWdv/$value\" width=\"131\" style=\"vertical-align:bottom; width:131px; height:145px\"></span><div>&nbsp;</div></div><div><div><span><img height=\"65\" src=\"https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/hostedContents/aWQ9eF8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNCx0eXBlPTEsdXJsPWh0dHBzOi8vdXMtYXBpLmFzbS5za3lwZS5jb20vdjEvb2JqZWN0cy8wLXd1cy1kNi0xMzY3OTE4MzVlODIxOGZlMmUwZWEwYTA1ODAxNjRiNC92aWV3cy9pbWdv/$value\" width=\"79\" style=\"vertical-align:bottom; width:79px; height:65px\"></span></div></div></div></div>"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": [],

+ "replies@odata.count": 3,

+ "replies@odata.nextLink": "https://graph.microsoft.com/v1.0/teams/fbe2bf47-16c8-47cf-b4a5-4b9b187c508b/channels/19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2/messages/1616963377068/replies?$skiptoken=MSwwLDE2NDQ0MzkzODAxNDU",

+ "replies": [

+ {

+ "id": "1616989753153",

+ "replyToId": "1616963377068",

+ "etag": "1616989753153",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:13.153Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:13.153Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989753153?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989753153&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply3"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ },

+ {

+ "id": "1616989750004",

+ "replyToId": "1616963377068",

+ "etag": "1616989750004",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:10.004Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:10.004Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989750004?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989750004&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply2"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ },

+ {

+ "id": "1616989747416",

+ "replyToId": "1616963377068",

+ "etag": "1616989747416",

+ "messageType": "message",

+ "createdDateTime": "2021-03-29T03:49:07.416Z",

+ "lastModifiedDateTime": "2021-03-29T03:49:07.416Z",

+ "lastEditedDateTime": null,

+ "deletedDateTime": null,

+ "subject": null,

+ "summary": null,

+ "chatId": null,

+ "importance": "normal",

+ "locale": "en-us",

+ "webUrl": "https://teams.microsoft.com/l/message/19%3A4a95f7d8db4c4e7fae857bcebe0623e6%40thread.tacv2/1616989747416?groupId=fbe2bf47-16c8-47cf-b4a5-4b9b187c508b&tenantId=2432b57b-0abd-43db-aa7b-16eadd115d34&createdTime=1616989747416&parentMessageId=1616989510408",

+ "policyViolation": null,

+ "eventDetail": null,

+ "from": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "8ea0e38b-efb3-4757-924a-5f94061cf8c2",

+ "displayName": "Robin Kline",

+ "userIdentityType": "aadUser"

+ }

+ },

+ "body": {

+ "contentType": "text",

+ "content": "Reply1"

+ },

+ "channelIdentity": {

+ "teamId": "fbe2bf47-16c8-47cf-b4a5-4b9b187c508b",

+ "channelId": "19:4a95f7d8db4c4e7fae857bcebe0623e6@thread.tacv2"

+ },

+ "attachments": [],

+ "mentions": [],

+ "reactions": []

+ }

+ ]

+ }

+ ]

+}

+```

+- `$filter` allows returning messages that meet a certain criteria. The only property that supports filtering is `lastModifiedDateTime`, and only the **gt** operator is supported. For example, `../messages/delta?$filter=lastModifiedDateTime gt 2019-02-27T07:13:28.000z` will fetch any **reply chain (each channel post message and associated reply messages)** created or changed after the specified date time.

+- `$expand` allows expanding properties for each channel message. Only **replies** is supported. If a channel messsage contains more than 1000 replies, `replies@odata.nextLink` will be provided for pagination.

+> **Note:** For `$expand` query parameter, please refer to [List Channel Messages](channel-list-messages.md#example-3-request-with-top-and-expand-query-options-on-replies).

+ Title: "Delete samlOrWsFedExternalDomainFederation"

+description: "Delete a samlOrWsFedExternalDomainFederation object."

+ms.localizationpriority: medium

+# Delete samlOrWsFedExternalDomainFederation

+Namespace: microsoft.graph

+Delete a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following [Azure Active Directory (Azure AD) roles](/azure/active-directory/roles/permissions-reference):

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_samlorwsfedexternaldomainfederation"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/directory/federationConfigurations/96db02e2-80c1-5555-bc3a-de92ffb8c5be

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get samlOrWsFedExternalDomainFederation"

+description: "Read the properties and relationships of a samlOrWsFedExternalDomainFederation object."

+ms.localizationpriority: medium

+# Get samlOrWsFedExternalDomainFederation

+Namespace: microsoft.graph

+Read the properties and relationships of a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object for a specific [externalDomainName](../resources/externaldomainname.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.Read.All, Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.Read.All, Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following [Azure Active Directory (Azure AD) roles](/azure/active-directory/roles/permissions-reference):

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation?$filter=domains/any(x: x/id eq 'domainName-value')

+```

+## Query parameters

+This method requires the `$filter` OData query parameter. To retrieve a specific [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) filter based on [externalDomainName](../resources/externaldomainname.md), add `?$filter=domains/any(x: x/id eq 'domainName-value')`.

+For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_samlorwsfedexternaldomainfederation"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation?$filter=domains/any(x: x/id eq 'contoso.com')

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "id": "96db02e2-80c1-5555-bc3a-de92ffb8c5be",

+ "displayName": "Contoso",

+ "issuerUri": "http://contoso.com/adfs/services/trust",

+ "metadataExchangeUri": null,

+ "signingCertificate": "MIIC6DCCAdCgAwIBAgIQQ6vYJIVKQ",

+ "passiveSignInUri": "https://contoso.com/adfs/ls/",

+ "preferredAuthenticationProtocol": "saml",

+ "domains": [

+ {

+ "id": "contoso.com"

+ }

+ ]

+ }

+ ]

+}

+```

+ Title: "List domains"

+description: "Get the list of all externalDomainName objects for a samlOrWsFedExternalDomainFederation."

+ms.localizationpriority: medium

+# List domains

+Namespace: microsoft.graph

+Get the list of all [externalDomainName](../resources/externaldomainname.md) objects for a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.Read.All, Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.Read.All, Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following [Azure Active Directory (Azure AD) roles](/azure/active-directory/roles/permissions-reference):

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}/domains

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [externalDomainName](../resources/externaldomainname.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_externaldomainname"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/f1e11a04-0244-4592-99df-b01cfaadce15/domains

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.externalDomainName)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft-ppe.com/beta/$metadata#directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation('f1e11a04-0244-4592-99df-b01cfaadce15')/domains",

+ "value": [

+ {

+ "id": "fabrikam.com"

+ },

+ {

+ "id": "contoso.com"

+ }

+ ]

+}

+```

+ Title: "List samlOrWsFedExternalDomainFederations"

+description: "Get a list of the samlOrWsFedExternalDomainFederation objects and their properties."

+ms.localizationpriority: medium

+# List samlOrWsFedExternalDomainFederations

+Namespace: microsoft.graph

+Get a list of the [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.Read.All, Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.Read.All, Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following roles:

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_samlorwsfedexternaldomainfederation"

+}

+-->

+``` http

+GET https://graph.microsoft.com/v1.0/directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.samlOrWsFedExternalDomainFederation)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "id": "96db02e2-80c1-5555-bc3a-de92ffb8c5be",

+ "displayName": "Contoso",

+ "issuerUri": "http://contoso.com/adfs/services/trust",

+ "metadataExchangeUri": null,

+ "signingCertificate": "MIIC6DCCAdCgAwIBAgIQQ6vYJIVKQ",

+ "passiveSignInUri": "https://contoso.com/adfs/ls/",

+ "preferredAuthenticationProtocol": "saml",

+ "domains": [

+ {

+ "id": "contoso.com"

+ }

+ ]

+ },

+ {

+ "id": "fa421032-5d40-5555-a428-a304b4bc18b6",

+ "displayName": "Fabrikam",

+ "issuerUri": "https://fabrikam.com/o/saml2?idpid=C018555d",

+ "metadataExchangeUri": null,

+ "signingCertificate": "MIIDdDCCAlygAwIBAgIGAXowJih/",

+ "passiveSignInUri": "https://fabrikam.com/o/saml2/saml2?idpid=C018555d",

+ "preferredAuthenticationProtocol": "wsFed",

+ "domains": [

+ {

+ "id": "fabrikam.com",

+ }

+ ]

+ }

+ ]

+}

+```

+ Title: "Create externalDomainName"

+description: "Create a new externalDomainName object."

+ms.localizationpriority: medium

+# Create externalDomainName

+Namespace: microsoft.graph

+Add multiple domains to your SAML or WS-Fed based configuration by creating a new [externalDomainName](../resources/externaldomainname.md) object and add it to an existing [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following [Azure Active Directory (Azure AD) roles](/azure/active-directory/roles/permissions-reference):

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}/microsoft.graph.samlOrWsFedExternalDomainFederation/domains

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [externalDomainName](../resources/externaldomainname.md) object.

+The following table shows the properties that are required when you create the [externalDomainName](../resources/externaldomainname.md).

+|Property|Type|Description|

+|:|:|:|

+|id|String|Domain name of the external organization you want to add to your [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md). Inherited from [entity](../resources/entity.md).|

+## Response

+If successful, this method returns a `201 Created` response code and an [externalDomainName](../resources/externaldomainname.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "create_externaldomainname_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/directory/federationConfigurations/d5a56845-6845-d5a5-4568-a5d54568a5d5/microsoft.graph.samlOrWsFedExternalDomainFederation/domains

+Content-Type: application/json

+{

+ "@odata.type": "microsoft.graph.externalDomainName",

+ "id": "contososuites.com"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.externalDomainName"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalDomainName",

+ "id": "contososuites.com"

+}

+```

+ Title: "Create samlOrWsFedExternalDomainFederation"

+description: "Create a new samlOrWsFedExternalDomainFederation object."

+ms.localizationpriority: medium

+# Create samlOrWsFedExternalDomainFederation

+Namespace: microsoft.graph

+Create a new [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.Read.All, Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.Read.All, Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following roles:

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /directory/federationConfigurations

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.

+The following table shows the properties that are required when you create the [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md).

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name of the SAML/WS-Fed based identity provider. Inherited from [identityProviderBase](../resources/identityproviderbase.md).|

+|issuerUri|String|Issuer URI of the federation server. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|metadataExchangeUri|String|URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|passiveSignInUri|String|URI that web-based clients are directed to when signing in to Azure AD services. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|preferredAuthenticationProtocol|authenticationProtocol|Preferred authentication protocol. The possible values are: `wsFed`, `saml`. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br/><br/> This property is used in the following scenarios: <ul><li> if a rollover is required outside of the autorollover update <li>a new federation service is being set up <li> if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. </ul> <br/><br/> Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.|

+## Response

+If successful, this method returns a `201 Created` response code and a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "create_samlorwsfedexternaldomainfederation_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/directory/federationConfigurations

+Content-Type: application/json

+{

+ "@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation",

+ "issuerUri": "https://contoso.com/issuerUri",

+ "displayName": "contoso display name",

+ "metadataExchangeUri": "https://contoso.com/metadataExchangeUri",

+ "passiveSignInUri": "https://contoso.com/signin",

+ "preferredAuthenticationProtocol": "wsFed",

+ "domains": [

+ {

+ "@odata.type": "microsoft.graph.externalDomainName",

+ "id": "contoso.com"

+ }

+ ],

+ "signingCertificate": "MIIDADCCAeigAwIBAgIQEX41y8r6"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.identityProviderBase"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "id": "3c41f317-9af3-4266-8ccf-26283ceec888",

+ "displayName": "contoso display name"

+}

+```

+ Title: "Update samlOrWsFedExternalDomainFederation"

+description: "Update the properties of a samlOrWsFedExternalDomainFederation object."

+ms.localizationpriority: medium

+# Update samlOrWsFedExternalDomainFederation

+Namespace: microsoft.graph

+Update the properties of a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account)|Domain.ReadWrite.All|

+|Delegated (personal Microsoft account)| Not supported.|

+|Application|Domain.ReadWrite.All|

+The work or school account needs to belong to one of the following [Azure Active Directory (Azure AD) roles](/azure/active-directory/roles/permissions-reference):

+* Global Administrator

+* External Identity Provider Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, provide a JSON object with one or more properties that need to be updated for a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object in Azure AD tenant.

+The following table shows the properties that you may update for a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name of the SAML/WS-Fed based identity provider. Inherited from [identityProviderBase](../resources/identityproviderbase.md).|

+|issuerUri|String|Issuer URI of the federation server. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|metadataExchangeUri|String|URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|passiveSignInUri|String|URI that web-based clients are directed to when signing in to Azure AD services. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|preferredAuthenticationProtocol|authenticationProtocol|Preferred authentication protocol. The possible values are: `wsFed`, `saml`. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br/><br/> This property is used in the following scenarios: <ul><li> if a rollover is required outside of the autorollover update <li>a new federation service is being set up <li> if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. </ul> <br/><br/> Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "update_samlorwsfedexternaldomainfederation"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation/d5a56845-6845-d5a5-4568-a5d54568a5d5

+Content-Type: application/json

+{

+ "displayName": "Contoso name change",

+ "issuerUri": "http://contoso-test.com/adfs/services/trust",

+ "metadataExchangeUri": null,

+ "signingCertificate": "M66C6DCCAdCgAwIBAgIQQ6vYJIVKQ",

+ "passiveSignInUri": "https://contoso-test.com/adfs/ls/",

+ "preferredAuthenticationProtocol": "wsFed"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "d5a56845-6845-d5a5-4568-a5d54568a5d5",

+ "displayName": "Contoso name change",

+ "issuerUri": "http://contoso-test.com/adfs/services/trust",

+ "metadataExchangeUri": null,

+ "signingCertificate": "M66C6DCCAdCgAwIBAgIQQ6vYJIVKQ",

+ "passiveSignInUri": "https://contoso-test.com/adfs/ls/",

+ "preferredAuthenticationProtocol": "wsFed",

+ "domains": [

+ {

+ "id": "contoso.com"

+ }

+ ]

+}

+```

+Delete the definition of a [schema extension](../resources/schemaextension.md). Only the app that created the schema extension (owner app) can delete the schema extension definition, and only when the extension is in the `InDevelopment` state. Deleting a schema extension definition does not affect accessing custom data that has been added to resource instances based on that definition.

+|Application | Application.ReadWrite.All and Directory.ReadWrite.All |

+Get a list of [schemaExtension](../resources/schemaextension.md) objects in your tenant. The schema extensions can be `InDevelopment`, `Available`, or `Deprecated` and includes schema extensions:

+|Application | Application.ReadWrite.All and Directory.ReadWrite.All |

+> Additionally for the delegated flow, the signed-in user must be the owner of the calling application OR the owner of the (application with the) **appId** used to set the **owner** property.

+Update properties in the definition of the specified [schemaExtension](../resources/schemaextension.md). Additive updates to the extension can only be made when the extension is in the `InDevelopment` or `Available` status. This means custom properties or target resource types cannot be removed from the definition, but new custom properties can be added and the description of the extension changed.

+The update applies to all the resources that are included in the **targetTypes** property of the extension. These resources are among the [supporting resource types](/graph/extensibility-overview#supported-resources).

+|Application | Application.ReadWrite.All and Directory.ReadWrite.All |

+|status|String|The lifecycle state of the schema extension. The initial state upon creation is `InDevelopment`. Possible states transitions are from `InDevelopment` to `Available` and `Available` to `Deprecated`.|

+|replies|[chatMessage](chatmessage.md)| Replies for a specified message. Supports `$expand` for channel messages. |

+|federationConfigurations|[identityProviderBase](../resources/identityproviderbase.md) collection|Configure domain federation with organizations whose identity provider (IdP) supports either the SAML or WS-Fed protocol.|

+### authenticationProtocol values

+|Member|

+|:|

+|wsFed|

+|saml|

+ Title: "externalDomainName resource type"

+description: "Domain name of the external organization that an Azure Active Directory (Azure AD) tenant acting as the resource tenant is federating with."

+ms.localizationpriority: medium

+# externalDomainName resource type

+Namespace: microsoft.graph

+Represents the domain name of the external organization that an Azure Active Directory (Azure AD) tenant acting as the resource tenant is federating with.

+Inherits from [entity](../resources/entity.md).

+## Methods

+None.

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|id|String|Domain name of the external organization that the Azure AD tenant is federating with. Inherited from [entity](../resources/entity.md).|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.externalDomainName",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.externalDomainName",

+ "id": "String (identifier)"

+}

+```

+> [!NOTE]

+> Microsoft also supports [dynamic distribution groups](/exchange/recipients/dynamic-distribution-groups/dynamic-distribution-groups?view=exchserver-2019) which cannot be managed or retrieved through Microsoft Graph.

+ Title: "samlOrWsFedExternalDomainFederation resource type"

+description: "Represents a way to federate your Azure AD tenant with an external organization whose identity provider supports the SAML or WS-Fed protocol."

+ms.localizationpriority: medium

+# samlOrWsFedExternalDomainFederation resource type

+Namespace: microsoft.graph

+Allows an Azure Active Directory (Azure AD) tenant to federate with an external organization whose identity provider (IdP) supports either the SAML or WS-Fed protocol. This enables the Azure AD tenant to allow guest users to access its resources. For more information on SAML or WS-Fed IdP federation, see [Federation with SAML or WS-Fed identity providers for guest users](/azure/active-directory/external-identities/direct-federation).

+Inherits from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List samlOrWsFedExternalDomainFederations](../api/samlorwsfedexternaldomainfederation-list.md)|[samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) collection|Get a list of the [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) objects and their properties.|

+|[Create samlOrWsFedExternalDomainFederation](../api/samlorwsfedexternaldomainfederation-post.md)|[samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md)|Create a new [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.|

+|[Get samlOrWsFedExternalDomainFederation](../api/samlorwsfedexternaldomainfederation-get.md)|[samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md)|Read the properties and relationships of a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.|

+|[Update samlOrWsFedExternalDomainFederation](../api/samlorwsfedexternaldomainfederation-update.md)|[samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md)|Update the properties of a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.|

+|[Delete samlOrWsFedExternalDomainFederation](../api/samlorwsfedexternaldomainfederation-delete.md)|None|Deletes a [samlOrWsFedExternalDomainFederation](../resources/samlorwsfedexternaldomainfederation.md) object.|

+|[List domains](../api/samlorwsfedexternaldomainfederation-list-domains.md)|[externalDomainName](../resources/externaldomainname.md) collection|Get the externalDomainName resources from the domains navigation property.|

+|[Create externalDomainName](../api/samlorwsfedexternaldomainfederation-post-domains.md)|[externalDomainName](../resources/externaldomainname.md)|Create a new externalDomainName object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name of the SAML or WS-Fed based IdP. Inherited from [identityProviderBase](../resources/identityproviderbase.md).|

+|id|String|The identifier of the identity provider. Inherited from [entity](../resources/entity.md).|

+|issuerUri|String|Issuer URI of the federation server. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|metadataExchangeUri|String|URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|passiveSignInUri|String|URI that web-based clients are directed to when signing in to Azure AD services. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|preferredAuthenticationProtocol|authenticationProtocol|Preferred authentication protocol. The possible values are: `wsFed`, `saml`, `unknownFutureValue`. Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br/><br/> This property is used in the following scenarios: <ul><li> if a rollover is required outside of the autorollover update <li>a new federation service is being set up <li> if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. </ul> <br/><br/> Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available. <br/><br/> Inherited from [samlOrWsFedProvider](../resources/samlorwsfedprovider.md).|

+## Relationships

+|Relationship|Type|Description|

+|:|:|:|

+|domains|[externalDomainName](../resources/externaldomainname.md) collection|Collection of domain names of the external organizations that the tenant is federating with. Supports `$filter` (`eq`).|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation",

+ "baseType": "microsoft.graph.samlOrWsFedProvider",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.samlOrWsFedExternalDomainFederation",

+ "id": "String (identifier)",

+ "displayName": "String",

+ "issuerUri": "String",

+ "metadataExchangeUri": "String",

+ "signingCertificate": "String",

+ "passiveSignInUri": "String",

+ "preferredAuthenticationProtocol": "String"

+}

+```

+ Title: "samlOrWsFedProvider resource type"

+description: "Configuration details for setting up a SAML or WS-Fed based identity provider."

+ms.localizationpriority: medium

+# samlOrWsFedProvider resource type

+Namespace: microsoft.graph

+An abstract type that provides configuration details for setting up a SAML or WS-Fed external domain-based identity provider (IdP).

+Inherits from [identityProviderBase](../resources/identityproviderbase.md).

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name of the SAML/WS-Fed based identity provider. Inherited from [identityProviderBase](../resources/identityproviderbase.md).|

+|id|String|The identifier of the identity provider. Inherited from [entity](../resources/entity.md).|

+|issuerUri|String|Issuer URI of the federation server.|

+|metadataExchangeUri|String|URI of the metadata exchange endpoint used for authentication from rich client applications.|

+|metadataExchangeUri|String|URI of the metadata exchange endpoint used for authentication from rich client applications.|

+|passiveSignInUri|String|URI that web-based clients are directed to when signing in to Azure Active Directory (Azure AD) services.|

+|preferredAuthenticationProtocol|authenticationProtocol|Preferred authentication protocol. The possible values are: `wsFed`, `saml`, `unknownFutureValue`.|

+|signingCertificate|String|Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. <br/><br/> This property is used in the following scenarios: <ul><li> if a rollover is required outside of the autorollover update <li>a new federation service is being set up <li> if the new token signing certificate isn't present in the federation properties after the federation service certificate has been updated. </ul> <br/><br/> Azure AD updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Azure AD monitors the metadata daily and will update the federation settings for the domain when a new certificate is available.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.samlOrWsFedProvider",

+ "baseType": "microsoft.graph.identityProviderBase",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.samlOrWsFedProvider",

+ "id": "String (identifier)",

+ "displayName": "String",

+ "issuerUri": "String",

+ "metadataExchangeUri": "String",

+ "signingCertificate": "String",

+ "passiveSignInUri": "String",

+ "preferredAuthenticationProtocol": "String"

+}

+```

+|status|String|The lifecycle state of the schema extension. Possible states are `InDevelopment`, `Available`, and `Deprecated`. Automatically set to `InDevelopment` on creation. [Schema extensions](/graph/extensibility-overview#schema-extensions) provides more information on the possible state transitions and behaviors. Supports `$filter` (`eq`).|

+ - name: External identities

+ items:

+ - name: Built-in identity provider type

+ href: resources/builtinidentityprovider.md

+ - name: Social identity provider type

+ href: resources/socialidentityprovider.md

+ - name: Apple identity provider type

+ href: resources/applemanagedidentityprovider.md

+ - name: List available identity providers

+ href: api/identityproviderbase-availableprovidertypes.md

+ - name: List configured identity providers

+ href: api/identitycontainer-list-identityproviders.md

+ - name: Create identity provider

+ href: api/identitycontainer-post-identityproviders.md

+ - name: Get identity provider

+ href: api/identityproviderbase-get.md

+ - name: Update identity provider

+ href: api/identityproviderbase-update.md

+ - name: Delete identity provider

+ href: api/identityproviderbase-delete.md

+ - name: Domain-based external identities

+ items:

+ - name: SAML/Ws-Fed external domain federation

+ href: resources/samlorwsfedexternaldomainfederation.md

+ - name: List federated configurations

+ href: api/samlorwsfedexternaldomainfederation-list.md

+ - name: Get federated configuration

+ href: api/samlorwsfedexternaldomainfederation-get.md

+ - name: Create federated configuration

+ href: api/samlorwsfedexternaldomainfederation-post.md

+ - name: Update federated configuration

+ href: api/samlorwsfedexternaldomainfederation-update.md

+ - name: Delete federated configuration

+ href: api/samlorwsfedexternaldomainfederation-delete.md

+ - name: List domains

+ href: api/samlorwsfedexternaldomainfederation-list-domains.md

+ - name: Create externalDomainName

+ href: api/samlorwsfedexternaldomainfederation-post-domains.md