Updates from: 05/20/2021 03:06:31
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accessreviewscheduledefinition Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-create.md
- Title: "Create accessReviewScheduleDefinition"
-description: "Create a new accessReviewScheduleDefinition object."
-localization_priority: Normal
-
-doc_type: apiPageType
--
-# Create accessReviewScheduleDefinition
-
-Namespace: microsoft.graph
--
-Create a new [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
-
-## Permissions
-
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | AccessReview.ReadWrite.All |
-|Delegated (personal Microsoft account)|Not supported.|
-|Application | AccessReview.ReadWrite.All |
-
-The signed-in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-root.md).
-
-## HTTP request
-<!-- { "blockType": "ignored" } -->
-```http
-POST /identityGovernance/accessReviews/definitions
-```
-## Request headers
-| Name | Description |
-|:-|:|
-|Authorization|Bearer {token}. Required.|
-| Content-type | application/json. Required. |
-
-## Request body
-In the request body, supply a JSON representation of an [accessReview](../resources/accessreview.md) object.
-
-The following table shows the properties accepted to create an accessReview.
-
-| Property | Type | Description |
-|:-|:|:|
-| displayName | String | Name of access review series. Required.|
-| descriptionForAdmins | string | Context of the review provided to admins. Required. |
- descriptionForReviewers | string | Context of the review provided to reviewers. Required. |
-| scope | [accessReviewScope](../resources/accessreviewscope.md) | Defines the scope of users reviewed in a group. See [accessReviewScope](../resources/accessreviewscheduledefinition.md). Required.|
-| instanceEnumerationScope | [accessReviewScope](../resources/accessreviewscope.md) | In the case of an all groups review, this determines the scope of which groups will be reviewed. See [accessReviewScope](../resources/accessreviewscheduledefinition.md). |
-| settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series. Recurrence is determined here. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
-| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
--
-## Response
-If successful, this method returns a `201, Created` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
-
-## Examples
-
-This is an example of creating an access review series with a specific user, whose user object id is 7eae4444-d425-48b2-adf2-3c777f6256f3, as the reviewer. The review reviews all members of a specific group, whose group object id is b7a059cb-038a-4802-8fc9-b9d1ed0c4444. It recurs weekly.
-
-### Request
-In the request body, supply a JSON representation of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
--
-# [HTTP](#tab/http)
-<!-- {
- "blockType": "request",
- "name": "create_accessReviewScheduleDefinition"
-}-->
-```http
-POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
-Content-type: application/json
-
-{
- "displayName": "Test create",
- "descriptionForAdmins": "New scheduled access review",
- "descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
- "scope": {
- "query": "/groups/b7a059cb-038a-4802-8fc9-b9d1ed0c4444/transitiveMembers",
- "queryType": "MicrosoftGraph"
- },
- "reviewers": [
- {
- "query": "/users/7eae4444-d425-48b2-adf2-3c777f6256f3",
- "queryType": "MicrosoftGraph",
- "queryRoot": "decisions"
- }
- ],
- "settings": {
- "mailNotificationsEnabled": true,
- "reminderNotificationsEnabled": true,
- "justificationRequiredOnApproval": true,
- "defaultDecisionEnabled": false,
- "defaultDecision": "None",
- "instanceDurationInDays": 1,
- "autoApplyDecisionsEnabled": false,
- "recommendationsEnabled": true,
- "recurrence": {
- "pattern": {
- "type": "weekly",
- "interval": 1
- },
- "range": {
- "type": "noEnd",
- "startDate": "2020-09-08T12:02:30.667Z"
- }
- }
- }
-}
-```
-# [JavaScript](#tab/javascript)
-
-# [C#](#tab/csharp)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
----
-### Response
->**Note:** The response object shown here might be shortened for readability.
-<!-- {
- "blockType": "response",
- "truncated": true,
- "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
-} -->
-```http
-HTTP/1.1 201 Created
-Content-type: application/json
-
-{
- "id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
- "displayName": "Test create",
- "createdDateTime": "0001-01-01T00:00:00Z",
- "lastModifiedDateTime": "0001-01-01T00:00:00Z",
- "status": "NotStarted",
- "descriptionForAdmins": "Test create",
- "descriptionForReviewers": "Test create",
- "instanceEnumerationScope": null,
- "createdBy": {
- "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "admin@contoso.com"
- },
- "scope": {
- "query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
- "queryType": "MicrosoftGraph"
- },
- "reviewers": [
- {
- "query": "/users/7eae986b-d425-48b2-adf2-3c777f4444f3",
- "queryType": "MicrosoftGraph",
- "queryRoot": "decisions"
- }
- ],
- "settings": {
- "mailNotificationsEnabled": true,
- "reminderNotificationsEnabled": true,
- "justificationRequiredOnApproval": true,
- "defaultDecisionEnabled": false,
- "defaultDecision": "None",
- "instanceDurationInDays": 1,
- "autoApplyDecisionsEnabled": false,
- "recommendationsEnabled": true,
- "recurrence": {
- "pattern": {
- "type": "weekly",
- "interval": 1,
- "month": 0,
- "dayOfMonth": 0,
- "daysOfWeek": [],
- "firstDayOfWeek": "sunday",
- "index": "first"
- },
- "range": {
- "type": "noEnd",
- "numberOfOccurrences": 0,
- "recurrenceTimeZone": null,
- "startDate": "2020-09-08",
- "endDate": null
- }
- },
- "applyActions": []
- }
-}
-```
-
-<!--
-{
- "type": "#page.annotation",
- "description": "Create accessReviewScheduleDefinition",
- "keywords": "",
- "section": "documentation",
- "tocPath": "",
- "suppressions": [
- ]
-}
>
v1.0 Accessreviewscheduledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-get.md
Content-type: application/json
{ "id": "60860cdd-fb4d-4054-91ba-f7544443baa6", "displayName": "Test world",
- "createdDateTime": "2020-09-14T20:03:36.7391027Z",
- "lastModifiedDateTime": "2020-09-14T20:04:28Z",
"status": "InProgress",
- "descriptionForAdmins": "",
- "descriptionForReviewers": "",
- "createdBy": {
- "id": "957f1027-c0ee-460d-4444-b8828e59e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "admin@contoso.com"
- },
"scope": { "query": "/groups/b7a059cb-038a-4802-8fc9-b944440cf11f/transitiveMembers", "queryType": "MicrosoftGraph"
Content-type: application/json
## See also -- [Create accessReviewScheduleDefinition](accessreviewscheduledefinition-create.md)
+- [Create accessReviewScheduleDefinition](accessreviewscheduledefinition-post.md)
- [List accessReviewScheduleDefinition](accessreviewscheduledefinition-list.md) - [List accessReviewInstance](accessreviewinstance-list.md)
v1.0 Accessreviewscheduledefinition List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-list.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects. A list of zero or more accessReviewScheduleDefinition objects are returned, including all of their nested properties, for each access review series created. This does not include associated accessReviewInstances.
+Retrieve the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects. A list of zero or more accessReviewScheduleDefinition objects are returned, including all of their nested properties, for each access review series created. This does not include the associated accessReviewInstance objects.
>[!NOTE]
->If many **accessReviewScheduleDefinitions** are returned, to improve efficiency and avoid timeouts, retrieve the result set in pages, by including both the $top query parameter with a page size of at most 100, and the $skip=0 query parameter in the request. When a result set spans multiple pages, Microsoft Graph returns that page with an @odata.nextLink property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the @odata.nextLink URL in each response, until all the results are returned, as described in paging Microsoft Graph data in your app.
->
->If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
-
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account)|Not supported.| |Application | AccessReview.Read.All, AccessReview.ReadWrite.All |
- The signed-in user must also be in a directory role that permits them to read an access review.
+ The signed-in user must also be in a directory role that permits them to read an access review. See access review [role and application permission authorization checks](../resources/accessreviewsv2-root.md#role-and-application-permission-authorization-checks).
## HTTP request+
+To list all your accessReviewScheduleDefinitions:
+ <!-- { "blockType": "ignored" } --> ```http GET /identityGovernance/accessReviews/definitions ```+
+## Optional query parameters
+This method supports the `$select`, `$top`, `$skip`, and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+### Use the $filter query parameter
+The `$filter` query parameter with the `contains` operator is supported on the **scope** property of accessReviewScheduleDefinition. Use the following format for the request:
+
+```http
+GET /identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
+```
+
+The value of `{object}` can be one of the following:
+
+|Value|Description|
+|: |: |
+|`/groups` |List every accessReviewScheduleDefinition on individual groups (excludes definitions scoped to all Microsoft 365 groups with guest users).|
+|`/groups/{group id}` |List every accessReviewScheduleDefinition on a specific group (excludes definitions scoped to all Microsoft 365 groups with guest users).|
+|`./members` |List every accessReviewScheduleDefinition scoped to all Microsoft 365 groups with guest users.|
+|`accessPackageAssignments` |List every accessReviewScheduleDefinition on an access package.|
+|`roleAssignmentScheduleInstances` |List every accessReviewScheduleDefinition for service principals assigned to a privileged role.|
+
+The `$filter` query parameter is not supported on **accessReviewInactiveUserQueryScope** or **principalResourceMembershipScope**.
++ ## Request headers None.
Do not supply a request body.
If successful, this method returns a `200 OK` response code and an array of [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects in the response body. ## Examples
-### Request
-The following example shows a request to retrieve all the access review series in a tenant.
+### Example 1: List the first one hundred access review definitions
+
+#### Request
# [HTTP](#tab/http) <!-- {
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
--
-### Response
+#### Response
>**Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
HTTP/1.1 200 OK
Content-type: application/json {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions",
"@odata.count": 1, "value": [ { "id": "98dcebed-c7f6-46f4-bcf3-4a3fccdb3e2a", "displayName": "Access Review",
- "createdDateTime": "2020-09-09T14:27:59Z",
- "lastModifiedDateTime": "2020-09-11T12:02:50Z",
- "status": "InProgress",
- "descriptionForAdmins": "",
- "descriptionForReviewers": "",
- "createdBy": {
- "id": "957f1027-c0ee-460d-9269-b8828e59e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "admin@contoso.com"
- },
"scope": { "query": "/groups/119cc181-22f0-4e18-8537-264e7524ee0b/transitiveMembers", "queryType": "MicrosoftGraph"
Content-type: application/json
} ``` +
+### Example 2: Retrieve all access review definitions scoped to all Microsoft 365 groups in a tenant
+
+#### Request
+The following example shows a request to retrieve all the access review series scoped to all Microsoft 365 groups in a tenant.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_accessReviewScheduleDefinition_allgroups"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com//beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition",
+ "isCollection": "true"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "cc701697-762c-439a-81f5-f58d680fde76",
+ "displayName": "Review guest access across Microsoft 365 groups",
+ "status": "InProgress",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph"
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified'))&$count=true",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Recommendation",
+ "instanceDurationInDays": 25,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 3,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-04-27",
+ "endDate": "9999-12-31"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ },
+ "instances@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('cc701697-762c-439a-81f5-f58d680fde76')/instances",
+ "instances": []
+ }
+ ]
+}
+
+```
++ ## See also - [Get accessReviewScheduleDefinition](accessreviewscheduledefinition-get.md)
v1.0 Accessreviewscheduledefinition Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-post.md
+
+ Title: "Create accessReviewScheduleDefinition"
+description: "Create a new accessReviewScheduleDefinition object."
+localization_priority: Normal
+++
+# Create accessReviewScheduleDefinition
+
+Namespace: microsoft.graph
++
+Create a new [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AccessReview.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application | AccessReview.ReadWrite.All |
+
+The signed-in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-root.md).
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /identityGovernance/accessReviews/definitions
+```
+## Request headers
+| Name | Description |
+|:-|:|
+|Authorization|Bearer {token}. Required.|
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [accessReview](../resources/accessreview.md) object.
+
+The following table shows the properties accepted to create an accessReview.
+
+| Property | Type | Description |
+|:-|:|:|
+| displayName | String | Name of access review series. Required.|
+| descriptionForAdmins | string | Context of the review provided to admins. Required. |
+ descriptionForReviewers | string | Context of the review provided to reviewers. Required. |
+| scope | [accessReviewScope](../resources/accessreviewscope.md) | Defines the scope of users reviewed in a group. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept). Required.|
+| instanceEnumerationScope | [accessReviewScope](../resources/accessreviewscope.md) | In the case of an all groups review, this determines the scope of which groups will be reviewed. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept).|
+| settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series. Recurrence is determined here. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
+| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
++
+## Response
+If successful, this method returns a `201 Created` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
+
+## Examples
+
+### Example 1: Create an access review on a group
+
+This is an example of creating an access review with the following settings:
++ The review reviews all members of a group, whose group **id** is `02f3bafb-448c-487c-88c2-5fd65ce49a41`.++ A specific user, whose user **id** is `398164b1-5196-49dd-ada2-364b49f99b27` is the reviewer.++ It recurs weekly and continues indefinitely.+
+#### Request
+In the request body, supply a JSON representation of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition"
+}-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Test create",
+ "descriptionForAdmins": "New scheduled access review",
+ "descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
+ "scope": {
+ "query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 1,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2020-09-08T12:02:30.667Z"
+ }
+ }
+ }
+}
+```
+# [JavaScript](#tab/javascript)
+
+# [C#](#tab/csharp)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
+ "displayName": "Test create",
+ "createdDateTime": "0001-01-01T00:00:00Z",
+ "lastModifiedDateTime": "0001-01-01T00:00:00Z",
+ "status": "NotStarted",
+ "descriptionForAdmins": "Test create",
+ "descriptionForReviewers": "Test create",
+ "instanceEnumerationScope": null,
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scope": {
+ "query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "/users/7eae986b-d425-48b2-adf2-3c777f4444f3",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 1,
+ "autoApplyDecisionsEnabled": false,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "noEnd",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2020-09-08",
+ "endDate": null
+ }
+ },
+ "applyActions": []
+ }
+}
+```
+
+### Example 2: Create an access review on all teams with inactive guest users
+
+This is an example of creating an access review with the following settings:
++ The review reviews all teams with inactive guest users. The period of inactivity is 30 days from the start date of the access review.++ The group owners are the reviewers and fallback reviewers are assigned.++ It recurs on the third day of every quarter and continues indefinitely.++ **autoApplyDecisionsEnabled** is set to `true` with the **defaultDecision** set to `Deny`.+
+#### Request
+In the request body, supply a JSON representation of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition_inactiveguests_M365"
+}-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Review inactive guests on teams",
+ "descriptionForAdmins": "Control guest user access to our teams.",
+ "descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
+ "queryType": "MicrosoftGraph"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "inactiveDuration": "P30D"
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "recommendationsEnabled": true,
+ "instanceDurationInDays": 3,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "dayOfMonth": "5",
+ "interval": 3
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2020-05-04T00:00:00.000Z"
+ }
+ },
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Deny",
+ "autoApplyDecisionsEnabled": true
+ }
+}
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions/$entity",
+ "id": "b0966e21-a01e-43c9-8f8b-9ba30ed5710a",
+ "displayName": "Review inactive guests on teams",
+ "createdDateTime": "2021-05-04T18:27:02.6719849Z",
+ "lastModifiedDateTime": "2021-05-04T18:27:24.0889623Z",
+ "status": "InProgress",
+ "descriptionForAdmins": "Control guest user access to our teams.",
+ "descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
+ "createdBy": {
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null,
+ "inactiveDuration": "P30D"
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team'))&$count=true",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Deny",
+ "instanceDurationInDays": 3,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 3,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-05-05",
+ "endDate": "9999-12-31"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ }
+}
+```
+
+### Example 3: Create an access review of all users to an application
+
+This is an example of creating an access review with the following settings:
++ The review reviews user access to an application.++ The people managers are the reviewers and fallback reviewers are the members of a group.++ It recurs semi-annually and ends 1 year from the startDate.+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition_allusers_M365_AADRole"
+}-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Review employee access to LinkedIn",
+ "descriptionForAdmins": "Review employee access to LinkedIn",
+ "scope": {
+ "@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
+ "principalScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/users",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "resourceScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
+ "queryType": "MicrosoftGraph"
+ }
+ ]
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Recommendation",
+ "instanceDurationInDays": 180,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 6,
+ "dayOfMonth": 0
+ },
+ "range": {
+ "type": "numbered",
+ "startDate": "2021-05-05",
+ "endDate": "2022-05-05"
+ }
+ }
+ }
+}
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions/$entity",
+ "id": "1f79f34b-8667-40d9-875c-893b630b3dec",
+ "scope": {
+ "@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
+ "principalScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/users",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "resourceScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ]
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "settings": {
+ "instanceDurationInDays": 180,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 6,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-05-05",
+ "endDate": "2022-05-05"
+ }
+ }
+ }
+}
+```
++
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create accessReviewScheduleDefinition",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Accessreviewscheduledefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-update.md
The following table shows the properties accepted to update an accessReviewSched
| settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md) | The settings for an access review series. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). | | reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). The Reviewers property is only updatable if individual users assigned are as reviewers. See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
-Note that a PUT request expects the full object to be passed in, in which all writable properties are included, not just the properties being updated.
+A **PUT** request expects the full object to be passed in, which includes all writable properties, not just the properties being updated.
## Response
-If successful, this method returns a `204, Accepted` response code and no response body.
+If successful, this method returns a `204 No Content` response code and no response body.
## Examples
PUT https://graph.microsoft.com/beta/identityGovernance/accessReviews/definition
### Response
->**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true } --> ```http
-HTTP/1.1 204 Accepted
+HTTP/1.1 204 No Content
``` <!--
v1.0 Authenticationcontextclassreference Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/authenticationcontextclassreference-get.md
+
+ Title: "Get authenticationContextClassReference"
+description: "Retrieve the properties and relationships of a authenticationContextClassReference object."
+localization_priority: Normal
+++
+# Get authenticationContextClassReference
+
+Namespace: microsoft.graph
++
+Retrieve the properties and relationships of a [authenticationContextClassReference](../resources/authenticationcontextclassreference.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:-|
+|Delegated (work or school account) | Policy.Read.ConditionalAccess |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Policy.Read.ConditionalAccess |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /identity/conditionalAccess/authenticationContextClassReferences/{id}
+```
+## Optional query parameters
+
+This method does not support optional query parameters to customize the response.
+
+## Request headers
+
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token} |
+
+## Request body
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Response
+
+If successful, this method returns a `200 OK` response code and the requested [authenticationContextClassReferences](../resources/\authenticationcontextclassreference.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
++
+<!-- {
+ "blockType": "request",
+ "name": "get_authenticationcontextclassreference"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationContextClassReferences/c1
+```
+++
+### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.authenticationContextClassReference"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#conditionalAccess/authenticationContextClassReferences/$entity",
+ "id": "c1",
+ "displayName": "Contoso medium",
+ "description": "Medium protection level defined for Contoso policy",
+ "isAvailable": false
+}
+
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Get authenticationContextClassReference",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Authenticationcontextclassreference Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/authenticationcontextclassreference-update.md
+
+ Title: "Update authenticationContextClassReference"
+description: "Update the properties of a authenticationContextClassReference object."
+localization_priority: Normal
+++
+# Update authenticationContextClassReference
+
+Namespace: microsoft.graph
++
+Update the properties of an [authenticationContextClassReference](../resources/authenticationcontextclassreference.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Policy.ReadWrite.ConditionalAccess |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Policy.ReadWrite.ConditionalAccess |
+
+> [!NOTE]
+> This API has a [known issue](/graph/known-issues#permissions) related to permissions.
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+PATCH /identity/conditionalAccess/authenticationContextClassReferences/{id}
+```
+
+## Request headers
+
+| Name | Description |
+|:--|:--|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+In the request body, supply the values for relevant properties that should be updated. Existing properties that are not included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.
+
+For the list of properties, see [authenticationContextClassReference](../resources/authenticationContextClassReference.md).
+
+## Response
+
+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "update_authenticationcontextclassreference"
+}-->
+
+```http
+PATCH https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationContextClassReferences/c1
+Content-type: application/json
+
+{
+ "value":
+ [
+ {
+ "displayName": "Contoso trusted locations",
+ "description": "Access is only allowed from trusted locations",
+ "isAvailable": true
+ }
+ ]
+}
+```
+++
+### Response
+
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": false
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
++
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Update authenticationContextClassReference",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 B2cidentityuserflow Put Apiconnectorconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/b2cidentityuserflow-put-apiconnectorconfiguration.md
HTTP/1.1 204 No Content
The following is an example of the request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "put_b2cuserflows-apiconnectorconfiguration_disable-postAttributeCollection"
Content-Type: application/json
{ } ```
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--- #### Response
v1.0 B2xidentityuserflow Put Apiconnectorconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/b2xidentityuserflow-put-apiconnectorconfiguration.md
HTTP/1.1 204 No Content
The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "put_b2xuserflows-apiconnectorconfiguration_disable-postAttributeCollection"
Content-Type: application/json
{ } ```
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-- #### Response
v1.0 Conditionalaccessroot List Authenticationcontextclassreferences https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/conditionalaccessroot-list-authenticationcontextclassreferences.md
+
+ Title: "List authenticationContextClassReferences"
+description: "Retrieve a list of authenticationContextClassReference objects."
+localization_priority: Normal
+++
+# List authenticationContextClassReferences
+
+Namespace: microsoft.graph
++
+Retrieve a list of [authenticationContextClassReference](../resources/authenticationcontextclassreference.md) objects.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:-|
+|Delegated (work or school account) | Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /identity/conditionalAccess/authenticationContextClassReferences
+```
+## Optional query parameters
+
+This method supports the `$filter` and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+| Name |Description|
+|:-|:-|
+| Authorization | Bearer {token} |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [authenticationContextClassReference](..\resources\authenticationcontextclassreference.md) objects in the response body.
+
+## Examples
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "get_authenticationcontextclassreference"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationContextClassReferences
+```
+++
+### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": false,
+ "@odata.type": "microsoft.graph.authenticationContextClassReference",
+ "isCollection": true
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
++
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#/conditionalAccess/authenticationContextClassReferences",
+ "value": [
+ {
+ "id": "c1",
+ "displayName": "Contoso trusted locations",
+ "description": "Access is only allowed from trusted locations",
+ "isAvailable": true
+ }
+ ]
+}
++
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "List authenticationContextClassReferences",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Conditionalaccessroot Post Authenticationcontextclassreferences https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/conditionalaccessroot-post-authenticationcontextclassreferences.md
+
+ Title: "Create authenticationContextClassReference"
+description: "Create a new authenticationContextClassReference."
+localization_priority: Normal
+++
+# Create authenticationContextClassReference
+
+Namespace: microsoft.graph
++
+Create a new [authenticationContextClassReference](../resources/authenticationContextClassReference.md).
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | Policy.ReadWrite.ConditionalAccess |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Policy.ReadWrite.ConditionalAccess |
+
+> [!NOTE]
+> This API has a [known issue](/graph/known-issues#permissions) related to permissions.
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+POST /identity/conditionalAccess/authenticationContextClassReferences
+```
+
+## Request headers
+
+| Name | Description |
+|:--|:--|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+In the request body, supply a JSON representation of a [authenticationContextClassReference](../resources/authenticationcontextclassreference.md) object.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a new [authenticationContextClassReference](../resources/authenticationcontextclassreference.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows creating a new authenticationcontextclassreference that is available for apps to use.
+++
+<!-- {
+ "blockType": "request",
+ "name": "create_authenticationcontextclassreference"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationContextClassReferences
+Content-type: application/json
+
+{
+ "id": "c1",
+ "displayName": "Contoso medium",
+ "description": "Medium protection level defined for Contoso policy",
+ "isAvailable": true
+}
+
+```
+++
+#### Response
+
+The following is an example of the response.
+<!-- {
+ "blockType": "response",
+ "truncated": false,
+ "@odata.type": "microsoft.graph.authenticationContextClassReference"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#conditionalAccess/authenticationContextClassReference/$entity",
+ "id": "c1",
+ "displayName": "Contoso medium",
+ "description": "Medium protection level defined for Contoso policy",
+ "isAvailable": true
+}
+
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Create authenticationContextClassReference",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Identityproviderbase List Availableprovidertypes https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityproviderbase-list-availableprovidertypes.md
Content-Type: application/json
### Request The following is an example of the request.
-# [HTTP](#tab/http)
- # [HTTP](#tab/http) <!-- { "blockType": "request",
v1.0 Identityproviderbase Post Identityproviders https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/identityproviderbase-post-identityproviders.md
Content-type: application/json
The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_applemanagedidentityprovider_from_identityproviderbase"
Content-length: 154
"certificateData": "******" } ```
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
----- #### Response
v1.0 Informationprotectionlabel Extractlabel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/informationprotectionlabel-extractlabel.md
Content-type: application/json
"color": "#000000", "sensitivity": 13, "tooltip": "This information is top secret.",
- "isActive": true
+ "isActive": true,
+ "parent" : null
} } ```
v1.0 Informationprotectionlabel Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/informationprotectionlabel-get.md
Content-type: application/json
User-agent: ContosoLOBApp/1.0 {
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('1e36d926-d716-4197-ba86-a6e18eb910b9')/informationProtection/policy/labels/$entity",
- "id": "4662f9a3-dd50-4a20-b984-a7be82e0e79c",
- "name": "LabelWithFooterAndHeaderActions_Tests",
- "description": "",
- "color": "",
- "sensitivity": 12,
- "tooltip": "LabelWithFooterAndHeaderActions_Tests",
- "isActive": true
+ "id": "4b18e8bb-b4a5-4695-85d0-8ae23ef27892",
+ "name": "Highly Confidential",
+ "description": "Consult Contoso data labeling policy for more details.",
+ "color": "",
+ "sensitivity": 3,
+ "tooltip": "Data classified as Contoso Highly Confidential.",
+ "isActive": true,
+ "parent": null
} ```
v1.0 Informationprotectionpolicy List Labels https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/informationprotectionpolicy-list-labels.md
User-agent: ContosoLOBApp/1.0
"color": "", "sensitivity": 1, "tooltip": "Data classified as Contoso General.",
- "isActive": true
+ "isActive": true,
+ "parent": null
}, { "id": "4662f9a3-dd50-4a20-b984-a7be82e0e79c",
User-agent: ContosoLOBApp/1.0
"color": "", "sensitivity": 2, "tooltip": "Data classificed as Contoso Confidential.",
- "isActive": true
+ "isActive": true,
+ "parent": null
}, { "id": "4b18e8bb-b4a5-4695-85d0-8ae23ef27892",
User-agent: ContosoLOBApp/1.0
"color": "", "sensitivity": 3, "tooltip": "Data classified as Contoso Highly Confidential.",
- "isActive": true
- }
+ "isActive": true,
+ "parent": null
+ },
+ {
+ "id": "a20cbae4-0c05-448c-b342-cb6c618d0957",
+ "name": "Contoso Full Time Employees",
+ "description": "Consult Contoso data labeling policy for more details.",
+ "color": "",
+ "sensitivity": 4,
+ "tooltip": "Data classified as Contoso Highly Confidential for Contoso Full Time Employees",
+ "isActive": true,
+ "parent": {
+ "id": "4b18e8bb-b4a5-4695-85d0-8ae23ef27892",
+ "name": "Highly Confidential",
+ "description": "Consult Contoso data labeling policy for more details.",
+ "color": "",
+ "sensitivity": 3,
+ "tooltip": "Data classified as Contoso Highly Confidential.",
+ "isActive": true,
+ "parent": null
+ }
+ }
] } ```
v1.0 Mobileappmanagementpolicies Delete Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-delete-includedgroups.md
+
+ Title: "Delete includedGroup"
+description: "Delete a group from the list of groups included in a mobile app management policy."
+
+localization_priority: Normal
++
+# Delete includedGroup
+
+Namespace: microsoft.graph
++
+Delete a group from the list of groups included in a mobile app management policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+DELETE /policies/mobileAppManagementPolicies/{id}/includedGroups/{id}/$ref
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_group"
+}
+-->
+
+```http
+DELETE https://graph.microsoft.com/beta/policies/mobileAppManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020/includedGroups/1a9db3ab-0acf-4808-99ae-e8ed581cb2e0/$ref
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Mobileappmanagementpolicies Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-get.md
+
+ Title: "Get mobileAppManagementPolicy"
+description: "Read the properties and relationships of a mobile app management policy."
+
+localization_priority: Normal
++
+# Get mobileAppManagementPolicy
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileAppManagementPolicies/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileAppManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.mobilityManagementPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "ab90bacf-55a3-4a3e-839a-aa4b74e4f020",
+ "appliesTo": "selected",
+ "complianceUrl": "https://portal.mam.contoso.com/?portalAction=Compliance",
+ "description": "Contoso mobilty app is a cloud-based Endpoint Management solution for managing Windows.",
+ "discoveryUrl": "https://enrollment.mam.contoso.com/enrollmentserver/discovery.svc",
+ "displayName": "Contoso mobilty app",
+ "termsOfUseUrl": "https://portal.mam.contoso.com/TermsofUse.aspx",
+ "includedGroups": [
+ {
+ "id": "800c583d-cc3d-4361-8e4a-3fbf668f27f4",
+ "displayName": "Test Group"
+ }
+ ]
+ }
+}
+```
v1.0 Mobileappmanagementpolicies List Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-list-includedgroups.md
+
+ Title: "List includedGroups"
+description: "Get the list of groups that are included in a mobile app management policy."
+
+localization_priority: Normal
++
+# List includedGroups
+
+Namespace: microsoft.graph
++
+Get the list of groups that are included in a mobile app management policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileAppManagementPolicies/{id}/includedGroups
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [group](../resources/group.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_group"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileAppManagementPoliciesab90bacf-55a3-4a3e-839a-aa4b74e4f020/includedGroups
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.group)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "800c583d-cc3d-4361-8e4a-3fbf668f27f4",
+ "displayName": "Test Group"
+ }
+ ]
+}
+```
v1.0 Mobileappmanagementpolicies List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-list.md
+
+ Title: "List mobileAppManagementPolicies"
+description: "Get a list of the mobile app management policy objects and their properties."
+
+localization_priority: Normal
++
+# List mobileAppManagementPolicies
+
+Namespace: microsoft.graph
++
+Get a list of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects and their properties.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileAppManagementPolicies
+```
+
+## Optional query parameters
+
+This method supports some of the OData query parameters to help customize the response. For example:
+
+- To select specific attributes add `$select=id,displayname`.
+- To retrieve included groups for each policy, add `$expand=includedGroups`.
+- To filter based on an attribute, use `$filter=displayName eq 'Microsoft Intune'`.
+
+For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileAppManagementPolicies
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.mobilityManagementPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.mobilityManagementPolicy",
+ "id": "ab90bacf-55a3-4a3e-839a-aa4b74e4f020",
+ "appliesTo": "selected",
+ "complianceUrl": "https://portal.manage.contoso.com/?portalAction=Compliance",
+ "description": "Contoso mobilty app is a cloud-based Endpoint Management solution for managing Windows.",
+ "discoveryUrl": "https://enrollment.manage.contoso.com/enrollmentserver/discovery.svc",
+ "displayName": "Contoso mobilty app",
+ "termsOfUseUrl": "https://portal.manage.contoso.com/TermsofUse.aspx",
+ "includedGroups": [
+ {
+ "id": "800c583d-cc3d-4361-8e4a-3fbf668f27f4",
+ "displayName": "Test Group"
+ }
+ ]
+ }
+ ]
+}
+```
+
+<!-- uuid: 5c98f801-d1c4-44eb-ac11-f72b6754deda
+2020-03-23T22:34:45.203Z -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "List mobileAppManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Mobileappmanagementpolicies Post Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-post-includedgroups.md
+
+ Title: "Add includedGroups"
+description: "Add groups to be included in a mobile app management policy."
+
+localization_priority: Normal
++
+# Add includedGroups
+
+Namespace: microsoft.graph
++
+Add groups to be included in a mobile app management policy.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+POST /policies/mobileAppManagementPolicies/{id}/includedGroups/$ref
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [group](../resources/group.md) object.
+
+The following table shows the properties that are required when you add the [group](../resources/group.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the group.|
+
+## Response
+
+If successful, this method returns a `204 No Content` response code and a [group](../resources/group.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_group_from_groups"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/beta/policies/mobileAppManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020/includedGroups/$ref
+Content-Type: application/json
+
+{
+ "@odata.id": "https://graph.microsoft.com/odata/groups('1a9db3ab-0acf-4808-99ae-e8ed581cb2e0')"
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Mobileappmanagementpolicies Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobileappmanagementpolicies-update.md
+
+ Title: "Update mobileAppManagementPolicy"
+description: "Update the properties of a mobile app management policy object."
+
+localization_priority: Normal
++
+# Update mobileAppManagementPolicy
+
+Namespace: microsoft.graph
++
+Update the properties of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/mobileAppManagementPolicies/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+In the request body, supply the values for fields listed below that should be updated. **Note:** You cannot use `PATCH` operation for `appliesTo` with the other properties.
+
+|Property|Type|Description|
+|:|:|:|
+|appliesTo|policyScope|Determines the groups this policy setting applies to. Possible values are: `none`, `all`, `selected` **Important:** `selected` cannot be used when specifying this property. Use [includedGroups](../api/mobileappmanagementpolicies-post-includedgroups.md) to add specific groups.|
+|complianceUrl|String|Compliance URL of the mobility management application|
+|discoveryUrl|String|Discovery URL of the mobility management application|
+|termsOfUseUrl|String|Terms of Use URL of the mobility management application|
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/mobileAppManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.mobilityManagementPolicy",
+ "complianceUrl": "https://portal.mg.contoso.com/?portalAction=Compliance",
+ "discoveryUrl": "https://enrollment.mg.contoso.com/enrollmentserver/discovery.svc",
+ "termsOfUseUrl": "https://portal.mg.contoso.com/TermsofUse.aspx"
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Mobiledevicemanagementpolicies Delete Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-delete-includedgroups.md
+
+ Title: "Delete includeGroup"
+description: "Delete a group from the list of groups included in a mobile device management policy."
+
+localization_priority: Normal
++
+# Delete includedGroup
+
+Namespace: microsoft.graph
++
+Delete a group from the list of groups included in a mobile device management policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+DELETE /policies/mobileDeviceManagementPolicies/{id}/includedGroups/{id}/$ref
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_group"
+}
+-->
+
+``` http
+DELETE https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020/includedGroups/dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef/$ref
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Mobiledevicemanagementpolicies Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-get.md
+
+ Title: "Get mobileDeviceManagementPolicy"
+description: "Read the properties and relationships of a mobile device management policy object."
+
+localization_priority: Normal
++
+# Get mobileDeviceManagementPolicy
+
+Namespace: microsoft.graph
++
+Read the properties and relationships of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileDeviceManagementPolicies/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.mobilityManagementPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "ab90bacf-55a3-4a3e-839a-aa4b74e4f020",
+ "appliesTo": "selected",
+ "complianceUrl": "https://portal.mdm.contoso.com/?portalAction=Compliance",
+ "description": "Contoso mobilty app is a cloud-based Endpoint Management solution for managing Windows.",
+ "discoveryUrl": "https://enrollment.mdm.contoso.com/enrollmentserver/discovery.svc",
+ "displayName": "Contoso mobilty app",
+ "termsOfUseUrl": "https://portal.mdm.contoso.com/TermsofUse.aspx",
+ "includedGroups": [
+ {
+ "id": "dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef",
+ "displayName": "Test MDM Group"
+ }
+ ]
+ }
+}
+```
v1.0 Mobiledevicemanagementpolicies List Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-list-includedgroups.md
+
+ Title: "List includedGroups"
+description: "Get the list of groups that are included in a mobile device management policy."
+
+localization_priority: Normal
++
+# List includedGroups
+
+Namespace: microsoft.graph
++
+Get the list of groups that are included in a mobile device management policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileDeviceManagementPolicies/{id}/includedGroups
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [group](../resources/group.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_group"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020/includedGroups
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.group)"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef",
+ "displayName": "Test MDM Group"
+ }
+ ]
+}
+```
v1.0 Mobiledevicemanagementpolicies List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-list.md
+
+ Title: "List mobileDeviceManagementPolicies"
+description: "Get a list of the mobile device management objects and their properties."
+
+localization_priority: Normal
++
+# List mobileDeviceManagementPolicies
+
+Namespace: microsoft.graph
++
+Get a list of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects and their properties.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+GET /policies/mobileDeviceManagementPolicies
+```
+
+## Optional query parameters
+
+This method supports some of the OData query parameters to help customize the response. For example:
+
+- To select specific attributes add `$select=id,displayname`.
+- To retrieve included groups for each policy, add `$expand=includedGroups`.
+- To filter based on an attribute, use `$filter=displayName eq 'Microsoft Intune'`.
+
+For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+GET https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies
+```
+
+### Response
+
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.mobilityManagementPolicy"
+}
+-->
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.mobilityManagementPolicy",
+ "id": "ab90bacf-55a3-4a3e-839a-aa4b74e4f020",
+ "appliesTo": "selected",
+ "complianceUrl": "https://portal.mdm.contoso.com/?portalAction=Compliance",
+ "description": "Contoso mobilty app is a cloud-based Endpoint Management solution for managing Windows.",
+ "discoveryUrl": "https://enrollment.mdm.contoso.com/enrollmentserver/discovery.svc",
+ "displayName": "Contoso mobilty app",
+ "termsOfUseUrl": "https://portal.mdm.contoso.com/TermsofUse.aspx",
+ "includedGroups": [
+ {
+ "id": "dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef",
+ "displayName": "Test MDM Group"
+ }
+ ]
+ }
+ ]
+}
+```
+
+<!-- uuid: 5c98f801-d1c4-44eb-ac11-f72b6754deda
+2020-03-23T22:34:45.203Z -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "List mobileDeviceManagementPolicies",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Mobiledevicemanagementpolicies Post Includedgroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-post-includedgroups.md
+
+ Title: "Add includedGroups"
+description: "Add groups to be included in a mobile app management policy."
+
+localization_priority: Normal
++
+# Add includedGroups
+
+Namespace: microsoft.graph
++
+Add groups to be included in a mobile app management policy.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+```http
+POST /policies/mobileDeviceManagementPolicies/{id}/includedGroups/$ref
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [group](../resources/group.md) object.
+
+The following table shows the properties that are required when you add the [group](../resources/group.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the group.|
+
+## Response
+
+If successful, this method returns a `204 No Content` response code and a [group](../resources/group.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_group_from_groups"
+}
+-->
+
+``` http
+POST https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef/includedGroups/$ref
+Content-Type: application/json
+
+{
+ "@odata.id": "https://graph.microsoft.com/odata/groups('dc3d2ce5-7c5e-4dca-a0ef-2145bf6e53ef')"
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Mobiledevicemanagementpolicies Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/mobiledevicemanagementpolicies-update.md
+
+ Title: "Update mobileDeviceManagementPolicy"
+description: "Update the properties of a mobile device management object."
+
+localization_priority: Normal
++
+# Update mobileDeviceManagementPolicy
+
+Namespace: microsoft.graph
++
+Update the properties of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|Policy.Read.All, Policy.ReadWrite.All|
+|Delegated (personal Microsoft account) | Not supported.|
+|Application | Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+``` http
+PATCH /policies/mobileDeviceManagementPolicies/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object.
+
+In the request body, supply the values for fields listed below that should be updated. **Note:** You cannot use `PATCH` operation for `appliesTo` with the other properties.
+
+|Property|Type|Description|
+|:|:|:|
+|appliesTo|policyScope|Determines the groups this policy setting applies to. Possible values are: `none`, `all`, `selected` **Important:** `selected` cannot be used when specifying this property. Use [includedGroups](../api/mobiledevicemanagementpolicies-post-includedgroups.md) to add specific groups. Using `all` will remove any existing groups.|
+|complianceUrl|String|Compliance URL of the mobility management application|
+|discoveryUrl|String|Discovery URL of the mobility management application|
+|termsOfUseUrl|String|Terms of Use URL of the mobility management application|
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_mobilitymanagementpolicy"
+}
+-->
+
+``` http
+PATCH https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/ab90bacf-55a3-4a3e-839a-aa4b74e4f020
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.mobilityManagementPolicy",
+ "complianceUrl": "https://portal.uem.contoso.com/?portalAction=Compliance",
+ "discoveryUrl": "https://enrollment.uem.contoso.com/enrollmentserver/discovery.svc",
+ "termsOfUseUrl": "https://portal.uem.contoso.com/TermsofUse.aspx"
+}
+```
+
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Onlinemeeting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/onlinemeeting-get.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request
-To get the specified onlineMeeting using meeting ID with delegated permission:
+To get an onlineMeeting using meeting ID with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http GET /me/onlineMeetings/{meetingId}
-```
-
-To get the specified onlineMeeting using meeting ID with application permission:
-<!-- { "blockType": "ignored" } -->
-```http
GET /users/{userId}/onlineMeetings/{meetingId} ```
-To get the specified onlineMeeting using **videoTeleconferenceId**:
+To get an onlineMeeting using **videoTeleconferenceId** with app permission:
<!-- { "blockType": "ignored" } --> ```http GET /app/onlineMeetings/?$filter=VideoTeleconferenceId%20eq%20'{videoTeleconferenceId}' GET /communications/onlineMeetings/?$filter=VideoTeleconferenceId%20eq%20'{videoTeleconferenceId}' ```
-To get the specified onlineMeeting using **joinWebUrl**:
+To get an onlineMeeting using **joinWebUrl** with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http
+GET /me/onlineMeetings?$filter=JoinWebUrl%20eq%20'{joinWebUrl}'
GET /users/{userId}/onlineMeetings?$filter=JoinWebUrl%20eq%20'{joinWebUrl}' ```
-To get the attendee report of a live event:
+To get the attendee report of a live event with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http
+GET /me/onlineMeetings/{meetingId}/attendeeReport
GET /users/{userId}/onlineMeetings/{meetingId}/attendeeReport ```
-To get the recordings of a live event:
+To get the recordings of a live event with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http
+GET /me/onlineMeetings/{meetingId}/recording
+GET /me/onlineMeetings/{meetingId}/alternativeRecording
GET /users/{userId}/onlineMeetings/{meetingId}/recording GET /users/{userId}/onlineMeetings/{meetingId}/alternativeRecording ```
GET /me/onlineMeetings/{meetingId}/meetingAttendanceReport
>- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [application access policy](/graph/cloud-communication-online-meeting-application-access-policy). >- `meetingId` is the **id** of an [onlineMeeting](../resources/onlinemeeting.md) object. > - **videoTeleconferenceId** is generated for Cloud-Video-Interop licensed users and can be found in an [onlineMeeting](../resources/onlinemeeting.md) object. Refer to [VTC conference id](/microsoftteams/cloud-video-interop-for-teams-set-up) for more details.
->- `joinWebUrl` must be URL encoded and this route can only be used to retrieve meetings created by `userId`.
+>- `joinWebUrl` must be URL encoded.
## Optional query parameters This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
If successful, this method returns a `200 OK` response code. The method also inc
## Examples
+> [!NOTE]
+> The response objects of the following examples have been shortened for readability. All the properties will be returned from an actual call.
+ ### Example 1: Retrieve an online meeting by VideoTeleconferenceId #### Request
GET https://graph.microsoft.com/beta/communications/onlineMeetings/?$filter=Vide
#### Response
-> **Note:** The response object shown here might be shortened for readability.
- <!-- { "blockType": "response", "truncated": true,
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
#### Response
-> **Note:** The response object shown here has been shortened for readability. All the properties will be returned from an actual call.
- ```json { "id": "MSpkYzE3Njc0Yy04MWQ5LTRhZGItYmZiMi04ZdFpHRTNaR1F6WGhyZWFkLnYy",
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
#### Response
-> **Note:** The response object shown here has been shortened for readability. All the properties will be returned from an actual call.
- ```json { "value": [
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
The following example shows a request to download an attendee report. #### Request
+The following request uses a user token.
+<!-- { "blockType": "ignored" } -->
+```http
+GET https://graph.microsoft.com/beta/me/onlineMeetings/dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2/attendeeReport
+```
+The following request uses an app token.
# [HTTP](#tab/http) <!-- { "blockType": "request", "sampleKeys": ["dc74d9bb-6afe-433d-8eaa-e39d80d3a647", "dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2"],
- "name": "get-attendeeReport"
+ "name": "get-attendeeReport-app-token"
}--> ```msgraph-interactive GET https://graph.microsoft.com/beta/users/dc74d9bb-6afe-433d-8eaa-e39d80d3a647/onlineMeetings/dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2/attendeeReport
Location: https://01-a-noam.dog.attend.teams.microsoft.com/broadcast/909c6581-51
The following example shows a request to download a recording. #### Request
+The following request uses a user token.
+<!-- { "blockType": "ignored" } -->
+```http
+GET https://graph.microsoft.com/beta/me/onlineMeetings/dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2/recording
+```
+The following request uses an app token.
# [HTTP](#tab/http) <!-- { "blockType": "request", "sampleKeys": ["dc74d9bb-6afe-433d-8eaa-e39d80d3a647", "dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2"],
- "name": "get-recording"
+ "name": "get-recording-app-token"
}--> ```msgraph-interactive GET https://graph.microsoft.com/beta/users/dc74d9bb-6afe-433d-8eaa-e39d80d3a647/onlineMeetings/dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_ZWE0YzQwMzItYjEyNi00NjJjLWE4MjYtOTUxYjE1NmFjYWIw@thread.v2/recording
v1.0 Onpremisespublishingprofile Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/onpremisespublishingprofile-update.md
The following example updates **deferUpdate** in the **hybridAgentUpdaterConfigu
The following is an example of the request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_onpremisespublishingprofile_2"
Content-Type: application/json
"deferUpdate" : "2018-08-20T12:00" } ```
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
--- #### Response
v1.0 Userflowlanguageconfiguration Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userflowlanguageconfiguration-delete.md
doc_type: apiPageType
Namespace: microsoft.graph + Deletes a [userFlowLanguageConfiguration](../resources/userflowlanguageconfiguration.md) object from a [Azure AD B2C user flow](../resources/b2cidentityuserflow.md). **Note:** You cannot delete languages from an [Azure Active Directory user flow](../resources/b2xidentityuserflow.md).
v1.0 Userflowlanguageconfiguration List Defaultpages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userflowlanguageconfiguration-list-defaultpages.md
doc_type: apiPageType
Namespace: microsoft.graph + Get the userFlowLanguagePage resources from the defaultPages navigation property. These contain the values shown to the user in a default user journey of a user flow. ## Permissions
v1.0 Userflowlanguageconfiguration List Overridespages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userflowlanguageconfiguration-list-overridespages.md
doc_type: apiPageType
Namespace: microsoft.graph + Get the userFlowLanguagePage resources from the overridesPages navigation property. These pages are used to customize the values shown to the user during a user journey in a user flow. ## Permissions
v1.0 Accessreview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreview.md
ms.prod: "governance"
doc_type: resourcePageType
-# accessReview resource type
+# accessReview resource type (deprecated)
Namespace: microsoft.graph
v1.0 Accessreviewapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewapplyaction.md
Namespace: microsoft.graph
Represents a base class for apply actions in the [accessReviewScheduleSettings](accessreviewschedulesettings.md) of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). Supported derived types: -- **removeAccessApplyAction** is a derived type of accessReviewApplyAction that indicates removing access of an entity being reviewed upon completion of the review. This is the default type for the applyActions property in accessReviewScheduleSettings and does not need to be specified.
+- [removeAccessApplyAction](removeaccessapplyaction.md) is a derived type of accessReviewApplyAction that indicates removing access of an entity being reviewed upon completion of the review. This is the default type for the applyActions property in accessReviewScheduleSettings and does not need to be specified.
-- **disableAndDeleteUserApplyAction** is a derived type of accessReviewApplyAction that indicates disabling and deleting the user being reviewed upon completion of the review. This is the non-default type and needs to specified in accessReviewScheduleSettings.
+- [disableAndDeleteUserApplyAction](disableanddeleteuserapplyaction.md) is a derived type of accessReviewApplyAction that indicates disabling and deleting the user being reviewed upon completion of the review. This is the non-default type and needs to specified in accessReviewScheduleSettings.
## Properties None.
v1.0 Accessreviewinactiveusersqueryscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewinactiveusersqueryscope.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] [!INCLUDE [accessreviews-disclaimer-v2](../../includes/accessreviews-disclaimer-v2.md)]
-A type of [accessReviewQueryScope](../resources/accessreviewqueryscope.md) that allows only inactive users to be selected in the scope of an access review.
+A type of [accessReviewQueryScope](../resources/accessreviewqueryscope.md) that allows only inactive users to be selected in the scope of an access review. The duration of inactivity is calculated based on the user's last sign-in date against the access review instance's start date as defined in the **settings** property of [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md).
Inherits from [accessReviewQueryScope](../resources/accessreviewqueryscope.md). ## Properties |Property|Type|Description| |:|:|:|
-|inactiveDuration|Duration|Defines the length of the duration period of inactivity. Inactivity is based on the last sign in date of the user.|
+|inactiveDuration|Duration|Defines the duration of inactivity. Inactivity is based on the last sign in date of the user compared to the access review instance's start date. If this property is not specified, it's assigned the default value `PT0S`.|
|query|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).| |queryRoot|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).| |queryType|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).|
-### Supported queries for accessReviewInactiveUserQueryScope as scope
-The same queries supported on [accessReviewScope](../resources/accessreviewscope.md) are also supported on accessReviewInactiveUserQueryScope. The following are the queries. They are supported as the `scope` property in an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md).
-
-|Scenario| Query |
-|--|--|
-| Review all inactive guest users assigned to a group | /groups/{group ID}/transitiveMembers/microsoft.graph.user/?\$count=true&$filter=(userType eq 'Guest') |
-| Review all inactive users assigned to a group | /groups/{group ID}/transitiveMembers |
-| Review all inactive guest users assigned to all groups | ./members/microsoft.graph.user/?\$count=true&$filter=(userType eq 'Guest') |
-
+You must also specify the **@odata.type** type property with the value `#microsoft.graph.accessReviewInactiveUsersQueryScope`. For more about configuration options for **scope** using **accessReviewInactiveUsersQueryScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
## Relationships None.
v1.0 Accessreviewqueryscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewqueryscope.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] [!INCLUDE [accessreviews-disclaimer-v2](../../includes/accessreviews-disclaimer-v2.md)]
-An accessReviewQueryScope object defines what will be reviewed in an [accessReview](../resources/accessreviewsv2-root.md). See the supported queries to see the selection options. To scope an access review to inactive users, see [accessReviewInactiveUserQueryScope](../resources/accessreviewinactiveusersqueryscope.md).
+An accessReviewQueryScope object defines what will be reviewed in an [access review](../resources/accessreviewsv2-root.md). To scope an access review to inactive users, see [accessReviewInactiveUserQueryScope](../resources/accessreviewinactiveusersqueryscope.md).
Inherits from [accessReviewScope](../resources/accessreviewscope.md). ## Properties |Property|Type|Description| |:|:|:|
-|query|String|The query representing what will be reviewed in an access review. Examples of this include /groups/{id}/members?$filter=…|
+|query|String|The query representing what will be reviewed in an access review.|
|queryRoot|String|In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, `./manager`.|
-|queryType|String|Indicates the type of query. Types include MicrosoftGraph and ARM.|
+|queryType|String|Indicates the type of query. Types include `MicrosoftGraph` and `ARM`.|
-### Supported queries for accessReviewQueryScope as scope
-The queries are supported as the `scope` property in an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md)
-
-|Scenario| Query | Additional Comments |
-|--|--|-- |
-| Review of all users assigned to a group | /groups/{group id}/transitiveMembers ||
-| Review of guest users assigned to a group | /groups/{group id}/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest') ||
-| Review of guest users assigned to all Microsoft 365 groups | ./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest') | Note that the corresponding instanceEnumerationScope should also be passed in to the accessReviewScheduleDefinition. See table below for instanceEnumerationScope query. |
-| Entitlement Management Access Package Assignment Reviews | /identityGovernance/entitlementManagement/accessPackageAssignments?$filter=(accessPackageId eq '{package id}' and assignmentPolicyId eq '{id}')| Note that only READ is supported for Access Package Assignment Reviews|
-| Review of Service Principals assigned to privileged roles | /beta/roleManagement/directory/roleAssignmentScheduleInstances?$expand=principal&$filter=(isof(principal,'microsoft.graph.servicePrincipal') and roleDefinitionId eq '{role ID}') | |
-
-### Supported queries for instanceEnumerationScope
-The queries are supported as the `instanceEnumerationScope` property in an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md)
-
-|Scenario| Query | Additional Comments |
-|--|--|--|
-| Review of guest users assigned to all Microsoft 365 groups| /v1.0/groups?\$filter=(groupTypes/any(c:c+eq+'Unified'))&$count=true | Note that the corresponding scope should also be passed in along with this|
-| Review of guest users assigned to all teams | /v1.0/groups?\$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team'))&$count=true | Note that the corresponding scope should also be passed in along with this|
+Specifying the **@odata.type** type property with the value `#microsoft.graph.accessReviewQueryScope` is highly recommended. For more about configuration options for **scope** using **accessReviewQueryScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
## Relationships None.
v1.0 Accessreviewreviewerscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewreviewerscope.md
Namespace: microsoft.graph
[!INCLUDE [accessreviews-disclaimer-v2](../../includes/accessreviews-disclaimer-v2.md)]
-The accessReviewReviewerScope defines who will review instances of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). This is expressed as an OData query, which allows reviewers to be specified both as a static list of users (i.e., specific users, group owners, group members) or dynamically (i.e., the case where every user is reviewed by their manager). To create a self-review (where users review their own access), do not provide reviewers on [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) creation.
+The accessReviewReviewerScope defines who will review instances of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). It is an OData query that allows reviewers to be specified both as a static list of users (that is, specific users, group owners, and group members) or dynamically in which every user is reviewed by their manager or by group owners. To create a self-review (where users review their own access), do not provide reviewers on [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) creation.
Inherits from [accessReviewScope](../resources/accessreviewscope.md).
Inherits from [accessReviewScope](../resources/accessreviewscope.md).
| :-| :- | :- | | query | String | The query specifying who will be the reviewer. See table for examples. | | queryType | String | The type of query. Examples include `MicrosoftGraph` and `ARM`. |
-| queryRoot | String | In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query (i.e., ./manager) is specified. |
+| queryRoot | String | In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, `./manager`, is specified. Possible value: `decisions`. |
-### Supported queries for accessReviewReviewerScope
-
-|Scenario| query | queryType | queryRoot |
-|--|--|--|--|
-| Group owner as reviewer | /groups/{group id}/owners |MicrosoftGraph||
-| Specific user as reviewer | /users/{user id} |MicrosoftGraph||
-| Manager of user being reviewed as reviewer | ./manager | MicrosoftGraph |decisions|
-| Self Review | Empty list(No reviewers) | MicrosoftGraph |
+For more about configuration options for **reviewers**, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept).
## Relationships
v1.0 Accessreviews Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviews-root.md
ms.prod: "governance"
doc_type: conceptualPageType
-# Azure AD access reviews (legacy)
+# Azure AD access reviews (deprecated)
Namespace: microsoft.graph
v1.0 Accessreviewscheduledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewscheduledefinition.md
Namespace: microsoft.graph
Represents the scheduling of an Azure AD [access review](accessreviewsv2-root.md).
-An accessReviewScheduleDefinition contains a list of [accessReviewInstance](accessreviewinstance.md) objects. Each recurrence of the schedule definition will create an instance. Instances also represent each unique group being reviewed. If a schedule definition reviews multiple groups, each group will have a unique instance per each recurrence. In the case of a one-time review, only one instance will be created per group.
+An accessReviewScheduleDefinition contains a list of [accessReviewInstance](accessreviewinstance.md) objects. Each recurrence of the schedule definition creates an instance. Instances also represent each unique resource being reviewed. If a schedule definition reviews multiple resources (including multiple groups), each resource has a unique instance per each recurrence. In the case of a one-time review, only one instance is created per resource.
## Methods | Method | Return Type |Description| |:|:--|:-|
-|[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every accessReviewScheduleDefinition. Does not include associated accessReviewInstance instances in listings. |
-|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition with a specified id. |
-|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-create.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new accessReviewScheduleDefinition. |
-|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an accessReviewScheduleDefinition with a specified identifier. |
-|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an accessReviewScheduleDefinition with a specified identifier. |
+|[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every accessReviewScheduleDefinition. Does not include associated accessReviewInstance objects in the results. |
+|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition with a specified **id**. Does not include associated accessReviewInstance objects in the results.|
+|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new accessReviewScheduleDefinition. |
+|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an accessReviewScheduleDefinition with a specified **id**. |
+|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an accessReviewScheduleDefinition with a specified **id**. |
## Properties | Property | Type | Description | | :| :-- | :- |
-| id | String | The feature-assigned unique identifier of an access review.|
-| displayName | String | Name of access review series. Required on create. |
-| createdDateTime |DateTimeOffset | Timestamp when review series was created. |
-| lastModifiedDateTime | DateTimeOffset | Timestamp when review series was last modified.|
-| status |String | This read-only field specifies the status of an accessReview. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. |
-| descriptionForAdmins |string | Description provided by review creators to provide more context of the review to admins. |
-| descriptionForReviewers |string | Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. |
+| id | String | The feature-assigned unique identifier of an access review. Supports `$select`.|
+| displayName | String | Name of the access review series. Required on create. Supports `$select`. |
+| createdDateTime |DateTimeOffset | Timestamp when the access review series was created. Supports `$select`.|
+| lastModifiedDateTime | DateTimeOffset | Timestamp when the access review series was last modified. Supports `$select`.|
+| status |String | This read-only field specifies the status of an access review. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. <br>Supports `$select`, `$orderby`, and `$filter` (`eq` only).|
+| descriptionForAdmins |string | Description provided by review creators to provide more context of the review to admins. Supports `$select`. |
+| descriptionForReviewers |string | Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. Supports `$select`. |
| createdBy |[userIdentity](../resources/useridentity.md) | User who created this review. |
-| scope |[accessReviewScope](../resources/accessreviewscope.md) | Defines scope of users reviewed. For supported scopes, see [accessReviewScope](accessreviewscope.md). Required on create. |
-| instanceEnumerationScope|[accessReviewScope](../resources/accessreviewscope.md) | In the case of a review of guest users across all Microsoft 365 groups, this determines the scope of which groups will be reviewed. Each group will become a unique accessReviewInstance of the access review series. For supported scopes, see [accessReviewScope](accessreviewscope.md). |
-| settings |[accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series, see type definition below. |
-| reviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of access review scopes is used to define who are the reviewers. See [accessReviewReviewerScope](accessreviewreviewerscope.md). Required on create. |
-| backupReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. See [accessReviewReviewerScope](accessreviewreviewerscope.md). |
-| instances |Collection(microsoft.graph.accessReviewInstance)| Set of access reviews instances for this access review series. Access reviews that do not recur will only have one instance; otherwise, there will be an instance for each recurrence. |
+| scope |[accessReviewScope](../resources/accessreviewscope.md) | Defines scope of resources to review. For supported scopes, see [accessReviewScope](accessreviewscope.md). Required on create. Supports `$select` and `$filter` (`contains` only). For examples of options for configuring scope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
+| instanceEnumerationScope|[accessReviewScope](../resources/accessreviewscope.md) | This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique **accessReviewInstance** of the access review series. For supported scopes, see [accessReviewScope](accessreviewscope.md). Supports `$select`. For examples of options for configuring instanceEnumerationScope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
+| settings |[accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series, see type definition below. Supports `$select`.|
+| reviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of access review scopes is used to define who are the reviewers. Required on create. Supports `$select`. For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
+| backupReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports `$select`. <br>**Note:** This property has been replaced by **fallbackReviewers**. However, specifying either **backupReviewers** or **fallbackReviewers** automatically populates the same values to the other property.|
+| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports `$select`.|
+| instances |[accessReviewInstance](../resources/accessreviewinstance.md) collection| Set of access reviews instances for this access review series. Access reviews that do not recur will only have one instance; otherwise, there is an instance for each recurrence. |
## Relationships
An accessReviewScheduleDefinition contains a list of [accessReviewInstance](acce
|:|:--|:-| | `instances` |[accessReviewInstance](accessreviewinstance.md) collection | If the `accessReviewScheduleDefinition` is a recurring access review, instances represent each recurrence. A review that does not recur will have exactly one instance. Instances also represent each unique resource under review in the `accessReviewScheduleDefinition`. If a review has multiple resources and multiple instances, each resource will have a unique instance for each recurrence. |
-### Supported search queries for accessReviewScheduleDefinition
-The following are queries supported on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) based on the [accessReviewScope](accessreviewscope.md).
-
-|Scenario| Query |
-|--|--|
-| List every `accessReviewScheduleDefinition` on individual groups (excludes definitions scoped to all Microsoft 365 groups with guest users) | /beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '/groups') |
-| List every `accessReviewScheduleDefinition` on a specific group (excludes definitions scoped to all Microsoft 365 groups with guest users) | /beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '/groups/{group id}') |
-| List every `accessReviewScheduleDefinition` scoped to all Microsoft 365 groups with guest users | /beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, './members') |
-| List every `accessReviewScheduleDefinition` on an access package | /beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, 'accessPackageAssignments') |
-| List every `accessReviewScheduleDefinition` for service principals assigned to privileged role | /beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, 'roleAssignmentScheduleInstances') |
--- ## JSON representation The following is a JSON representation of the resource. <!-- {
v1.0 Accessreviewschedulesettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewschedulesettings.md
The **accessReviewScheduleSettings** defines the settings of an [accessReviewSch
## Properties | Property | Type | Description | | :| :- | :- |
-| mailNotificationsEnabled|Boolean | Flag to indicate whether emails are enabled/disabled. |
-| reminderNotificationsEnabled|Boolean | Flag to indicate whether reminders are enabled/disabled. |
-| justificationRequiredOnApproval|Boolean | Flag to indicate whether reviewers are required to provide justification with their decision. |
-| defaultDecisionEnabled|Boolean | Flag to indicate whether default decision is enabled/disabled when reviewers do not respond. |
-| defaultDecision|String | Decision chosen if `defaultDecisionEnabled` is enabled. Can be one of "Approve", "Deny", or "Recommendation". |
+| mailNotificationsEnabled|Boolean | Indicates whether emails are enabled or disabled. Default value is `false`. |
+| reminderNotificationsEnabled|Boolean | Indicates whether reminders are enabled or disabled. Default value is `false`. |
+| justificationRequiredOnApproval|Boolean | Indicates whether reviewers are required to provide justification with their decision. Default value is `false`. |
+| defaultDecisionEnabled|Boolean | Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is `false`. |
+| defaultDecision|String | Decision chosen if `defaultDecisionEnabled` is enabled. Can be one of `Approve`, `Deny`, or `Recommendation`. |
| instanceDurationInDays|Int32 | Duration of each recurrence of review (`accessReviewInstance`) in number of days. |
-| recurrence|[patternedRecurrence](../resources/patternedrecurrence.md) | Detailed settings for recurrence. Using standard Outlook recurrence object. Note that dayOfMonth is not supported - use property startDate on recurrenceRange to determine the day the review will start on. |
-| autoApplyDecisionsEnabled|Boolean | Flag to indicate whether auto-apply feature is enabled. |
+| recurrence|[patternedRecurrence](../resources/patternedrecurrence.md) | Detailed settings for recurrence using the standard Outlook recurrence object. Only `weekly` and `absoluteMonthly` on **recurrencePattern** are supported. Use the property **startDate** on **recurrenceRange** to determine the day the review starts. |
+| autoApplyDecisionsEnabled|Boolean | Indicates whether decisions are automatically applied. When set to `false`, a user must apply the decisions manually once the reviewer completes the access review. When set to `true`, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is `false`. |
| applyActions|[accessReviewApplyAction](../resources/accessreviewapplyaction.md) collection | Optional field. Describes the actions to take once a review is complete. There are two types that are currently supported: `removeAccessApplyAction` (default) and `disableAndDeleteUserApplyAction`. Field only needs to be specified in the case of `disableAndDeleteUserApplyAction`. See [accessReviewApplyAction](accessreviewapplyaction.md). |
-| recommendationsEnabled|Boolean | Flag to indicate whether decision recommendations are enabled/disabled. |
+| recommendationsEnabled|Boolean | Indicates whether decision recommendations are enabled/disabled. |
## Relationships None.
v1.0 Accessreviewscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewscope.md
Namespace: microsoft.graph
The **accessReviewScope** defines what entities will be reviewed in an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). It is an abstract type that is inherited by [accessReviewQueryScope](accessreviewqueryscope.md), [principalResourceMembershipsScope](principalresourcemembershipsscope.md) and [accessReviewReviewerScope](accessreviewreviewerscope.md).
-For `scope` property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewQueryScope](accessreviewqueryscope.md) and [principalResourceMembershipsScope](principalresourcemembershipsscope.md).
+For **scope** property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewQueryScope](accessreviewqueryscope.md) and [principalResourceMembershipsScope](principalresourcemembershipsscope.md).
-For `reviewers` property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewReviewerScope](accessreviewreviewerscope.md)
+For **reviewers** property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewReviewerScope](accessreviewreviewerscope.md).
+
+Specifying the OData type in the **scope** is highly recommended for all types but required for [principalResourceMembershipsScope](principalresourcemembershipsscope.md) and [accessReviewInactiveUserQueryScope](../resources/accessreviewinactiveusersqueryscope.md).
## Properties None.
v1.0 Accessreviewsv2 Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewsv2-root.md
The following table lists the methods that you can use to interact with access r
|:|:--|:-| |[List accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every `accessReviewScheduleDefinition`. Does not include associated `accessReviewInstance` instances in listings. | |[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an `accessReviewScheduleDefinition` with a specified id. |
-|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-create.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new `accessReviewScheduleDefinition`. |
+|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new `accessReviewScheduleDefinition`. |
|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an `accessReviewScheduleDefinition` with a specified ID. | |[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an `accessReviewScheduleDefinition` with a specified ID. | |[List accessReviewInstance](../api/accessreviewinstance-list.md) | [accessReviewInstance](accessreviewinstance.md) collection | Lists every `accessReviewInstance` for a specific `accessReviewScheduleDefinition`. Does not include associated `accessReviewInstanceDecisionItem`s in listings. |
v1.0 Agreementfiledata https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/agreementfiledata.md
Title: "agreementFileData resource type"
description: "Represents the blob of an Azure Active Directory (Azure AD) terms of use agreement file." localization_priority: Normal doc_type: resourcePageType
v1.0 Alternativesecurityid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/alternativeSecurityId.md
Title: "alternativeSecurityId resource type"
description: "For internal use only. This complex type will be deprecated in the future." localization_priority: Normal doc_type: resourcePageType
v1.0 Anonymousipriskevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/anonymousipriskevent.md
Title: "anonymousIpRiskEvent resource type"
description: "A risk event detected by Azure Active Directory Identity Protection where an account sign-in is attempted from an IP address that appears to be anonymous. Complete information about risk events can be found in the Azure AD Identity Protection documentation." localization_priority: Normal doc_type: resourcePageType
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/assignedlicense.md
Title: "assignedLicense resource type"
description: "Represents a license assigned to a user. The **assignedLicenses** property of the user entity is a collection of **assignedLicense**." localization_priority: Normal doc_type: resourcePageType
v1.0 Authenticationcontextclassreference https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/authenticationcontextclassreference.md
+
+ Title: "authenticationContextClassReference resource type"
+description: "Represents an Azure Active Directory authentication context class reference."
+localization_priority: Normal
+++
+# authenticationContextClassReference resource type
+
+Namespace: microsoft.graph
++
+Represents an Azure Active Directory authentication context class reference. Authentication context class references are custom values that define a Conditional Access authentication requirement.
+
+## Methods
+
+| Method | Return Type | Description |
+|:-|:|:|
+| [List authenticationContextClassReference](../api/conditionalaccessroot-list-authenticationcontextclassreferences.md) | [authenticationContextClassReference](authenticationContextClassReference.md) collection | Get all of the authenticationContextClassReference objects in the organization. |
+| [Create authenticationContextClassReference](../api/conditionalaccessroot-post-authenticationcontextclassreferences.md) | [authenticationContextClassReference](authenticationContextClassReference.md) | Create a new authenticationContextClassReference object. |
+| [Get authenticationContextClassReference](../api/authenticationcontextclassreference-get.md) | [authenticationContextClassReference](authenticationContextClassReference.md) | Read properties and relationships of a authenticationContextClassReference object. |
+| [Update authenticationContextClassReference](../api/authenticationcontextclassreference-update.md) | [authenticationContextClassReference](authenticationContextClassReference.md) | Update a authenticationContextClassReference object. |
++
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|id|String| Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim. This value in the claim is used to verify the required authentication context has been satisfied. The allowed id values are "c1" through "c25". |
+|displayName|String| The display name is the friendly name of the authenticationContextClassReference. This value should be used to identify the authentication context class reference when building user facing admin experiences. For example, selection UX. |
+|description|String| A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user facing admin experiences. For example, selection UX.|
+|isAvailable|boolean| Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it is set to `false` it should not be shown in admin UX experiences because the value is not currently available for selection.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+ "displayName",
+ "description",
+ "sessionControls",
+ "grantControls"
+ ],
+ "@odata.type": "microsoft.graph.authenticationContextClassReference",
+ "baseType": "microsoft.graph.entity",
+ "keyProperty": "id"
+}-->
+
+```json
+ {
+ "id": "String",
+ "displayName": "String",
+ "description": "String",
+ "isAvailable": "boolean",
+ }
+
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "authenticationContextClassReference resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Command https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/command.md
Title: "command resource type"
-description: ""
+description: "Set of commands sent to a device."
localization_priority: Normal doc_type: resourcePageType-+ # command resource type
Namespace: microsoft.graph ## Properties
-|Property|Type|Description|
-|:|:|:|
+None
## Relationships None
v1.0 Conditionalaccessapplications https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessapplications.md
Represents the applications and user actions included in and excluded from the p
| includeApplications | String collection | The list of application IDs the policy applies to, unless explicitly excluded (in excludeApplications). Can also be set to `All`. | | excludeApplications | String collection | The list of application IDs explicitly excluded from the policy. | | includeUserActions | String collection | User actions to include. Supported values are `urn:user:registersecurityinfo` and `urn:user:registerdevice` |
+| includeAuthenticationContextClassReferences | String collection | Authentication context class references include. Supported values are `c1` through `c25`. |
## Relationships
v1.0 Conditionalaccesspolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccesspolicy.md
The following is a JSON representation of the resource.
"grantControls" ], "@odata.type": "microsoft.graph.conditionalAccessPolicy",
+ "baseType":"microsoft.graph.entity",
"keyProperty": "id" }-->
v1.0 Conditionalaccessroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/conditionalaccessroot.md
+
+ Title: "conditionalAccess resource type"
+description: "The **conditionalaccess** resource is the entry point for the Conditinal Access object model. It doesn't contain any usable properties."
+localization_priority: Normal
+++
+# conditionalaccess resource type
+
+Namespace: microsoft.graph
++
+The **conditionalAccess** resource is the entry point for the Conditional Access object model. It doesn't contain any usable properties.
++
+## Methods
+
+| Method | Return Type |Description|
+|:|:--|:-|
+|[Create conditionalAccessPolicy](../api/conditionalaccessroot-post-policies.md) |[conditionalAccessPolicy](conditionalaccesspolicy.md)| Create a new **conditionalAccessPolicy** by posting to the conditionalAccessPolicy collection.|
+|[Create namedLocations](../api/conditionalaccessroot-post-namedlocations.md) |[namedLocation](namedlocation.md)| Create a new **namedLocations** by posting to the namedLocations collection.|
+|[Create authenticationContextClassReferences](../api/conditionalaccessroot-post-authenticationcontextclassreferences.md)|[authenticationContextClassReferences](authenticationcontextclassreference.md)|Create a new **authenticationContextClassReferences** by posting to authenticationContextClassReferences collection.|
++
+## Properties
+
+The conditionalAccess resource is the entry point for the Conditional Access object model and doesn't contain any properties.
+
+## Relationships
+| Relationship | Type |Description|
+|:|:--|:-|
+|conditionalAccessPolicy|[conditionalAccessPolicy](conditionalaccesspolicy.md) collection| Read-only. Nullable. Returns a collection of the specified Conditional Access policies.|
+|namedLocations|[namedLocations](namedlocation.md) collection| Read-only. Nullable. Returns a collection of the specified named locations.|
+|authenticationContextClassReferences|[authenticationContextClassReferences](authenticationcontextclassreference.md) collection|Read-only. Nullable. Returns a collection of the specified authentication context class references.|
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2015-10-25 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "conditional access resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": []
+}
+-->
+
v1.0 Directory https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/directory.md
- Title: "directory resource type (deleted items)" description: ". Deleted items will remain available to restore for up to 30 days. After 30 days, the items are permanently deleted."
v1.0 Disableanddeleteuserapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/disableanddeleteuserapplyaction.md
+
+ Title: "disableAndDeleteUserApplyAction resource type"
+description: "Disable and delete any B2B guest user who is denied in an access review."
+
+localization_priority: Normal
++
+# disableAndDeleteUserApplyAction resource type
+
+Namespace: microsoft.graph
+++
+Disable any B2B guest user who is denied in an access review for 30 days, and then subsequently delete their account. This option does not contain any configuration options.
+
+Inherits from [accessReviewApplyAction](../resources/accessreviewapplyaction.md).
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.disableAndDeleteUserApplyAction"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.disableAndDeleteUserApplyAction"
+}
+```
v1.0 Entity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/entity.md
Title: "entity resource type"
-description: ""
+description: "Represents an entity."
localization_priority: Normal doc_type: resourcePageType-+ # entity resource type
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Possible values for user account types (group membership), per Windows definitio
|other| |unknownFutureValue|
+### policyScope values
+
+|Member|
+|:|
+|none|
+|all|
+|selected|
+ ### teamsAppInstallationScope values |Member |Value |Description |
Possible values for user account types (group membership), per Windows definitio
|:| |principal| |unknownFutureValue|-
v1.0 Implicitgrantsettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/implicitgrantsettings.md
Title: "implicitGrantSettings resource type"
-description: "Specifies whether this web application can request tokens using the OAuth 2.0 implicit flow. Separate properties are available to request ID and access tokens as part of the implicit flow. To enable implicit flow, at least one of the following properties must be set to true."
+description: "Specifies whether this web application can request tokens using the OAuth 2.0 implicit flow. "
localization_priority: Normal doc_type: resourcePageType
v1.0 Impossibletravelriskevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/impossibletravelriskevent.md
Title: "impossibleTravelRiskEvent resource type"
description: "A risk event detected by Azure Active Directory Identity Protection where two account sign-ins occur from locations atypical for the user and it would be impossible to travel between the locations in the duration between the sign-ins. Complete information about risk events can be found in the Azure AD Identity Protection documentation." localization_priority: Normal doc_type: resourcePageType
v1.0 Informationprotectionlabel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/informationprotectionlabel.md
Describes the information protection label that details how to properly apply a
| name | String | The plaintext name of the label. | | sensitivity | Int32 | The sensitivity value of the label, where lower is less sensitive. | | tooltip | String | The tooltip that should be displayed for the label in a UI. |
+| parent | labelDetails | The parent label associated with a child label. Null if label has no parent.
## Relationships
The following is a JSON representation of the resource.
"isActive": true, "name": "String", "sensitivity": 1024,
- "tooltip": "String"
+ "tooltip": "String",
+ "parent": {"@odata.type": "microsoft.graph.labelDetails" }
} ```
v1.0 Invokeuserflowlistener https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/invokeuserflowlistener.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-You can create an [invokeUserFlowListener](../resources/invokeuserflowlistener.md) for the onSignUpStart event. This associates an application with a user flow, which enables [external identities self-service sign up](https://docs.microsoft.com/azure/active-directory/external-identities/self-service-sign-up-overview) for the application. Once an application is associated with a user flow, users who go to that application will be able to initiate a sign-up flow that provisions a guest account.
+You can create an [invokeUserFlowListener](../resources/invokeuserflowlistener.md) for the onSignUpStart event. This associates an application with a user flow, which enables [external identities self-service sign up](/azure/active-directory/external-identities/self-service-sign-up-overview) for the application. Once an application is associated with a user flow, users who go to that application will be able to initiate a sign-up flow that provisions a guest account.
Inherits from the abstract base type [authenticationListener](../resources/authenticationlistener.md).
v1.0 Labeldetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/labeldetails.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the label details of an information protection label. **labelDetails** provides information about a single information protection label. Can be returned by [evaluateRemoval](../api/informationprotectionlabel-evaluateremoval.md), [evaluateApplication](../api/informationprotectionlabel-evaluateapplication.md), and [extractLabel](../api/informationprotectionlabel-extractLabel.md)
+Represents the label details of an information protection label. **labelDetails** provides information about a single information protection label. Inherits from
+the [parentLabelDetails](parentlabeldetails.md). Can be returned by [evaluateRemoval](../api/informationprotectionlabel-evaluateremoval.md), [evaluateApplication](../api/informationprotectionlabel-evaluateapplication.md), and [extractLabel](../api/informationprotectionlabel-extractLabel.md)
## Properties
-| Property | Type | Description |
-| :- | : | :-- |
-| color | String | The color that the user interface should display for the label, if configured. |
-| description | String | The admin-defined description for the label. |
-| id | String | The label ID is a globally unique identifier (GUID). |
-| isActive | Boolean | Indicates whether the label is active or not. Active labels should be hidden or disabled in user interfaces. |
-| name | String | The plaintext name of the label. |
-| sensitivity | Int32 | The sensitivity value of the label, where lower is less sensitive. |
-| tooltip | String | The tooltip that should be displayed for the label in a user interface. |
+| Property | Type | Description |
+| :- | :- | :-- |
+| color | String | The color that the user interface should display for the label, if configured. |
+| description | String | The admin-defined description for the label. |
+| id | String | The label ID is a globally unique identifier (GUID). |
+| isActive | Boolean | Indicates whether the label is active or not. Active labels should be hidden or disabled in user interfaces. |
+| name | String | The plaintext name of the label. |
+| sensitivity | Int32 | The sensitivity value of the label, where lower is less sensitive. |
+| tooltip | String | The tooltip that should be displayed for the label in a user interface. |
+| parent | parentLabelDetails | The parent label associated with a child label. |
## JSON representation
v1.0 Leakedcredentialsriskevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/leakedcredentialsriskevent.md
Title: "leakedCredentialsRiskEvent resource type"
description: "A risk event detected by Azure Active Directory Identity Protection where an account's credentials have been detected in the wild. Complete information about risk events can be found in the Azure AD Identity Protection documentation." localization_priority: Normal doc_type: resourcePageType
v1.0 Licenseassignmentstate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licenseAssignmentState.md
Title: "licenseAssignmentState resource type"
description: "The **licenseAssignmentStates** property of the user entity is a collection of **licenseAssignmentState**. It provides details about license assignments to a user. The details includes information like: " localization_priority: Normal doc_type: resourcePageType
v1.0 Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licensedetails.md
Title: "licenseDetails resource type"
description: "Contains information about a license assigned to a user." localization_priority: Normal doc_type: resourcePageType
v1.0 Malwareriskevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/malwareriskevent.md
Title: "malwareRiskEvent resource type"
description: "A risk event detected by Azure Active Directory Identity Protection where an account sign-in is attempted from a device infected with malware. Complete information about risk events can be found in the Azure AD Identity Protection documentation." localization_priority: Normal doc_type: resourcePageType-+ # malwareRiskEvent resource type (deprecated)
v1.0 Mobilitymanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/mobilitymanagementpolicy.md
+
+ Title: "mobilityManagementPolicy resource type"
+description: "A mobility management policy represents an auto-enrollment policy for a mobility management application configured in Azure AD."
+
+localization_priority: Normal
++
+# mobilityManagementPolicy resource type
+
+Namespace: microsoft.graph
++
+In Azure AD, a mobility management policy represents an auto-enrollment configuration for a mobility management (MDM or MAM) application. These policies are only applicable to devices based on Windows 10 OS and its derivatives (Surface Hub, Hololens etc.). [Auto-enrollment](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal) enables organizations to automatically enroll devices into their chosen mobility management application as part of [Azure AD join](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join) or [Azure AD register](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) process on Windows 10 devices.
+
+## Methods
+
+|Method|Return type|Description|
+|:|:|:|
+|[List mobileDeviceManagementPolicies](../api/mobiledevicemanagementpolicies-list.md)|[mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) collection|Get a list of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects and their properties for mobile device management applications.|
+|[Get mobileDeviceManagementPolicy](../api/mobiledevicemanagementpolicies-get.md)|[mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md)|Read the properties and relationships of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile device management application.|
+|[Update mobileDeviceManagementPolicy](../api/mobiledevicemanagementpolicies-update.md)|None|Update the properties of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile device management application.|
+|[List includedGroups of mobileDeviceManagementPolicy](../api/mobiledevicemanagementpolicies-list-includedgroups.md)|[group](../resources/group.md) collection|List included groups for a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile device management application.|
+|[Add group to mobileDeviceManagementPolicy](../api/mobiledevicemanagementpolicies-post-includedgroups.md)|None|Add a group to the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile device management application.|
+|[Delete group from mobileDeviceManagementPolicy](../api/mobiledevicemanagementpolicies-delete-includedgroups.md)|None|Delete a group from the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile device management application.|
+|[List mobileAppManagementPolicies](../api/mobileappmanagementpolicies-list.md)|[mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) collection|Get a list of the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) objects and their properties for mobile app management applications.|
+|[Get mobileAppManagementPolicy](../api/mobileappmanagementpolicies-get.md)|[mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md)|Read the properties and relationships of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile app management application.|
+|[Update mobileAppManagementPolicy](../api/mobileappmanagementpolicies-update.md)|None|Update the properties of a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile app management application.|
+|[List includedGroups of mobileAppManagementPolicy](../api/mobileappmanagementpolicies-list-includedgroups.md)|[group](../resources/group.md) collection|List included groups for a [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile app management application.|
+|[Add group to mobileAppManagementPolicy](../api/mobileappmanagementpolicies-post-includedgroups.md)|None|Add a group to the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile app management application.
+|[Delete group from mobileAppManagementPolicy](../api/mobileappmanagementpolicies-delete-includedgroups.md)|None|Delete a group from the [mobilityManagementPolicy](../resources/mobilitymanagementpolicy.md) object for a mobile app management application.|
+
+## Properties
+
+|Property|Type|Description|
+|:|:|:|
+|appliesTo|policyScope|Indicates the user scope of the mobility management policy. Possible values are: `none`, `all`, `selected`.|
+|complianceUrl|String|Compliance URL of the mobility management application.|
+|description|String|Description of the mobility management application.|
+|discoveryUrl|String|Discovery URL of the mobility management application.|
+|displayName|String|Display name of the mobility management application.|
+|id|String|Object Id of the mobility management application.|
+|termsOfUseUrl|String|Terms of Use URL of the mobility management application.|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:|:|:|
+|includedGroups|[group](../resources/group.md) collection|Azure AD groups under the scope of the mobility management application if appliesTo is `selected`|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.mobilityManagementPolicy",
+ "openType": false
+}
+-->
+
+``` json
+{
+ "id": "String (identifier)",
+ "appliesTo": "String",
+ "complianceUrl": "String",
+ "description": "String",
+ "discoveryUrl": "String",
+ "displayName": "String",
+ "termsOfUseUrl": "String"
+}
+```
+
+<!-- uuid: 5c98f801-d1c4-44eb-ac11-f72b6754deda
+2020-03-23T22:34:45.203Z -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "mobilityManagementPolicy resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}
+-->
v1.0 Oauth2permissiongrant https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/oauth2permissiongrant.md
Delegated permissions are sometimes referred to as "OAuth 2.0 scopes" or "scopes
| [Create oAuth2PermissionGrant](../api/oauth2permissiongrant-post.md) | [oAuth2PermissionGrant](oauth2permissiongrant.md) | Create a delegated permission grant. | | [Update oAuth2PermissionGrant](../api/oauth2permissiongrant-update.md) | None | Update oAuth2PermissionGrant object. | | [Delete oAuth2PermissionGrant](../api/oauth2permissiongrant-delete.md) | None | Delete a delegated permission grant. |
+| [Delta](../api/oauth2permissiongrant-delta.md) | [oAuth2PermissionGrant](oauth2permissiongrant.md) collection |Get newly created, updated, or deleted **oauth2permissiongrant** objects without performing a full read of the entire resource collection. |
## Properties
Delegated permissions are sometimes referred to as "OAuth 2.0 scopes" or "scopes
|:|:--|:-| | id | String | Unique identifier for the **oAuth2PermissionGrant**. Read-only.| | clientId | String | The **id** of the client [service principal](serviceprincipal.md) for the application which is authorized to act on behalf of a signed-in user when accessing an API. Required. Supports `$filter` (`eq` only). |
-| consentType | String | Indicates if authorization is granted for the client application to impersonate all users or only a specific user. *AllPrincipals* indicates authorization to impersonate all users. *Principal* indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Non-admin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required. Supports `$filter` (`eq` only). |
+| consentType | String | Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. *AllPrincipals* indicates authorization to impersonate all users. *Principal* indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Non-admin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required. Supports `$filter` (`eq` only). |
| principalId | String | The **id** of the [user](user.md) on behalf of whom the client is authorized to access the resource, when **consentType** is *Principal*. If **consentType** is *AllPrincipals* this value is null. Required when **consentType** is *Principal*. | | resourceId | String | The **id** of the resource [service principal](serviceprincipal.md) to which access is authorized. This identifies the API which the client is authorized to attempt to call on behalf of a signed-in user. | | scope | String | A space-separated list of the claim values for delegated permissions which should be included in access tokens for the resource application (the API). For example, `openid User.Read GroupMember.Read.All`. Each claim value should match the **value** field of one of the delegated permissions defined by the API, listed in the **publishedPermissionScopes** property of the resource [service principal](serviceprincipal.md). | | startTime | DateTimeOffset | Currently, the start time value is ignored, but a value is required when creating an **oAuth2PermissionGrant**. Required. | | expiryTime | DateTimeOffset | Currently, the end time value is ignored, but a value is required when creating an **oAuth2PermissionGrant**. Required. |
-## Relationships
-
-None.
-
-This resource supports using [delta query](/graph/delta-query-overview) to track incremental additions, deletions, and updates, by providing a [delta](../api/oauth2permissiongrant-delta.md) function.
-
-## Methods
-
-| Method | Return Type |Description|
-|:|:--|:-|
-|[List oAuth2PermissionGrants](../api/oauth2permissiongrant-list.md) | [oAuth2PermissionGrant](oauth2permissiongrant.md) collection | Retrieve a list of **oauth2PermissionGrant** objects. |
-|[Get oAuth2PermissionGrant](../api/oauth2permissiongrant-get.md) | [oAuth2PermissionGrant](oauth2permissiongrant.md) |Read the properties and relationships of an **oAuth2PermissionGrant** object.|
-|[Update oAuth2PermissionGrant](../api/oauth2permissiongrant-update.md) | [oAuth2PermissionGrant](oauth2permissiongrant.md) |Update an **oAuth2PermissionGrant** object. |
-|[Delete oAuth2PermissionGrant](../api/oauth2permissiongrant-delete.md) | None |Delete an **oAuth2PermissionGrant** object. |
-|[Get delta](../api/oauth2permissiongrant-delta.md)|[oAuth2PermissionGrant](oauth2permissiongrant.md)|Get newly created, updated, or deleted **oauth2permissiongrant** objects without performing a full read of the entire resource collection.|
-
-## Properties
-| Property | Type |Description|
-|:|:--|:-|
-|clientId|String| The id of the service principal granted consent to impersonate the user when accessing the resource (represented by the resourceId property). |
-|consentType|String| Indicates if consent was provided by the administrator (on behalf of the organization) or by an individual. The possible values are *AllPrincipals* or *Principal*. |
-|expiryTime|DateTimeOffset| Currently, the expiry time value is ignored. |
-|id|String| Unique identifier. Read-only.|
-|principalId|String| If consentType is *AllPrincipals* this value is null, and the consent applies to all users in the organization. If consentType is *Principal*, then this property specifies the id of the user that granted consent and applies only for that user. |
-|resourceId|String| Specifies the id of the resource service principal to which access has been granted. |
-|scope|String| Specifies the value of the [scope](/graph/permissions-reference) claim that the resource application should expect in the OAuth 2.0 access token. For example, *User.Read* |
-|startTime|DateTimeOffset| Currently, the start time value is ignored. |
- ## Relationships None.
v1.0 Opentypeextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/opentypeextension.md
Apply the following guidelines when you create open extensions on Outlook resour
### Use open extensions (for Outlook resources) or extended properties
-Open extensions are the recommended solution for most scenarios involving storing and accessing custom data. If, however,
-you need to access custom data for Outlook MAPI properties that are not already exposed through the
-[Microsoft Graph API metadata](../index.md), you can use
-[extended properties and its REST API](extended-properties-overview.md). You can verify which properties the metadata
-exposes at [https://graph.microsoft.com/v1.0/$metadata](https://graph.microsoft.com/v1.0/$metadata).
+Open extensions are the recommended solution for most scenarios involving storing and accessing custom data. If, however, you need to access custom data for Outlook MAPI properties that are not already exposed through the [Microsoft Graph API metadata](/graph/traverse-the-graph#microsoft-graph-api-metadata), you can use [extended properties and its REST API](extended-properties-overview.md). You can verify which properties the metadata
+exposes at https://graph.microsoft.com/v1.0/$metadata.
## JSON representation
v1.0 Organizationalbrandingproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organizationalbrandingproperties.md
doc_type: "resourcePageType"
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] >[!NOTE]
->Adding custom branding requires you to use Azure Active Directory Premium 1, Premium 2, or Basic editions, or to have a Microsoft 365 license. For more information about licensing and editions, see [Sign up for Azure AD Premium](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-get-started-premium).<br><br>Azure AD Premium and Basic editions are available for customers in China using the worldwide instance of Azure Active Directory. Azure AD Premium and Basic editions aren't currently supported in the Azure service operated by 21Vianet in China. For more information, talk to us using the [Azure Active Directory Forum](https://feedback.azure.com/forums/169401-azure-active-directory/).
+>Adding custom branding requires you to use Azure Active Directory Premium 1, Premium 2, or Basic editions, or to have a Microsoft 365 license. For more information about licensing and editions, see [Sign up for Azure AD Premium](/azure/active-directory/fundamentals/active-directory-get-started-premium).<br><br>Azure AD Premium and Basic editions are available for customers in China using the worldwide instance of Azure Active Directory. Azure AD Premium and Basic editions aren't currently supported in the Azure service operated by 21Vianet in China. For more information, talk to us using the [Azure Active Directory Forum](https://feedback.azure.com/forums/169401-azure-active-directory/).
Contains details about the organization's branding.
v1.0 Parentlabeldetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/parentlabeldetails.md
+
+ Title: "parentLabelDetails resource type"
+description: "Represents the label details of an information protection parent label."
+localization_priority: Normal
+++
+# parentLabelDetails resource type
+
+Namespace: microsoft.graph
++
+Represents the label details of an information protection parent label. **parentLabelDetails** provides information about a single information protection label. Can be returned by [evaluateRemoval](../api/informationprotectionlabel-evaluateremoval.md), [evaluateApplication](../api/informationprotectionlabel-evaluateapplication.md), and [extractLabel](../api/informationprotectionlabel-extractLabel.md)
+
+## Properties
+
+| Property | Type | Description |
+| :- | : | :-- |
+| color | String | The color that the user interface should display for the label, if configured. |
+| description | String | The admin-defined description for the label. |
+| id | String | The label ID is a globally unique identifier (GUID). |
+| isActive | Boolean | Indicates whether the label is active or not. Active labels should be hidden or disabled in user interfaces. |
+| name | String | The plaintext name of the label. |
+| sensitivity | Int32 | The sensitivity value of the label, where lower is less sensitive. |
+| tooltip | String | The tooltip that should be displayed for the label in a user interface. |
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.parentLabelDetails",
+ "baseType": null
+}-->
+
+```json
+{
+ "color": "String",
+ "description": "String",
+ "id": "String",
+ "isActive": true,
+ "name": "String",
+ "sensitivity": 1024,
+ "tooltip": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "parentLabelDetails resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Patternedrecurrence https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/patternedrecurrence.md
The recurrence pattern and range.
## Properties | Property | Type |Description| |:|:--|:-|
-|pattern|[recurrencePattern](recurrencepattern.md)|The frequency of an event.|
+|pattern|[recurrencePattern](recurrencepattern.md)|The frequency of an event. Do not specify for a one-time access review.|
|range|[recurrenceRange](recurrencerange.md)|The duration of an event.| ## JSON representation
v1.0 Principalresourcemembershipsscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/principalresourcemembershipsscope.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] [!INCLUDE [accessreviews-disclaimer-v2](../../includes/accessreviews-disclaimer-v2.md)]
-The principalResourceMembershipsScope is a type of [accessReviewScope](accessreviewscope.md) which allows you to select a collection of principal scopes and a collection of resource scopes and review access of selected principals to selected resources. See the supported queries to see what can be selected. It is used as the `scope` property of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md).
+The principalResourceMembershipsScope is a type of [accessReviewScope](accessreviewscope.md) which allows you to select a collection of principal scopes and a collection of resource scopes and review access of selected principals to selected resources. It is used to configure the **scope** property of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md).
Inherits from [accessReviewScope](../resources/accessreviewscope.md).
Inherits from [accessReviewScope](../resources/accessreviewscope.md).
|principalScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the principals to be included in an access review.| |resourceScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the resources for which access will be reviewed.|
+You must also specify the **@odata.type** type property with the value `#microsoft.graph.principalResourceMembershipsScope`. For more about configuration options for **scope** using **principalResourceMembershipsScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
+ ## Relationships None.
-### Supported queries for resourceScope
-The queries are supported as the `resourceScope` property. They determine the set of resources access is being reviewed to.
-
-|Scenario| resourceScope Query |
-|--|--|
-| Reviewing access of principalScopes to a service principal | /servicePrincipals/{service principal ID} |
-| Reviewing access of principalScopes to an Azure AD directory role | /roleManagement/directory/roleDefinitions/{role ID} |
-| Reviewing access of principalScopes to all Azure AD directory roles | /roleManagement/directory/roleDefinitions |
-
-### Supported queries for principalScope
-The queries are supported as the `principalScope` property. They determine the set of principals whose access to the associated resourceScope will be reviewed. The associated principalScope Type lists the odata query types accepted as the principalScope.
-
-|Scenario| principalScope Query | OData Query Type | Additional Comments |
-|--|--|-- | --|
-| Review access of all users to the resourceScope | /users |[accessReviewQueryScope](accessreviewqueryscope.md)||
-| Review access of guest users to the resourceScope | /users?$filter=(userType eq 'Guest') |[accessReviewQueryScope](accessreviewqueryscope.md)||
-| Review access of all inactive users to the resourceScope | /users |[accessReviewInactiveUsersQueryScope](accessreviewinactiveusersqueryscope.md)| Must include `instanceDuration` property|
-| Review access of guest inactive users to the resourceScope | /users?$filter=(userType eq 'Guest') |[accessReviewInactiveUsersQueryScope](accessreviewinactiveusersqueryscope.md)| Must include `instanceDuration` property|
---- ## JSON representation The following is a JSON representation of the resource. <!-- {
v1.0 Privilegedidentitymanagement Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/privilegedidentitymanagement-root.md
Namespace: microsoft.graph
- [APIs for Azure resource roles](privilegedidentitymanagement-resources.md) > [!IMPORTANT]
-> The API to manage Azure AD roles is deprecated for most tenants except for a few that use an older version of Privileged Identity Management (PIM). For more information about PIM versions, see [Determine your version of PIM](https://docs.microsoft.com/azure/active-directory/privileged-identity-management/pim-how-to-activate-role?tabs=new#determine-your-version-of-pim). If you are using the new version and are recieving a **TenantEnabledInAadRoleMigration** error, you can wait until a new API is available for PIM functionality under the [unifiedRoleManagement](/graph/api/resources/unifiedroledefinition?view=graph-rest-beta) API for Azure AD roles, or you can use the [Azure Resource](/graph/api/resources/privilegedidentitymanagement-resources?view=graph-rest-beta) API for your Azure AD roles. To use the **Azure resource** API, replace `azureResources` with `aadRoles` for `provider_id` and use your tenant id for `resource_id`. We recommend that you wait for the new API. You will be able to continue using the **Azure resource** API after the new API is available. Any new features made available in the Azure portal will also be made exclusively available through the new API.
+> The API to manage Azure AD roles is deprecated for most tenants except for a few that use an older version of Privileged Identity Management (PIM). For more information about PIM versions, see [Determine your version of PIM](/azure/active-directory/privileged-identity-management/pim-how-to-activate-role?tabs=new#determine-your-version-of-pim). If you are using the new version and are recieving a **TenantEnabledInAadRoleMigration** error, you can wait until a new API is available for PIM functionality under the [unifiedRoleManagement](/graph/api/resources/unifiedroledefinition?view=graph-rest-beta&preserve-view=true) API for Azure AD roles, or you can use the [Azure Resource](/graph/api/resources/privilegedidentitymanagement-resources?view=graph-rest-beta&preserve-view=true) API for your Azure AD roles. To use the **Azure resource** API, replace `azureResources` with `aadRoles` for `provider_id` and use your tenant id for `resource_id`. We recommend that you wait for the new API. You will be able to continue using the **Azure resource** API after the new API is available. Any new features made available in the Azure portal will also be made exclusively available through the new API.
<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC -->
v1.0 Provisioningerrorinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/provisioningerrorinfo.md
Title: "provisioningErrorInfo resource type"
description: "Describes the status of the provisioning event and the associated errors." localization_priority: Normal doc_type: "resourcePageType"
Describes the status of the provisioning event and the associated errors.
|:-|:|:| |additionalDetails|String|Additional details in case of error.| |errorCategory|String|Categorizes the error code. Possible values are `failure`, `nonServiceFailure`, `success`, `unknownFutureValue`|
-|errorCode|String|Unique error code if any occurred. [Learn more](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
+|errorCode|String|Unique error code if any occurred. [Learn more](/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
|reason|String|Summarizes the status and describes why the status happened.| |recommendedAction|String|Provides the resolution for the corresponding error.|
v1.0 Removeaccessapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/removeaccessapplyaction.md
+
+ Title: "removeAccessApplyAction resource type"
+description: "Remove access from a resource for those denied in an access review of that resource."
+
+localization_priority: Normal
++
+# removeAccessApplyAction resource type
+
+Namespace: microsoft.graph
+++
+Remove access from a resource for those denied in an access review of that resource. This is the default option for[accessReviewApplyAction](../resources/accessreviewapplyaction.md) if an option is not passed in.
+
+Inherits from [accessReviewApplyAction](../resources/accessreviewapplyaction.md).
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.removeAccessApplyAction"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+}
+```
v1.0 Serviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/serviceprincipal.md
This resource supports using [delta query](/graph/delta-query-overview) to track
|[Remove appRoleAssignedTo](../api/serviceprincipal-delete-approleassignedto.md) | None | Remove an app role assignment for this service principal from a user, group, or service principal.| |**Certificates and secrets**| | | |[Add password](../api/serviceprincipal-addpassword.md)|[passwordCredential](passwordcredential.md)|Add a strong password to a servicePrincipal.|
-|[Add tokenSigningCertificate](../api/serviceprincipal-addtokensigningcertificate.md)|[selfSignedCertificate](../resources/selfsignedcertificate.md)| Add a self signed certificate to the service principal. Mostly use for configuring SAML based SSO applications from the [Azure AD gallery](https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list).
+|[Add tokenSigningCertificate](../api/serviceprincipal-addtokensigningcertificate.md)|[selfSignedCertificate](../resources/selfsignedcertificate.md)| Add a self signed certificate to the service principal. Mostly use for configuring SAML based SSO applications from the [Azure AD gallery](/azure/active-directory/saas-apps/tutorial-list).
|[Remove password](../api/serviceprincipal-removepassword.md)|[passwordCredential](passwordcredential.md)|Remove a password from a servicePrincipal.| |[Add key](../api/serviceprincipal-addkey.md)|[keyCredential](keycredential.md)|Add a key credential to a servicePrincipal.| |[Remove key](../api/serviceprincipal-removekey.md)|None|Remove a key credential from a servicePrincipal.|
v1.0 Statusdetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/statusdetails.md
Describes the status of the provisioning event and the associated errors. It is
|status|statusBase|Possible values are: `success`, `warning`, `failure`, `skipped`, `unknownFutureValue`. Inherited from statusBase.| |additionalDetails|String|Additional details in case of error.| |errorCategory|String|Categorizes the error code. Possible values are `Failure`, `NonServiceFailure`, `Success`.|
-|errorCode|String|Unique error code if any occurred. [Learn more](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
+|errorCode|String|Unique error code if any occurred. [Learn more](/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
|reason|String|Summarizes the status and describes why the status happened.| |recommendedAction|String|Provides the resolution for the corresponding error.|
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/subscription.md
A subscription allows a client app to receive change notifications about changes
- A [message][], [event][], or [contact][] in Outlook. - The [presence][] of a user in Microsoft Teams. - A [user][] or [group][] in Azure Active Directory.-- A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](https://docs.microsoft.com/en-us/graph/universal-print-webhook-notifications).
+- A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](/graph/universal-print-webhook-notifications).
- A [todoTask][] of a user in Microsoft To Do. See [Use the Microsoft Graph API to get change notifications](webhooks.md) for the possible resource path values for each supported resource.
See [Use the Microsoft Graph API to get change notifications](webhooks.md) for t
| encryptionCertificateId | string | A custom app-provided identifier to help identify the certificate needed to decrypt resource data. Optional. Required when **includeResourceData** is true. | All | | latestSupportedTlsVersion | string | Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All | | notificationContentType | string | Desired content-type for MS Graph change notifications for supported resource types. The default content-type is the "application/json" content-type. | All |
-| notificationQueryOptions | string | OData Query Options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property eg when the print job is completed, when a print job resource `isFetchable` property value becomes true etc. | [Universal Print Service](https://docs.microsoft.com/en-us/graph/universal-print-webhook-notifications) |
+| notificationQueryOptions | string | OData Query Options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property eg when the print job is completed, when a print job resource `isFetchable` property value becomes true etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
### Maximum length of subscription per resource type
v1.0 Suspiciousipriskevent https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/suspiciousipriskevent.md
Title: "suspiciousIpRiskEvent resource type"
description: "A risk event detected by Azure Active Directory Identity Protection where an account sign-in is attempted from a suspicious IP address. Complete information about risk events can be found in the Azure AD Identity Protection documentation." localization_priority: Normal doc_type: resourcePageType
v1.0 Teams Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/teams-api-overview.md
If none of those users are signed in to the Microsoft Teams application/website,
If your app polls to see whether a resource has changed, you can only do that once per day. ([teamsAsyncOperation](teamsasyncoperation.md) is an exception in that it's intended to be polled frequently.) If you need to hear about changes more frequently than that, you should [create a subscription](../api/subscription-post-subscriptions.md) to that resource and receive change notifications (webhooks).
-If you don't find support for the type of subscription you need, we encourage you to provide feedback via [UserVoice](https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?category_id=359626).
+If you don't find support for the type of subscription you need, we encourage you to provide feedback via the [Microsoft 365 Developer Platform ideas forum](https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform/label-name/Microsoft%20Graph).
When polling for new messages, you must specify a date range where supported. For details, see [get channel messages delta](../api/chatmessage-delta.md).
v1.0 Temporaryaccesspassauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/temporaryaccesspassauthenticationmethod.md
Namespace: microsoft.graph
Represents a Temporary Access Pass registered to a user. A Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. ## Methods+ |Method|Return type|Description| |:|:|:| |[List](../api/temporaryaccesspassauthenticationmethod-list.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) collection|Retrieve a list of a user's **temporaryAccessPassAuthenticationMethod** objects and their properties. Users can only have one Temporary Access Pass authentication method.| |[Create](../api/temporaryaccesspassauthenticationmethod-post.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md)|Create a user's **temporaryAccessPassAuthenticationMethod** object.|
-|[Get](../api/temporaryaccesspassauthenticationmethod-get.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md)|Retrieve the properties of the user's **temporaryAccessPassAuthenticationMethod** object.||
+|[Get](../api/temporaryaccesspassauthenticationmethod-get.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md)|Retrieve the properties of the user's **temporaryAccessPassAuthenticationMethod** object.|
|[Delete](../api/temporaryaccesspassauthenticationmethod-delete.md)|None|Delete a user's **temporaryAccessPassAuthenticationMethod** object.| ## Properties
v1.0 Unifiedroleeligibilityschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityschedulerequest.md
Title: "unifiedRoleEligibilityScheduleRequest resource type"
description: "Represents the request for eligible role assignment operations through Azure AD Privileged Identity Management." localization_priority: Normal doc_type: resourcePageType
Administrators can use `unifiedRoleEligibilityScheduleRequest` to create and/or
|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.| |directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.| |id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest.|
-|isValidationOnly|Boolean|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
|justification|String|A message provided by users and administrators when create the request about why it is needed.| |principalId|String| Objectid of the principal to which the assignment is being granted to.| |roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
This resource supports:
| showInAddressList | Boolean | `true` if the Outlook global address list should contain this user, otherwise `false`. If not set, this will be treated as `true`. For users invited through the invitation manager, this property will be set to `false`. <br><br>Returned only on `$select`.| | signInSessionsValidFromDateTime | DateTimeOffset | Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. <br><br>Returned only on `$select`. Read-only. Use [revokeSignInSessions](../api/user-revokesigninsessions.md) to reset.| | skills | String collection | A list for the user to enumerate their skills. <br><br>Returned only on `$select`. |
-| signInActivity | [signInActivity](signinactivity.md) | Get the last signed-in date and request ID of the sign-in for a given user.<br><br>Supports `$filter`, but not with any other filterable properties. <br><br>Returned only on `$select`. Read-only. <br>**Note:** Details for this property require an Azure AD Premium P1/P2 license.|
+| signInActivity | [signInActivity](signinactivity.md) | Get the last signed-in date and request ID of the sign-in for a given user.<br><br>Supports `$filter`, but not with any other filterable properties. <br><br>Returned only on `$select`. Read-only. <br>**Note:** Details for this property require an Azure AD Premium P1/P2 license and the AuditLog.Read.All permission.|
| state | String | The state or province in the user's address. Maximum length is 128 characters. <br><br>Returned only on `$select`. Supports `$filter`. | | streetAddress | String | The street address of the user's place of business. Maximum length is 1024 characters. <br><br>Returned only on `$select`.| | surname | String | The user's surname (family name or last name). Maximum length is 64 characters. <br><br>Returned by default. Supports `$filter`. |
v1.0 Userflowlanguageconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/userflowlanguageconfiguration.md
Namespace: microsoft.graph
User flows language customization is a feature that allows a given user flow to support customization of multiple languages, from all the built-in languages to a custom language.
-For [Azure Active Directory B2C user flows](https://docs.microsoft.com/azure/active-directory-b2c/user-flow-language-customization#supported-languages), you can leverage the built-in languages or provide the language customizations for a language that is not currently built-in by default. For [Azure Active Directory user flows](https://docs.microsoft.com/azure/active-directory/external-identities/user-flow-customize-language), you can only leverage the built-in languages provided by Microsoft. Both user flows for Azure Active Directory B2C and Azure Active Directory support customizing the language and strings shown to users as they go through the journeys you configure with your user flows.
+For [Azure Active Directory B2C user flows](/azure/active-directory-b2c/user-flow-language-customization#supported-languages), you can leverage the built-in languages or provide the language customizations for a language that is not currently built-in by default. For [Azure Active Directory user flows](/azure/active-directory/external-identities/user-flow-customize-language), you can only leverage the built-in languages provided by Microsoft. Both user flows for Azure Active Directory B2C and Azure Active Directory support customizing the language and strings shown to users as they go through the journeys you configure with your user flows.
## Methods
v1.0 B2xidentityuserflow Put Apiconnectorconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/b2xidentityuserflow-put-apiconnectorconfiguration.md
HTTP/1.1 204 No Content
The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "put_b2xuserflows-apiconnectorconfiguration_disable-postAttributeCollection"
Content-Type: application/json
{ } ```
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-- #### Response
v1.0 Onlinemeeting Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/onlinemeeting-get.md
doc_type: apiPageType
Namespace: microsoft.graph
-Retrieve the properties and relationships of an [onlineMeeting](../resources/onlinemeeting.md) object. You can get details of an onlineMeeting using [VideoTeleconferenceId](#example-1-retrieve-an-online-meeting-by-videoteleconferenceid) or [meeting ID](#example-2-retrieve-an-online-meeting-by-meeting-id).
+Retrieve the properties and relationships of an [onlineMeeting](../resources/onlinemeeting.md) object. You can get details of an onlineMeeting using [VideoTeleconferenceId](#example-1-retrieve-an-online-meeting-by-videoteleconferenceid), [meeting ID](#example-2-retrieve-an-online-meeting-by-meeting-id) or [JoinWebURL](#example-3-retrieve-an-online-meeting-by-joinweburl).
## Permissions
One of the following permissions is required to call this API. To learn more, in
> \* Administrators must create an [application access policy](/graph/cloud-communication-online-meeting-application-access-policy) and grant it to a user, authorizing the app configured in the policy to retrieve an online meeting on behalf of that user (user ID specified in the request path). ## HTTP request
-To get the specified onlineMeeting using meeting ID with delegated token:
+To get an onlineMeeting using meeting ID with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http GET /me/onlineMeetings/{meetingId}
+GET /users/{userId}/onlineMeetings/{meetingId}
```
-To get the specified onlineMeeting using meeting ID with application token:
+To get an onlineMeeting using **videoTeleconferenceId** with app permission*:
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{userId}/onlineMeetings/{meetingId}
+GET /communications/onlineMeetings/?$filter=VideoTeleconferenceId%20eq%20'{videoTeleconferenceId}'
```
-To get the specified onlineMeeting using **videoTeleconferenceId***:
+To get an onlineMeeting using **joinWebUrl** with delegated and app permission:
<!-- { "blockType": "ignored" } --> ```http
-GET /communications/onlineMeetings/?$filter=VideoTeleconferenceId%20eq%20'{videoTeleconferenceId}'
+GET /me/onlineMeetings?$filter=JoinWebUrl%20eq%20'{joinWebUrl}'
+GET /users/{userId}/onlineMeetings?$filter=JoinWebUrl%20eq%20'{joinWebUrl}'
``` > [!NOTE]
GET /communications/onlineMeetings/?$filter=VideoTeleconferenceId%20eq%20'{video
> - `meetingId` is the **id** of an [onlineMeeting](../resources/onlinemeeting.md) object. > - **videoTeleconferenceId** is generated for Cloud-Video-Interop licensed users and can be found in an [onlineMeeting](../resources/onlinemeeting.md) object. Refer to [VTC conference id](/microsoftteams/cloud-video-interop-for-teams-set-up) for more details. > - \* This scenario only supports application token and does not support application access policy.
+> - `joinWebUrl` must be URL encoded.
## Optional query parameters This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
If successful, this method returns a `200 OK` response code and an [onlineMeetin
## Examples
+> [!NOTE]
+> The response objects of the following examples have been shortened for readability. All the properties will be returned from an actual call.
+ ### Example 1: Retrieve an online meeting by VideoTeleconferenceId #### Request The following example shows the request. - # [HTTP](#tab/http) <!-- { "blockType": "request",
GET https://graph.microsoft.com/v1.0/communications/onlineMeetings/?$filter=Vide
#### Response
-> **Note:** The response object shown here might be shortened for readability.
- <!-- { "blockType": "response", "truncated": true,
You can retrieve meeting information via meeting ID with either a user or applic
> **Note:** The meeting ID has been truncated for readability. The following request uses a user token.
-<!-- { "blockType": "ignored" } -->
+<!-- {"blockType": "request", "name": "get-onlinemeeting-user-token"} -->
```http GET https://graph.microsoft.com/beta/me/onlineMeetings/MSpkYzE3Njc0Yy04MWQ5LTRhZGItYmZiMi04ZdFpHRTNaR1F6WGhyZWFkLnYy ```
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
``` #### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.onlineMeeting"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
-> **Note:** The response object shown here has been shortened for readability. All the properties will be returned from an actual call.
-
-```json
{ "id": "MSpkYzE3Njc0Yy04MWQ5LTRhZGItYmZiMi04ZdFpHRTNaR1F6WGhyZWFkLnYy", "creationDateTime": "2020-09-29T22:35:33.1594516Z",
GET https://graph.microsoft.com/beta/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/
} ```
+### Example 3: Retrieve an online meeting by JoinWebUrl
+You can retrieve meeting information via JoinWebUrl by using either a user or application token. This option is available to support use cases where the meeting ID is not known but the JoinWebUrl is, such as when a user creates a meeting (for example in the Microsoft Teams client), and a separate application needs to retrieve meeting details as a followup action.
+
+#### Request
+
+The following request uses a user token.
+<!-- {"blockType": "request", "name": "get-onlinemeeting-joinurl-user-token"} -->
+```http
+GET https://graph.microsoft.com/v1/me/onlineMeetings?$filter=JoinWebUrl%20eq%20'https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%253ameeting_MGQ4MDQyNTEtNTQ2NS00YjQxLTlkM2EtZWVkODYxODYzMmY2%2540thread.v2%2F0%3Fcontext%3D%257b%2522Tid%2522%253a%2522909c6581-5130-43e9-88f3-fcb3582cde37%2522%252c%2522Oid%2522%253a%2522dc17674c-81d9-4adb-bfb2-8f6a442e4622%2522%257d'
+```
+
+The following request uses an app token.
+<!-- { "blockType": "ignored" } -->
+```http
+GET https://graph.microsoft.com/v1/users/dc17674c-81d9-4adb-bfb2-8f6a442e4622/onlineMeetings?$filter=JoinWebUrl%20eq%20'https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%253ameeting_MGQ4MDQyNTEtNTQ2NS00YjQxLTlkM2EtZWVkODYxODYzMmY2%2540thread.v2%2F0%3Fcontext%3D%257b%2522Tid%2522%253a%2522909c6581-5130-43e9-88f3-fcb3582cde37%2522%252c%2522Oid%2522%253a%2522dc17674c-81d9-4adb-bfb2-8f6a442e4622%2522%257d'
+```
+
+#### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.onlineMeeting"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "dc17674c-81d9-4adb-bfb2-8f6a442e4622_19:meeting_MGQ4MDQyNTEtNTQ2NS00YjQxLTlkM2EtZWVkODYxODYzMmY2@thread.v2",
+ "creationDateTime": "2020-09-29T22:35:33.1594516Z",
+ "startDateTime": "2020-09-29T22:35:31.389759Z",
+ "endDateTime": "2020-09-29T23:35:31.389759Z",
+ "joinWebUrl": "https://teams.microsoft.com/l/meetup-join/19%3ameeting_MGQ4MDQyNTEtNTQ2NS00YjQxLTlkM2EtZWVkODYxODYzMmY2%40thread.v2/0?context=%7b%22Tid%22%3a%22909c6581-5130-43e9-88f3-fcb3582cde37%22%2c%22Oid%22%3a%22dc17674c-81d9-4adb-bfb2-8f6a442e4622%22%7d",
+ "subject": null,
+ "isEntryExitAnnounced": true,
+ "allowedPresenters": "everyone",
+ "videoTeleconferenceId": "(redacted)",
+ "participants": {
+ "organizer": {
+ "upn": "(redacted)",
+ "role": "presenter",
+ "identity": {
+ "user": {
+ "id": "dc17674c-81d9-4adb-bfb2-8f6a442e4622",
+ "displayName": null,
+ "tenantId": "909c6581-5130-43e9-88f3-fcb3582cde38",
+ "identityProvider": "AAD"
+ }
+ }
+ },
+ "attendees": [],
+ "producers": [],
+ "contributors": []
+ },
+ "lobbyBypassSettings": {
+ "scope": "organization",
+ "isDialInBypassEnabled": false
+ }
+ }
+ ]
+}
+```
+ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Organizationalbrandingproperties Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingproperties-update.md
The following request updates the banner logo for the default branding.
The following is an example of the request.
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_organizationalbrandingproperties_2"
v1.0 User Checkmembergroups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-checkmembergroups.md
Title: "checkMemberGroups" description: "Check for membership in the specified list of groups. Returns from the list those groups of which"-+ localization_priority: Priority ms.prod: "users" doc_type: apiPageType
v1.0 User Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-get.md
This method returns `202 Accepted` when the request has been processed successfu
By default, only a limited set of properties are returned ( _businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName_ ). This example illustrates the default request and response.
-<!-- { "blockType": "ignored" } -->
+<!-- {
+ "blockType": "request",
+ "name": "get_user_1"
+} -->
```http GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName} ``` ##### Response
-<!-- { "blockType": "ignored" } -->
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user"
+} -->
```http HTTP/1.1 200 OK Content-type: application/json
Content-length: 491
If you need a different property set, you can use the OData `$select` query parameter. For example, to return _displayName_, _givenName_, and _postalCode_, you would use the add the following to your query `$select=displayName,givenName,postalCode` ##### Request
-<!-- { "blockType": "ignored" } -->
+<!-- {
+ "blockType": "request",
+ "name": "get_user_2"
+} -->
```http GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}?$select=displayName,givenName,postalCode ``` ##### Response
-<!-- { "blockType": "ignored" } -->
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.user"
+} -->
```http HTTP/1.1 200 OK Content-type: application/json
v1.0 User List Memberof https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-memberof.md
Title: "List memberOf" description: "Get groups and directory roles that the user is a direct member of. "-+ localization_priority: Priority ms.prod: "users" doc_type: apiPageType
v1.0 Alternativesecurityid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/alternativeSecurityId.md
Title: "alternativeSecurityId resource type"
description: "For internal use only." localization_priority: Normal doc_type: resourcePageType
v1.0 Assignedlicense https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/assignedlicense.md
Title: "assignedLicense resource type"
description: "Represents a license assigned to a user. The **assignedLicenses** property of the user entity is a collection of **assignedLicense**." localization_priority: Normal doc_type: resourcePageType
v1.0 Azure Ad Auditlog Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/azure-ad-auditlog-overview.md
Namespace: microsoft.graph
Azure Active Directory (Azure AD) tracks user activity and creates reports that help you understand how your users access and use Azure AD services. Use the Microsoft Graph API for Azure AD to analyze the data in these reports and to create custom solutions tailored to your organization's specific needs.
-The availability of these activity reports is governed by the Azure AD data retention policies. For more information, see [data retention policies](https://docs.microsoft.com/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
+The availability of these activity reports is governed by the Azure AD data retention policies. For more information, see [data retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
## What are Azure AD activity logs?
v1.0 Azure Ad Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/azure-ad-overview.md
The following table lists some common use cases for Azure AD resources.
| Get information about an organization, such as its business address, technical and notification contacts, the service plans that it's subscribed to, and the domains associated with it. | [organization](../resources/organization.md) | N/A | | Get information about the service SKUs that a company is subscribed to. | [subscribedSku](../resources/subscribedsku.md) | N/A | | Invite external (guest) users to an organization. | [invitation](../resources/invitation.md) | [What is Azure AD B2B collaboration?](/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b) |
-| Manage branding for the sign-in experience of an organization. | [organizationalbranding](../resources/organizationalbrandingproperties.md) | [Add branding to your organization's Azure Active Directory sign-in page](https://docs.microsoft.com/azure/active-directory/fundamentals/customize-branding)|
+| Manage branding for the sign-in experience of an organization. | [organizationalbranding](../resources/organizationalbrandingproperties.md) | [Add branding to your organization's Azure Active Directory sign-in page](/azure/active-directory/fundamentals/customize-branding)|
| **Consent requests** | | | | Manage the consent request workflow for users attempting to access apps that require admin authorization. | [Consent requests API](../resources/consentrequests-root.md) |[Configure the admin consent workflow](/azure/active-directory/manage-apps/configure-admin-consent-workflow) |
v1.0 Entity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/entity.md
Title: "entity resource type"
-description: ""
+description: "Represents an entity."
localization_priority: Normal-+ doc_type: resourcePageType
v1.0 Extension https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/extension.md
Title: "extension resource type"
description: "An abstract type to support the OData v4 open type openTypeExtension." localization_priority: Normal doc_type: resourcePageType
v1.0 Invitation https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/invitation.md
Creating an invitation will return a redemption URL in the response (*inviteRede
|[Create invitation](../api/invitation-post.md) | invitation | Write properties and relationships of invitation object.| ## Properties
-| Property | Type |Description|
-|:|:--|:-|
+
+| Property| Type|Description|
+|:|:|:|
|invitedUserDisplayName|String|The display name of the user being invited.|
-|invitedUserEmailAddress|String|The email address of the user being invited. Required. The following special characters are not permitted in the email address:<br><ul><li>Tilde (~)</li><li>Exclamation point (`!`)</li><li>Number sign (`#`)</li><li>Dollar sign (`$`)</li><li>Percent (`%`)</li><li>Circumflex (`^`)</li><li>Ampersand (`&`)</li><li>Asterisk (`*`)</li><li>Parentheses (`( )`)</li><li>Plus sign (`+`)</li><li>Equal sign (`=`)</li><li>Brackets (`[ ]`)</li><li>Braces (`{ }`)</li><li>Backslash (`\`)</li><li>Slash mark (`/`)</li><li>Pipe (`\|`)</li><li>Semicolon (`;`)</li><li>Colon (`:`)</li><li>Quotation marks (`"`)</li><li>Angle brackets (`< >`)</li><li>Question mark (`?`)</li><li>Comma (`,`)</li></ul><br>However, the following exceptions apply:<br><ul><li>A period (`.`) or a hyphen (`-`) is permitted anywhere in the user name, except at the beginning or end of the name.</li><li>An underscore (`_`) is permitted anywhere in the user name. This includes at the beginning or end of the name.</li></ul>|
-|invitedUserMessageInfo|[invitedUserMessageInfo](invitedusermessageinfo.md)|Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.|
+|invitedUserEmailAddress|String|The email address of the user being invited. Required. The following special characters are not permitted in the email address:<br><ul><li>Tilde (`~`)</li><li>Exclamation point (`!`)</li><li>Number sign (`#`)</li><li>Dollar sign (`$`)</li><li>Percent (`%`)</li><li>Circumflex (`^`)</li><li>Ampersand (`&`)</li><li>Asterisk (`*`)</li><li>Parentheses (`( )`)</li><li>Plus sign (`+`)</li><li>Equal sign (`=`)</li><li>Brackets (`[ ]`)</li><li>Braces (`{ }`)</li><li>Backslash (`\`)</li><li>Slash mark (`/`)</li><li>Pipe (`\|`)</li><li>Semicolon (`;`)</li><li>Colon (`:`)</li><li>Quotation marks (`"`)</li><li>Angle brackets (`< >`)</li><li>Question mark (`?`)</li><li>Comma (`,`)</li></ul><br>However, the following exceptions apply:<br><ul><li>A period (`.`) or a hyphen (`-`) is permitted anywhere in the user name, except at the beginning or end of the name.</li><li>An underscore (`_`) is permitted anywhere in the user name. This includes at the beginning or end of the name.</li></ul>|
+|invitedUserMessageInfo|[invitedUserMessageInfo](invitedusermessageinfo.md|Additional configuration for the message being sent to the invited user, including customizing message text, language and cc recipient list.|
|sendInvitationMessage|Boolean|Indicates whether an email should be sent to the user being invited or not. The default is false.| |inviteRedirectUrl|String|The URL the user should be redirected to once the invitation is redeemed. Required.|
-|inviteRedeemUrl|String|The URL the user can use to redeem their invitation. Read-only|.
+|inviteRedeemUrl|String|The URL the user can use to redeem their invitation. Read-only.|
|invitedUserType|String|The userType of the user being invited. By default, this is `Guest`. You can invite as `Member` if you are a company administrator. |
-|status|String|The status of the invitation. Possible values are: `PendingAcceptance`, `Completed`, `InProgress`, and `Error`|
+|status|String|The status of the invitation. Possible values are: `PendingAcceptance`, `Completed`, `InProgress`, and `Error`.|
## Relationships | Relationship | Type |Description|
v1.0 Licensedetails https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/licensedetails.md
Title: "licenseDetails resource type"
description: "Contains information about a license assigned to a user." localization_priority: Normal doc_type: resourcePageType
v1.0 Opentypeextension https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/opentypeextension.md
Open extensions are supported by the following resources in the corresponding ve
|Resource |Version | |:|:-|
-| [Administrative unit](/graph/api/resources/administrativeunit?view=graph-rest-beta) | GA |
+| [Administrative unit](/graph/api/resources/administrativeunit) | GA |
| [Calendar event](event.md) | GA | | Group [calendar event](event.md) | GA | | Group conversation thread [post](post.md) | GA |
Apply the following guidelines when you create open extensions on Outlook resour
### Use open extensions (for Outlook resources) or extended properties Open extensions are the recommended solution for most scenarios involving storing and accessing custom data. If, however,
-you need to access custom data for Outlook MAPI properties that are not already exposed through the
-[Microsoft Graph API metadata](../index.md), you can use
+you need to access custom data for Outlook MAPI properties that are not already exposed through the [Microsoft Graph API metadata](/graph/traverse-the-graph#microsoft-graph-api-metadata), you can use
[extended properties and its REST API](extended-properties-overview.md). You can verify which properties the metadata
-exposes at [https://graph.microsoft.com/v1.0/$metadata](https://graph.microsoft.com/v1.0/$metadata).
+exposes at https://graph.microsoft.com/v1.0/$metadata.
## JSON representation
v1.0 Organizationalbrandingproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/organizationalbrandingproperties.md
doc_type: "resourcePageType"
# organizationalBrandingProperties resource type >[!NOTE]
->Adding custom branding requires you to use Azure Active Directory Premium 1, Premium 2, or Basic editions, or to have a Microsoft 365 license. For more information about licensing and editions, see [Sign up for Azure AD Premium](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-get-started-premium).<br><br>Azure AD Premium and Basic editions are available for customers in China using the worldwide instance of Azure Active Directory. Azure AD Premium and Basic editions aren't currently supported in the Azure service operated by 21Vianet in China. For more information, talk to us using the [Azure Active Directory Forum](https://feedback.azure.com/forums/169401-azure-active-directory/).
+>Adding custom branding requires you to use Azure Active Directory Premium 1, Premium 2, or Basic editions, or to have a Microsoft 365 license. For more information about licensing and editions, see [Sign up for Azure AD Premium](/azure/active-directory/fundamentals/active-directory-get-started-premium).<br><br>Azure AD Premium and Basic editions are available for customers in China using the worldwide instance of Azure Active Directory. Azure AD Premium and Basic editions aren't currently supported in the Azure service operated by 21Vianet in China. For more information, talk to us using the [Azure Active Directory Forum](https://feedback.azure.com/forums/169401-azure-active-directory/).
Contains details about the organization's branding.
v1.0 Patternedrecurrence https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/patternedrecurrence.md
Title: "patternedRecurrence resource type"
description: "The recurrence pattern and range." localization_priority: Normal doc_type: resourcePageType
v1.0 Provisioningerrorinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningerrorInfo.md
Title: "provisioningErrorInfo resource type"
description: "Describes the status of the provisioning event and the associated errors." localization_priority: Normal doc_type: "resourcePageType"
Describes the status of the provisioning event and the associated errors.
|:-|:|:| |additionalDetails|String|Additional details in case of error.| |errorCategory|provisioningStatusErrorCategory|Categorizes the error code. Possible values are `failure`, `nonServiceFailure`, `success`, `unknownFutureValue`|
-|errorCode|String|Unique error code if any occurred. [Learn more](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
+|errorCode|String|Unique error code if any occurred. [Learn more](/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
|reason|String|Summarizes the status and describes why the status happened.| |recommendedAction|String|Provides the resolution for the corresponding error.|
v1.0 Recurrencepattern https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/recurrencepattern.md
Title: "recurrencePattern resource type"
description: "Describes the frequency by which a recurring event repeats. " localization_priority: Normal doc_type: resourcePageType
v1.0 Recurrencerange https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/recurrencerange.md
Title: "recurrenceRange resource type"
description: "Describes a date range over which a recurring event repeats. " localization_priority: Normal doc_type: resourcePageType
v1.0 Settingtemplatevalue https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/settingtemplatevalue.md
Title: "settingTemplateValue resource type"
description: "Represents an individual template setting definition, including the default value for the setting, if the setting is not instantiated." localization_priority: Normal doc_type: resourcePageType
v1.0 Settingvalue https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/settingvalue.md
Title: "settingValue resource type"
description: "A setting represented by a name/value pair." localization_priority: Normal doc_type: resourcePageType
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/subscription.md
A subscription allows a client app to receive change notifications about changes
- Content in the hierarchy of a root folder [driveItem][] in OneDrive for Business, or of a root folder or subfolder [driveItem][] in a user's personal OneDrive. - A [list][] under a SharePoint [site][]. - A [message][], [event][], or [contact][] in Outlook.-- A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](https://docs.microsoft.com/en-us/graph/universal-print-webhook-notifications).
+- A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](/graph/universal-print-webhook-notifications).
- A [user][] or [group][] in Azure Active Directory. See [Use the Microsoft Graph API to get change notifications](webhooks.md) for the possible resource path values for each supported resource.
See [Use the Microsoft Graph API to get change notifications](webhooks.md) for t
| encryptionCertificateId | string | A custom app-provided identifier to help identify the certificate needed to decrypt resource data. Optional.| All | | latestSupportedTlsVersion | String | Specifies the latest version of Transport Layer Security (TLS) that the notification endpoint, specified by **notificationUrl**, supports. The possible values are: `v1_0`, `v1_1`, `v1_2`, `v1_3`. </br></br>For subscribers whose notification endpoint supports a version lower than the currently recommended version (TLS 1.2), specifying this property by a set [timeline](https://developer.microsoft.com/graph/blogs/microsoft-graph-subscriptions-deprecating-tls-1-0-and-1-1/) allows them to temporarily use their deprecated version of TLS before completing their upgrade to TLS 1.2. For these subscribers, not setting this property per the timeline would result in subscription operations failing. </br></br>For subscribers whose notification endpoint already supports TLS 1.2, setting this property is optional. In such cases, Microsoft Graph defaults the property to `v1_2`. | All | | notificationContentType | string | Desired content-type for MS Graph change notifications for supported resource types. The default content-type is the "application/json" content-type. | All |
-| notificationQueryOptions | string | OData Query Options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property eg when the print job is completed, when a print job resource `isFetchable` property value becomes true etc. | [Universal Print Service](https://docs.microsoft.com/en-us/graph/universal-print-webhook-notifications) |
+| notificationQueryOptions | string | OData Query Options for specifying value for the targeting resource. Clients receive notifications when resource reaches the state matching the query options provided here. With this new property in the subscription creation payload along with all existing properties, Webhooks will deliver notifications whenever a resource reaches the desired state mentioned in the notificationQueryOptions property eg when the print job is completed, when a print job resource `isFetchable` property value becomes true etc. | [Universal Print Service](/graph/universal-print-webhook-notifications) |
### Maximum length of subscription per resource type
v1.0 Teams Api Overview https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/teams-api-overview.md
If none of those users are signed in to the Microsoft Teams application/website,
If your app polls to see whether a resource has changed, you can only do that once per day. ([teamsAsyncOperation](teamsasyncoperation.md) is an exception in that it's intended to be polled frequently.) If you need to hear about changes more frequently than that, you should [create a subscription](../api/subscription-post-subscriptions.md) to that resource and receive change notifications (webhooks).
-If you don't find support for the type of subscription you need, we encourage you to provide feedback via [UserVoice](https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests?category_id=359626).
+If you don't find support for the type of subscription you need, we encourage you to provide feedback via the [Microsoft 365 Developer Platform ideas forum](https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform/label-name/Microsoft%20Graph).
When polling for new messages, you must specify a date range where supported. For details, see [get channel messages delta](../api/chatmessage-delta.md).
v1.0 Userflowlanguageconfiguration https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/userflowlanguageconfiguration.md
Namespace: microsoft.graph
Allows a user flow to support the use of multiple languages.
-For [Azure Active Directory user flows](https://docs.microsoft.com/azure/active-directory/external-identities/user-flow-customize-language), you can only leverage the built-in languages provided by Microsoft. User flows for Azure Active Directory support defining the language and strings shown to users as they go through the journeys you configure with your user flows.
+For [Azure Active Directory user flows](/azure/active-directory/external-identities/user-flow-customize-language), you can only leverage the built-in languages provided by Microsoft. User flows for Azure Active Directory support defining the language and strings shown to users as they go through the journeys you configure with your user flows.
## Methods