Updates from: 05/06/2021 03:08:41
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accessreviewpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewpolicy-get.md
If successful, this method returns a `200 OK` response code and an [accessReview
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewpolicy"
If successful, this method returns a `200 OK` response code and an [accessReview
``` http GET https://graph.microsoft.com/beta/policies/accessReviewPolicy ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
Content-Type: application/json
``` ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_accessreviewpolicy_2"
Content-Type: application/json
``` http GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/policy ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Accessreviewpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewpolicy-update.md
If successful, this method returns a `204 No Content` response code.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accessreviewpolicy"
Content-Type: application/json
"isGroupOwnerManagementEnabled": true } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response <!-- {
HTTP/1.1 204 No Content
``` ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_accessreviewpolicy_2"
Content-Type: application/json
"isGroupOwnerManagementEnabled": true } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response <!-- {
v1.0 Bitlocker List Recoverykeys https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/bitlocker-list-recoverykeys.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from most to least privileged)| |:|:|
-|Delegated (work or school account)|BitLocker.ReadBasic.All, BitLocker.Read.All|
+|Delegated (work or school account)|BitLockerKey.ReadBasic.All, BitLockerKey.Read.All|
|Delegated (personal Microsoft account)|Not supported| |Application|Not supported|
v1.0 Bitlockerrecoverykey Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/bitlockerrecoverykey-get.md
One of the following permissions is required to call this API. To learn more, in
|Permission type|Permissions (from most to least privileged)| |:|:|
-|Delegated (work or school account)|BitLocker.ReadBasic.All, BitLocker.Read.All|
+|Delegated (work or school account)|BitLockerKey.ReadBasic.All, BitLockerKey.Read.All|
|Delegated (personal Microsoft account)|Not supported| |Application|Not supported|
v1.0 Ediscovery Noncustodialdatasource Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-noncustodialdatasource-get.md
If successful, this method returns a `200 OK` response code and a [noncustodialD
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_noncustodialdatasource"
If successful, this method returns a `200 OK` response code and a [noncustodialD
``` http GET https://graph.microsoft.com/beta/compliance/ediscovery/cases/5b840b94-f821-4c4a-8cad-3a90062bf51a/noncustodialDataSources/8b69818bf6af4f8a9dede428401c71e7 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Noncustodialdatasource List Datasource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-noncustodialdatasource-list-datasource.md
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_datasource"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/compliance/ediscovery/cases/5b840b94-f821-4c4a-8cad-3a90062bf51a/noncustodialDataSources/8e402dd7f3c94a3abc086e5d07db1c6d/datasource ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Noncustodialdatasource List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-noncustodialdatasource-list.md
If successful, this method returns a `200 OK` response code and a collection of
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_noncustodialdatasource"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/compliance/ediscovery/cases/5b840b94-f821-4c4a-8cad-3a90062bf51a/noncustodialDataSources ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Noncustodialdatasource Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-noncustodialdatasource-post.md
If successful, this method returns a `201 Created` response code and a [noncusto
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_noncustodialdatasource_from_"
Content-length: 206
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Noncustodialdatasource Release https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-noncustodialdatasource-release.md
If successful, this action returns a `202 Accepted` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "noncustodialdatasource_release"
If successful, this action returns a `202 Accepted` response code.
``` http POST https://graph.microsoft.com/beta/compliance/ediscovery/cases/5b840b94-f821-4c4a-8cad-3a90062bf51a/noncustodialDataSources/8e402dd7f3c94a3abc086e5d07db1c6d/release ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Settings Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-settings-get.md
If successful, this method returns a `200 OK` response code and a [settings](../
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_settings"
If successful, this method returns a `200 OK` response code and a [settings](../
``` http GET https://graph.microsoft.com/beta/compliance/ediscovery/cases/5b840b94-f821-4c4a-8cad-3a90062bf51a/settings ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Settings Resettodefault https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-settings-resettodefault.md
If successful, this action returns a `200 OK` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "settings_resettodefault"
If successful, this action returns a `200 OK` response code.
``` http POST https://graph.microsoft.com/beta/compliance/ediscovery/cases/{caseId}/settings/resetToDefault ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Settings Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-settings-update.md
If successful, this method returns a `204 No Content` response code.
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_settings"
Content-length: 350
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Sourcecollection List Noncustodialsources https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-sourcecollection-list-noncustodialsources.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_noncustodialdatasource"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/compliance/ediscovery/cases/{caseId}/sourceCollections/{sourceCollectionId}/noncustodialSources ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Ediscovery Sourcecollection Post Noncustodialsources https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/ediscovery-sourcecollection-post-noncustodialsources.md
If successful, this method returns a `204 No Content` response code and a [noncu
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_noncustodialdatasource_from_"
Content-length: 206
"@odata.id": "https://canary.graph.microsoft.com/testprodbetancsdsaslist/compliance/ediscovery/cases/06d52284-ed81-49b8-904a-b863d3164731/noncustodialDataSources/39383530323537383742433232433246" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Group Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/group-update.md
In the request body, supply the values for relevant fields that should be update
|autoSubscribeNewMembers|Boolean|Default is `false`. Indicates whether new members added to the group will be auto-subscribed to receive email notifications. **autoSubscribeNewMembers** can't be `true` when **subscriptionEnabled** is set to `false` on the group.| |description|String|An optional description for the group.| |displayName|String|The display name for the group. This property is required when a group is created and it cannot be cleared during updates. |
-|groupTypes|String collection|Specifies the group type and its membership. <br><br>If the collection contains **Unified** then the group is a Microsoft 365 group; otherwise it's a security group. <br><br>If the collection includes **DynamicMembership**, the group has dynamic membership; otherwise, membership is static. |
+|groupTypes|String collection|Specifies the group type and its membership. <br><br>If the collection contains **Unified** then the group is a Microsoft 365 group; otherwise, it's a security group. <br><br>If the collection includes **DynamicMembership**, the group has dynamic membership; otherwise, membership is static. |
|mailEnabled|Boolean|Specifies whether the group is mail-enabled. | |mailNickname|String|The mail alias for the group. This property must be specified when a group is created. | |securityEnabled|Boolean|Specifies whether the group is a security group, including Microsoft 365 groups. |
Content-type: application/json
Content-length: 211 {
- "description": "description-value",
- "displayName": "displayName-value",
+ "description":"description-value",
+ "displayName":"displayName-value"
} ``` # [C#](#tab/csharp)
v1.0 Onlinemeeting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/onlinemeeting-update.md
PATCH /users/{userId}/onlineMeetings/{meetingId}
## Request body The table below lists the properties that can be updated. In the request body, include only the properties that need updating, with the following exceptions: -- Adjusting the start or end date/time of an online meeting always requires both **startDateTime** and **endDateTime** properties in the request body.-- Adjusting the **attendees** field of the **participants** property, such as adding or removing an attendee to the meeting, always requires the full list of attendees in the request body.
+- Updating the start or end date/time of an online meeting always requires both **startDateTime** and **endDateTime** properties in the request body.
+- **organizer** field of the **participants** property cannot be updated. The organizer of the meeting cannot be modified once the meeting is created.
+- Updating the **attendees** field of the **participants** property, such as adding or removing an attendee to the meeting, always requires the full list of attendees in the request body.
| Property | Type | Description | |-|--|| | startDateTime | DateTime | The meeting start time in UTC. | | endDateTime | DateTime | The meeting end time in UTC. | | subject | String | The subject of the online meeting. |
-| participants | [meetingParticipants](../resources/meetingparticipants.md) | The participants associated with the online meeting. This includes the organizer and the attendees. |
+| participants | [meetingParticipants](../resources/meetingparticipants.md) | The participants associated with the online meeting. Only attendees can be updated. |
| isEntryExitAnnounced | Boolean | Whether or not to announce when callers join or leave. | | lobbyBypassSettings | [lobbyBypassSettings](../resources/lobbyBypassSettings.md) | Specifies which participants can bypass the meeting lobby. | | allowedPresenters | onlineMeetingPresenters | Specifies who can be a presenter in a meeting. Possible values are everyone, organization, roleIsPresenter, organizer, and unknownFutureValue. |
v1.0 Rbacapplication List Roleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-list-roleassignments.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /roleManagement/directory/roleAssignments
+GET /roleManagement/directory/roleAssignments?$filter=principalId eq '{principal id}'
+
+GET /roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '{roleDefinition id}'
```
-## Optional query parameters
+## Query parameters
-This operation requires the `$filter` query parameter. You can filter on the `roleDefinitionId` or `principalId` properties. The `roleDefinitionId` property can be either a role object ID or a role template object ID. For general information, see [OData query parameters](/graph/query-parameters).
+This operation requires the `$filter` query parameter. You can filter on the `roleDefinitionId` or `principalId` properties. The `roleDefinitionId` property can be either a role object ID or a role template object ID. The `$expand` query parameter is also supported on **principal**. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
If successful, this method returns a `200 OK` response code and a collection of
## Examples
-### Example 1: Request using a filter on role definition ID
+### Example 1: Request using $filter on role definition ID and expand principal
#### Request
v1.0 Rbacapplication List Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-list-roledefinitions.md
GET /roleManagement/directory/roleDefinitions
``` ## Optional query parameters
-This method supports `$filter` on `id`, `displayName`, and `isBuiltIn`. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports `$filter` query parameter on `id`, `displayName`, and `isBuiltIn` properties. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
v1.0 Signin Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/signin-get.md
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and a [signIn](../resources/signin.md) object in the response body.
-## Examples
+## Example
-### Example 1: User signs in using MFA, which is triggered by a conditional access policy. Primary authentication is through FIDO.
-
-#### Request
+### Request
The following is an example of the request.--
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_signin_1" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/auditLogs/signIns/{id}
+GET https://graph.microsoft.com/beta/auditLogs/signIns/66ea54eb-blah-4ee5-be62-ff5a759b0100
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--
-#### Response
+### Response
The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response",
The following is an example of the response.
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 211
--
-{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/signIns",
- "value": [
- {
- "id": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
- "createdDateTime": "2020-03-13T19:15:41.6195833Z",
- "userDisplayName": "Test contoso",
- "userPrincipalName": "testaccount1@contoso.com",
- "userId": "26be570a-1111-5555-b4e2-a37c6808512d",
- "appId": "de8bc8b5-5555-6666-a8ad-b748da725064",
- "appDisplayName": "Graph explorer",
- "authenticationRequirement": "MultifactorAuthentication",
- "ipAddress": "131.107.159.37",
- "clientAppUsed": "Browser",
- "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.66",
- "correlationId": "d79f5bee-blah-4832-928f-3133e22ae912",
- "conditionalAccessStatus": "notApplied",
- "originalRequestId": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
- "isInteractive": true,
- "tokenIssuerName": "",
- "tokenIssuerType": "AzureAD",
- "processingTimeInMilliseconds": 541,
- "riskDetail": "none",
- "riskLevelAggregated": "none",
- "riskLevelDuringSignIn": "none",
- "riskState": "none",
- "riskEventTypes": [],
- "riskEventTypes_v2": [],
- "resourceDisplayName": "Microsoft Graph",
- "resourceId": "00000003-0000-0000-c000-000000000000",
- "authenticationMethodsUsed": [],
- "alternateSignInName": "testaccount2@contoso.com",
- "servicePrincipalName": null,
- "servicePrincipalId": "",
- "mfaDetail": null,
- "status": {
- "errorCode": 0,
- "failureReason": null,
- "additionalDetails": null
- },
- "deviceDetail": {
- "deviceId": "",
- "displayName": null,
- "operatingSystem": "Windows 10",
- "browser": "Edge 80.0.361",
- "isCompliant": null,
- "isManaged": null,
- "trustType": null
- },
- "location": {
- "city": "Redmond",
- "state": "Washington",
- "countryOrRegion": "US",
- "geoCoordinates": {
- "altitude": null,
- "latitude": 47.68050003051758,
- "longitude": -122.12094116210938
- }
- },
- "appliedConditionalAccessPolicies": [
- {
- "id": "de7e60eb-ed89-4d73-8205-2227def6b7c9",
- "displayName": "SharePoint limited access for guest workers",
- "enforcedGrantControls": [],
- "enforcedSessionControls": [],
- "result": "notEnabled",
- "conditionsSatisfied": "none",
- "conditionsNotSatisfied": "none"
- },
- {
- "id": "6701123a-b4c6-48af-8565-565c8bf7cabc",
- "displayName": "Medium signin risk block",
- "enforcedGrantControls": [],
- "enforcedSessionControls": [],
- "result": "notEnabled",
- "conditionsSatisfied": "none",
- "conditionsNotSatisfied": "none"
- },
-
- ],
- "authenticationProcessingDetails": [],
- "networkLocationDetails": [],
- "authenticationDetails": [
- {
- "authenticationStepDateTime":"2018-11-06T18:48:03.8313489Z",
- "authenticationMethod":"FIDO2",
- "authenticationMethodDetail":"1G54395783",
- "succeeded":true,
- "authenticationStepResultDetail":"methodSucceeded",
- "authenticationStepRequirement":"Primary authentication"
- },
- {
- "authenticationStepDateTime":"2018-11-06T18:48:12.94725647Z",
- "authenticationMethod":"Claim in access token",
- "authenticationMethodDetail":null,
- "succeeded":true,
- "authenticationStepResultDetail":"methodSucceeded",
- "authenticationStepRequirement":"MFA"
- }
- ],
- "authenticationRequirementPolicies": []
- }
- ]
-}
-```
-
-### Example 2: User signs in with only primary authentication. Primary authentication is through cloud password.
-
-#### Request
-
-The following is an example of the request.
--
-# [HTTP](#tab/http)
-<!-- {
- "blockType": "request",
- "name": "get_signin_2"
-}-->
-```msgraph-interactive
-GET https://graph.microsoft.com/beta/auditLogs/signIns/{id}
-```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
----
-#### Response
-
-The following is an example of the response.
-
-<!-- {
- "blockType": "response",
- "truncated": true,
- "@odata.type": "microsoft.graph.signIn"
-} -->
-
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
-Content-length: 211
{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/signIns",
- "value": [
+ "id": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
+ "createdDateTime": "2020-03-13T19:15:41.6195833Z",
+ "userDisplayName": "Test contoso",
+ "userPrincipalName": "testaccount1@contoso.com",
+ "userId": "26be570a-1111-5555-b4e2-a37c6808512d",
+ "appId": "de8bc8b5-5555-6666-a8ad-b748da725064",
+ "appDisplayName": "Graph explorer",
+ "authenticationRequirement": "MultifactorAuthentication",
+ "ipAddress": "131.107.159.37",
+ "clientAppUsed": "Browser",
+ "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.66",
+ "correlationId": "d79f5bee-blah-4832-928f-3133e22ae912",
+ "conditionalAccessStatus": "notApplied",
+ "originalRequestId": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
+ "isInteractive": true,
+ "tokenIssuerName": "",
+ "tokenIssuerType": "AzureAD",
+ "processingTimeInMilliseconds": 541,
+ "riskDetail": "none",
+ "riskLevelAggregated": "none",
+ "riskLevelDuringSignIn": "none",
+ "riskState": "none",
+ "riskEventTypes": [],
+ "riskEventTypes_v2": [],
+ "resourceDisplayName": "Microsoft Graph",
+ "resourceId": "00000003-0000-0000-c000-000000000000",
+ "authenticationMethodsUsed": [],
+ "alternateSignInName": "testaccount2@contoso.com",
+ "servicePrincipalName": null,
+ "servicePrincipalId": "",
+ "mfaDetail": null,
+ "status": {
+ "errorCode": 0,
+ "failureReason": null,
+ "additionalDetails": null
+ },
+ "deviceDetail": {
+ "deviceId": "",
+ "displayName": null,
+ "operatingSystem": "Windows 10",
+ "browser": "Edge 80.0.361",
+ "isCompliant": null,
+ "isManaged": null,
+ "trustType": null
+ },
+ "location": {
+ "city": "Redmond",
+ "state": "Washington",
+ "countryOrRegion": "US",
+ "geoCoordinates": {
+ "altitude": null,
+ "latitude": 47.68050003051758,
+ "longitude": -122.12094116210938
+ }
+ },
+ "appliedConditionalAccessPolicies": [
+ {
+ "id": "de7e60eb-ed89-4d73-8205-2227def6b7c9",
+ "displayName": "SharePoint limited access for guest workers",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled",
+ "conditionsSatisfied": "none",
+ "conditionsNotSatisfied": "none"
+ },
{
- "id":"b01b1726-0147-425e-a7f7-21f252050400",
- "createdDateTime":"2018-11-06T18:48:33.8527147Z",
- "userDisplayName":"Jon Doe",
- "userPrincipalName":"jdoe@contoso.com",
- "userId":"d7cc485d-2c1b-422c-98fd-5ce52859a4a3",
- "appId":"c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
- "appDisplayName":"Azure Portal",
- "authenticationRequirement": "singleFactorAuthentication",
- "ipAddress":"207.254.19.10",
- "clientAppUsed":"Browser",
- "authenticationDetails": [
- {
- "authenticationStepDateTime":"2018-11-06T18:48:03.8313489Z",
- "authenticationMethod":"Password",
- "authenticationMethodDetail":"Cloud password",
- "succeeded":true,
- "authenticationStepResultDetail":"methodSucceeded",
- "authenticationStepRequirement":"Primary authentication"
- }
- ],
- "correlationId":"65dd87ce-2183-419e-81a9-d6e20379bcc2",
- "conditionalAccessStatus":"applied",
- "isInteractive":true,
- "tokenIssuerName":null,
- "tokenIssuerType":"AzureAD",
- "processingTimeInMilliseconds":100,
- "riskDetail":"none",
- "riskLevelAggregated":"none",
- "riskLevelDuringsignIn":"none",
- "riskState":"none",
- "riskEventTypes":[],
- "resourceDisplayName":"windows azure service management api",
- "resourceId":"797f4846-ba00-4fd7-ba43-dac1f8f63013",
- "status":{},
- "deviceDetail": {
- "deviceId":null,
- "displayName":null,
- "operatingSystem":"Windows 7",
- "browser":"Chrome 63.0.3239",
- "isCompliant":null,
- "isManaged":null,
- "trustType":null
- },
- "location": {
- "city":"Lithia Springs",
- "state":"Georgia",
- "countryOrRegion":"US",
- "geoCoordinates": {
- "altitude":null,
- "latitude":33.7930908203125,
- "longitude":-84.445358276367188
- }
- },
- "appliedConditionalAccessPolicies": [
- {
- "id":"6551c58c-e5da-4036-a6ea-c2c3fad264f1",
- "displayName":"MFA policy",
- "enforcedGrantControls": [
- "Mfa",
- "RequireCompliantDevice"
- ],
- "enforcedSessionControls":[],
- "result":"notApplied"
- },
- {
- "id":"b645a140-20fe-4ce0-a724-18ab201e9026",
- "displayName":"PipelineTest4",
- "enforcedGrantControls":[],
- "enforcedSessionControls":[],
- "result":"notEnabled"
- }
- ],
- "authenticationProcessingDetails":[],
- "networkLocationDetails":[]
+ "id": "6701123a-b4c6-48af-8565-565c8bf7cabc",
+ "displayName": "Medium signin risk block",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled",
+ "conditionsSatisfied": "none",
+ "conditionsNotSatisfied": "none"
+ },
+ ],
+ "authenticationProcessingDetails": [],
+ "networkLocationDetails": [],
+ "authenticationDetails": [
+ {
+ "authenticationStepDateTime": "2018-11-06T18:48:03.8313489Z",
+ "authenticationMethod": "FIDO2",
+ "authenticationMethodDetail": "1G54395783",
+ "succeeded": true,
+ "authenticationStepResultDetail": "methodSucceeded",
+ "authenticationStepRequirement": "Primary authentication"
+ },
+ {
+ "authenticationStepDateTime": "2018-11-06T18:48:12.94725647Z",
+ "authenticationMethod": "Claim in access token",
+ "authenticationMethodDetail": null,
+ "succeeded": true,
+ "authenticationStepResultDetail": "methodSucceeded",
+ "authenticationStepRequirement": "MFA"
}
- ]
+ ],
+ "authenticationRequirementPolicies": []
}
-```
+```
v1.0 Signin List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/signin-list.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of [signIn](../resources/signin.md) objects. The list contains the user sign-ins for your Azure Active Directory tenant. Sign-ins where a username and password are passed as part of authorization token, and successful federated sign-ins are currently included in the sign-in logs. The most recent sign-ins are returned first.
+Get a list of [signIn](../resources/signin.md) objects. The list contains the user sign-ins for your Azure Active Directory tenant. Sign-ins where a username and password are passed as part of authorization token, and successful federated sign-ins are currently included in the sign-in logs. The maximum and default page size is 1,000 objects and by default, the most recent sign-ins are returned first.
## Permissions
GET auditLogs/signIns
## Optional query parameters
-This method supports the following OData Query Parameters to help customize the response. For details about how to use these parameters, see [OData query parameters](/graph/query_parameters).
-
-| Name | Description | Example |
-|:- |:-- |:- |
-| [$filter](/graph/query-parameters#filter-parameter)| Filters results (rows). | `/auditLogs/signIns?&$filter=createdDateTime le 2018-01-24` |
-| [$top](/graph/query-parameters#top-parameter) | Sets the page size of results. | `/auditLogs/signIns?$top=1` |
-| [$skiptoken](/graph/query-parameters#skiptoken-parameter) | Retrieves the next page of results from result sets that span multiple pages. |`/auditLogs/signIns?$skiptoken=01fa0e77c60c2d3d63226c8e3294c860__1` |
-
-### Attributes supported by $filter parameter
-
-| Attribute Name | Supported operators |
-|:-- |:- |
-| id | eq |
-| userId | eq |
-| appId | eq |
-| createdDateTime | eq, le, ge |
-| userDisplayName | eq, startswith |
-| userPrincipalName | eq, startswith |
-| appDisplayName | eq, startswith |
-| authenticationRequirement |eq, startswith |
-| ipAddress | eq, startswith |
-| location/city | eq, startswith |
-| location/state | eq, startswith |
-| location/countryOrRegion | eq, startswith |
-| status/errorCode | eq |
-| initiatedBy/user/id | eq |
-| initiatedBy/user/displayName | eq |
-| initiatedBy/user/userPrincipalName | eq, startswith |
-| clientAppUsed | eq |
-| conditionalAccessStatus | eq |
-| deviceDetail/browser | eq, startswith |
-| deviceDetail/operatingSystem | eq, startswith |
-| correlationId | eq |
-| riskDetail | eq |
-| riskLevelAggregated | eq |
-| riskLevelDuringSignIn | eq |
-| riskEventTypes | eq |
-| riskEventTypes_v2 | eq, startswith |
-| riskState | eq |
-| originalRequestId | eq |
-| tokenIssuerName | eq |
-| tokenIssuerType | eq |
-| resourceDisplayName | eq |
-| resourceId | eq |
-| servicePrincipalId | eq, startswith |
-| servicePrincipalName | eq, startswith |
-| userAgent | eq, startswith |
-| alternateSignInName | eq, startswith |
+This method supports the `$top`, `$skiptoken`, and `$filter` OData Query Parameters to help customize the response. For details about how to use these parameters, see [OData query parameters](/graph/query_parameters).
## Request headers
If successful, this method returns a `200 OK` response code and collection of [s
## Examples
-### Example 1: User signs in using MFA, which is triggered by a conditional access policy. Primary authentication is through FIDO.
+### Example 1: List all sign-ins
+In this example, the response object shows the user signed in using MFA which was triggered by a conditional access policy, and the primary authentication method is through FIDO.
#### Request
GET https://graph.microsoft.com/beta/auditLogs/signIns
#### Response-
-The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response",
The following is an example of the response.
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 211
{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/signIns",
- "value": [
- {
- "id": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
- "createdDateTime": "2020-03-13T19:15:41.6195833Z",
- "userDisplayName": "Test contoso",
- "userPrincipalName": "testaccount1@contoso.com",
- "userId": "26be570a-1111-5555-b4e2-a37c6808512d",
- "appId": "de8bc8b5-5555-6666-a8ad-b748da725064",
- "appDisplayName": "Graph explorer",
- "authenticationRequirement": "multiFactorAuthentication",
- "ipAddress": "131.107.159.37",
- "clientAppUsed": "Browser",
- "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.66",
- "correlationId": "d79f5bee-blah-4832-928f-3133e22ae912",
- "conditionalAccessStatus": "notApplied",
- "originalRequestId": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
- "isInteractive": true,
- "tokenIssuerName": "",
- "tokenIssuerType": "AzureAD",
- "processingTimeInMilliseconds": 541,
- "riskDetail": "none",
- "riskLevelAggregated": "none",
- "riskLevelDuringSignIn": "none",
- "riskState": "none",
- "riskEventTypes": [],
- "riskEventTypes_v2": [],
- "resourceDisplayName": "Microsoft Graph",
- "resourceId": "00000003-0000-0000-c000-000000000000",
- "authenticationMethodsUsed": [],
- "alternateSignInName": "testaccount2.contoso.com",
- "servicePrincipalName": null,
- "servicePrincipalId": "",
- "mfaDetail": null,
- "status": {
- "errorCode": 0,
- "failureReason": null,
- "additionalDetails": null
- },
- "deviceDetail": {
- "deviceId": "",
- "displayName": null,
- "operatingSystem": "Windows 10",
- "browser": "Edge 80.0.361",
- "isCompliant": null,
- "isManaged": null,
- "trustType": null
- },
- "location": {
- "city": "Redmond",
- "state": "Washington",
- "countryOrRegion": "US",
- "geoCoordinates": {
- "altitude": null,
- "latitude": 47.68050003051758,
- "longitude": -122.12094116210938
- }
- },
- "appliedConditionalAccessPolicies": [
- {
- "id": "de7e60eb-ed89-4d73-8205-2227def6b7c9",
- "displayName": "SharePoint limited access for guest workers",
- "enforcedGrantControls": [],
- "enforcedSessionControls": [],
- "result": "notEnabled",
- "conditionsSatisfied": "none",
- "conditionsNotSatisfied": "none"
- },
- {
- "id": "6701123a-b4c6-48af-8565-565c8bf7cabc",
- "displayName": "Medium signin risk block",
- "enforcedGrantControls": [],
- "enforcedSessionControls": [],
- "result": "notEnabled",
- "conditionsSatisfied": "none",
- "conditionsNotSatisfied": "none"
- },
-
- ],
- "authenticationProcessingDetails": [],
- "networkLocationDetails": [],
- "authenticationDetails": [
- {
- "authenticationStepDateTime":"2018-11-06T18:48:03.8313489Z",
- "authenticationMethod":"FIDO2",
- "authenticationMethodDetail":"1G54395783",
- "succeeded":true,
- "authenticationStepResultDetail":"methodSucceeded",
- "authenticationStepRequirement":"Primary authentication"
- },
- {
- "authenticationStepDateTime":"2018-11-06T18:48:12.94725647Z",
- "authenticationMethod":"Claim in access token",
- "authenticationMethodDetail":null,
- "succeeded":true,
- "authenticationStepResultDetail":"methodSucceeded",
- "authenticationStepRequirement":"MFA"
- }
- ],
- "authenticationRequirementPolicies": []
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/signIns",
+ "value": [
+ {
+ "id": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
+ "createdDateTime": "2020-03-13T19:15:41.6195833Z",
+ "userDisplayName": "Test contoso",
+ "userPrincipalName": "testaccount1@contoso.com",
+ "userId": "26be570a-1111-5555-b4e2-a37c6808512d",
+ "appId": "de8bc8b5-5555-6666-a8ad-b748da725064",
+ "appDisplayName": "Graph explorer",
+ "authenticationRequirement": "multiFactorAuthentication",
+ "ipAddress": "131.107.159.37",
+ "clientAppUsed": "Browser",
+ "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 Edg/80.0.361.66",
+ "correlationId": "d79f5bee-blah-4832-928f-3133e22ae912",
+ "conditionalAccessStatus": "notApplied",
+ "originalRequestId": "66ea54eb-blah-4ee5-be62-ff5a759b0100",
+ "isInteractive": true,
+ "tokenIssuerName": "",
+ "tokenIssuerType": "AzureAD",
+ "processingTimeInMilliseconds": 541,
+ "riskDetail": "none",
+ "riskLevelAggregated": "none",
+ "riskLevelDuringSignIn": "none",
+ "riskState": "none",
+ "riskEventTypes": [],
+ "riskEventTypes_v2": [],
+ "resourceDisplayName": "Microsoft Graph",
+ "resourceId": "00000003-0000-0000-c000-000000000000",
+ "authenticationMethodsUsed": [],
+ "alternateSignInName": "testaccount2.contoso.com",
+ "servicePrincipalName": null,
+ "servicePrincipalId": "",
+ "mfaDetail": null,
+ "status": {
+ "errorCode": 0,
+ "failureReason": null,
+ "additionalDetails": null
+ },
+ "deviceDetail": {
+ "deviceId": "",
+ "displayName": null,
+ "operatingSystem": "Windows 10",
+ "browser": "Edge 80.0.361",
+ "isCompliant": null,
+ "isManaged": null,
+ "trustType": null
+ },
+ "location": {
+ "city": "Redmond",
+ "state": "Washington",
+ "countryOrRegion": "US",
+ "geoCoordinates": {
+ "altitude": null,
+ "latitude": 47.68050003051758,
+ "longitude": -122.12094116210938
}
- ]
+ },
+ "appliedConditionalAccessPolicies": [
+ {
+ "id": "de7e60eb-ed89-4d73-8205-2227def6b7c9",
+ "displayName": "SharePoint limited access for guest workers",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled",
+ "conditionsSatisfied": "none",
+ "conditionsNotSatisfied": "none"
+ },
+ {
+ "id": "6701123a-b4c6-48af-8565-565c8bf7cabc",
+ "displayName": "Medium signin risk block",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled",
+ "conditionsSatisfied": "none",
+ "conditionsNotSatisfied": "none"
+ },
+ ],
+ "authenticationProcessingDetails": [],
+ "networkLocationDetails": [],
+ "authenticationDetails": [
+ {
+ "authenticationStepDateTime":"2018-11-06T18:48:03.8313489Z",
+ "authenticationMethod":"FIDO2",
+ "authenticationMethodDetail":"1G54395783",
+ "succeeded":true,
+ "authenticationStepResultDetail":"methodSucceeded",
+ "authenticationStepRequirement":"Primary authentication"
+ },
+ {
+ "authenticationStepDateTime":"2018-11-06T18:48:12.94725647Z",
+ "authenticationMethod":"Claim in access token",
+ "authenticationMethodDetail":null,
+ "succeeded":true,
+ "authenticationStepResultDetail":"methodSucceeded",
+ "authenticationStepRequirement":"MFA"
+ }
+ ],
+ "authenticationRequirementPolicies": []
+ }
+ ]
} ```
-### Example 2: User signs in with only primary authentication. Primary authentication is through cloud password.
+### Example 2: Retrieve the first 10 sign-ins to apps with the appDisplayName that starts with 'Azure'
-#### Request
+In this example, the response object shows the user signed in using only their primary authentication methodΓÇöa cloud password. The response includes a `@odata.nextLink` property which contains a URL that can be used to retrieve the next 10 results.
-The following is an example of the request.
--
-# [HTTP](#tab/http)
+#### Request
<!-- { "blockType": "request", "name": "get_signins_2" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/auditLogs/signIns
+GET https://graph.microsoft.com/beta/auditLogs/signins?&$filter=startsWith(appDisplayName,'Azure')&top=10
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--- #### Response-
-The following is an example of the response.
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response",
The following is an example of the response.
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 211
{ "@odata.context": "https://graph.microsoft.com/beta/$metadata#auditLogs/signIns",
+ "@odata.nextLink": "https://graph.microsoft.com/beta/auditLogs/signins?$filter=startsWith(appDisplayName%2c%27Azure%27)&$top=10&$skiptoken=3cff228c89605cc89b0dc753668deef4153e8644caa6d83ed1bb5f711b21cba4",
"value": [ { "id":"b01b1726-0147-425e-a7f7-21f252050400",
Content-length: 211
"userId":"d7cc485d-2c1b-422c-98fd-5ce52859a4a3", "appId":"c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName":"Azure Portal",
- "authenticationRequirement": "singleFactorAuthentication",
- "ipAddress":"207.254.19.10",
+ "authenticationRequirement": "singleFactorAuthentication",
+ "ipAddress":"131.107.159.37",
"clientAppUsed":"Browser", "authenticationDetails": [ {
Content-length: 211
"riskLevelDuringsignIn":"none", "riskState":"none", "riskEventTypes":[],
- "resourceDisplayName":"windows azure service management api",
+ "resourceDisplayName":"Windows Azure Service Management API",
"resourceId":"797f4846-ba00-4fd7-ba43-dac1f8f63013", "status":{}, "deviceDetail": { "deviceId":null, "displayName":null,
- "operatingSystem":"Windows 7",
- "browser":"Chrome 63.0.3239",
+ "operatingSystem":"Windows 10",
+ "browser":"Chrome 90.0.4430",
"isCompliant":null, "isManaged":null, "trustType":null }, "location": {
- "city":"Lithia Springs",
- "state":"Georgia",
- "countryOrRegion":"US",
+ "city": "Redmond",
+ "state": "Washington",
+ "countryOrRegion": "US",
"geoCoordinates": {
- "altitude":null,
- "latitude":33.7930908203125,
- "longitude":-84.445358276367188
+ "altitude": null,
+ "latitude": 47.68050003051758,
+ "longitude": -122.12094116210938
} }, "appliedConditionalAccessPolicies": [
v1.0 Windowsupdates Azureaddevice Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-azureaddevice-delete.md
If successful, this method returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_azureaddevice"
If successful, this method returns a `202 Accepted` response code. It does not r
``` http DELETE https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/{azureADDeviceId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Azureaddevice Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-azureaddevice-get.md
If successful, this method returns a `200 OK` response code and an [azureADDevic
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_azureaddevice"
If successful, this method returns a `200 OK` response code and an [azureADDevic
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/983f03cd-03cd-983f-cd03-3f98cd033f98 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Catalog List Entries https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-catalog-list-entries.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_catalogentry"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/catalog/entries ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deployment Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deployment-delete.md
If successful, this method returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_deployment"
If successful, this method returns a `202 Accepted` response code. It does not r
``` http DELETE https://graph.microsoft.com/beta/admin/windows/updates/deployments/{deploymentId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deployment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deployment-get.md
If successful, this method returns a `200 OK` response code and a [deployment](.
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_deployment"
If successful, this method returns a `200 OK` response code and a [deployment](.
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/deployments/b5171742-1742-b517-4217-17b5421717b5 ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deployment Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deployment-update.md
If successful, this method returns a `202 Accepted` response code and an updated
In this example, the deployment is paused by updating the `requestedValue` of the deployment `state`. #### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "update_deployment",
Content-Type: application/json
}, } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ #### Response
v1.0 Windowsupdates Deploymentaudience List Exclusions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deploymentaudience-list-exclusions.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_updatableasset"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/deployments/{deploymentId}/audience/exclusions ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deploymentaudience List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deploymentaudience-list-members.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_updatableasset"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/deployments/{deploymentId}/audience/members ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deploymentaudience Updateaudience https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deploymentaudience-updateaudience.md
If successful, this action returns a `202 Accepted` response code. It does not r
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "deploymentaudience_updateaudience"
Content-length: 599
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Deploymentaudience Updateaudiencebyid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-deploymentaudience-updateaudiencebyid.md
If successful, this action returns a `202 Accepted` response code. It does not r
### Request +
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "deploymentaudience_updateaudiencebyid"
Content-length: 204
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableasset Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableasset-delete.md
If successful, this method returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_updatableasset"
If successful, this method returns a `202 Accepted` response code. It does not r
``` http DELETE https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/{updatableAssetId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response <!-- {
v1.0 Windowsupdates Updatableasset Enrollassets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableasset-enrollassets.md
If successful, this action returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "updatableasset_enrollassets"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableasset Enrollassetsbyid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableasset-enrollassetsbyid.md
If successful, this action returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "updatableasset_enrollassetsbyid"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableasset Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableasset-get.md
If successful, this method returns a `200 OK` response code and an [updatableAss
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_updatableasset"
If successful, this method returns a `200 OK` response code and an [updatableAss
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/{updatableAssetId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableasset Unenrollassetsbyid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableasset-unenrollassetsbyid.md
If successful, this action returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "updatableasset_unenrollassetsbyid"
Content-Type: application/json
] } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableassetgroup Addmembersbyid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableassetgroup-addmembersbyid.md
If successful, this action returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "updatableassetgroup_addmembersbyid"
Content-Type: application/json
"memberEntityType": "#microsoft.graph.windowsUpdates.azureADDevice" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableassetgroup Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableassetgroup-delete.md
If successful, this method returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "delete_updatableassetgroup"
If successful, this method returns a `202 Accepted` response code. It does not r
``` http DELETE https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/{updatableAssetGroupId} ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableassetgroup Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableassetgroup-get.md
If successful, this method returns a `200 OK` response code and an [updatableAss
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_updatableassetgroup"
If successful, this method returns a `200 OK` response code and an [updatableAss
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/5c55730b-730b-5c55-0b73-555c0b73555c ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableassetgroup List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableassetgroup-list-members.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_updatableasset"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/{updatableAssetGroupId}/microsoft.graph.windowsUpdates.updatableAssetGroup/members ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updatableassetgroup Removemembersbyid https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updatableassetgroup-removemembersbyid.md
If successful, this action returns a `202 Accepted` response code. It does not r
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "updatableassetgroup_removemembersbyid"
Content-Type: application/json
"memberEntityType": "#microsoft.graph.windowsUpdates.azureADDevice" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates List Deployments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-list-deployments.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_deployment"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/deployments ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates List Updatableassets Azureaddevice https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-list-updatableassets-azureaddevice.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_azureaddevice"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/?$filter=isof('microsoft.graph.windowsUpdates.azureADDevice') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates List Updatableassets Updatableassetgroup https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-list-updatableassets-updatableassetgroup.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_updatableassetgroup"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets/?$filter=isof('microsoft.graph.windowsUpdates.updatableAssetGroup') ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates List Updatableassets https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-list-updatableassets.md
If successful, this method returns a `200 OK` response code and a collection of
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "list_updatableasset"
If successful, this method returns a `200 OK` response code and a collection of
``` http GET https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates Post Deployments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-post-deployments.md
If successful, this method returns a `201 Created` response code and a [deployme
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_deployment_from_"
Content-length: 344
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Windowsupdates Updates Post Updatableassets Updatableassetgroup https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/windowsupdates-updates-post-updatableassets-updatableassetgroup.md
If successful, this method returns a `201 Created` response code and an [updatab
## Examples ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_updatableassetgroup_from_"
Content-length: 76
"@odata.type": "#microsoft.graph.windowsUpdates.updatableAssetGroup" } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Cloudpconpremisesconnectionhealthcheck https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/cloudpconpremisesconnectionhealthcheck.md
The result of a cloud PC on-premises connection health check.
|adJoinCheckIncorrectCredentials|The active domain join check failed because the domain credentials are incorrect. Please update the username and password.| |adJoinCheckOrganizationalUnitNotFound|The active domain join check failed because the specified organizational unit was not found. Please re-enter organization unit.| |adJoinCheckOrganizationalUnitIncorrectFormat|The active domain join check failed beccause the format of the specified organizational unit is incorrect. Example format: ΓÇ£OU=OU1,OU=OU2,OU=OU3,DC=DC1ΓÇ¥.|
+|adJoinCheckAccessDenied|The active domain join check failed because access is denied when non-administrator users who have been delegated control try to join computer objects to a domain controller. Please assign the correct permission to the customer to join computer object to the domain. Permissions needed: Create computer objects, Delete computer objects.|
|adJoinCheckUnknownError|The active domain join check failed due to an unknown error. Please contact customer support.| |endpointConnectivityCheckUrlNotWhitelisted|The endpoint connectivity check failed because the URLs are not on the allowlist in the network firewall settings. Please add the URLs to the allowlist for the network firewall settings. See [required URL list](/azure/virtual-desktop/safe-url-list) for URL information.| |endpointConnectivityCheckUnknownError|The endpoint connectivity check failed due to an unknown error. Please contact customer support.|
v1.0 Signin https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/signin.md
Provides details about user or application sign-in activity in your directory. Y
## Properties | Property | Type |Description| |:|:--|:-|
-|alternateSignInName|String|The alternate sign-in identity whenever you use phone number to sign-in.|
-|appDisplayName|String|The application name displayed in the Azure Portal.|
-|appId|String|The application identifier in Azure Active Directory.|
+|alternateSignInName|String|The alternate sign-in identity whenever you use phone number to sign-in. Supports `$filter` (`eq` and `startsWith` operators only).|
+|appDisplayName|String|The application name displayed in the Azure Portal. Supports `$filter` (`eq` and `startsWith` operators only).|
+|appId|String|The application identifier in Azure Active Directory. Supports `$filter` (`eq` operator only).|
|appliedConditionalAccessPolicies|[appliedConditionalAccessPolicy](appliedconditionalaccesspolicy.md) collection|A list of conditional access policies that are triggered by the corresponding sign-in activity.| |authenticationDetails|[authenticationDetail](authenticationdetail.md) collection|The result of the authentication attempt and additional details on the authentication method.| |authenticationMethodsUsed|String collection|The authentication methods used. Possible values: `SMS`, `Authenticator App`, `App Verification code`, `Password`, `FIDO`, `PTA`, or `PHS`.| |authenticationProcessingDetails|[keyValue](keyvalue.md) collection|Additional authentication processing details, such as the agent name in case of PTA/PHS or Server/farm name in case of federated authentication.|
-|authenticationRequirement | String | This holds the highest level of authentication needed through all the sign-in steps, for sign-in to succeed.|
-|clientAppUsed|String|The legacy client used for sign-in activity. For example: `Browser`, `Exchange Active Sync`, `Modern clients`, `IMAP`, `MAPI`, `SMTP`, or `POP`.|
-|conditionalAccessStatus|conditionalAccessStatus| The status of the conditional access policy triggered. Possible values: `success`, `failure`, `notApplied`, or `unknownFutureValue`.|
-|correlationId|String|The identifier that's sent from the client when sign-in is initiated. This is used for troubleshooting the corresponding sign-in activity when calling for support.|
-|createdDateTime|DateTimeOffset|The date and time the sign-in was initiated. The Timestamp type is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|deviceDetail|[deviceDetail](devicedetail.md)|The device information from where the sign-in occurred. Includes information such as deviceId, OS, and browser. |
-|id|String|The identifier representing the sign-in activity.|
-|ipAddress|String|The IP address of the client from where the sign-in occurred.|
+|authenticationRequirement | String | This holds the highest level of authentication needed through all the sign-in steps, for sign-in to succeed. Supports `$filter` (`eq` and `startsWith` operators only).|
+|clientAppUsed|String|The legacy client used for sign-in activity. For example: `Browser`, `Exchange Active Sync`, `Modern clients`, `IMAP`, `MAPI`, `SMTP`, or `POP`. Supports `$filter` (`eq` operator only). |
+|conditionalAccessStatus|conditionalAccessStatus| The status of the conditional access policy triggered. Possible values: `success`, `failure`, `notApplied`, or `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|correlationId|String|The identifier that's sent from the client when sign-in is initiated. This is used for troubleshooting the corresponding sign-in activity when calling for support. Supports `$filter` (`eq` operator only).|
+|createdDateTime|DateTimeOffset|The date and time the sign-in was initiated. The Timestamp type is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$orderby` and `$filter` (`eq`, `le`, and `ge` operators only).|
+|deviceDetail|[deviceDetail](devicedetail.md)|The device information from where the sign-in occurred. Includes information such as deviceId, OS, and browser. Supports `$filter` (`eq` and `startsWith` operators only) on **browser** and **operatingSytem** properties.|
+|id|String|The identifier representing the sign-in activity. Supports `$filter` (`eq` operator only).|
+|ipAddress|String|The IP address of the client from where the sign-in occurred. Supports `$filter` (`eq` and `startsWith` operators only).|
|isInteractive|Boolean|Indicates whether a sign-in is interactive or not.|
-|location|[signInLocation](signinlocation.md)|The city, state, and 2 letter country code from where the sign-in occurred.|
+|location|[signInLocation](signinlocation.md)|The city, state, and 2 letter country code from where the sign-in occurred. Supports `$filter` (`eq` and `startsWith` operators only) on **city**, **state**, and **countryOrRegion** properties.|
|networkLocationDetails|[networkLocationDetail](networklocationdetail.md) collection|The network location details including the type of network used and its names.|
-|originalRequestId|String|The request identifier of the first request in the authentication sequence.|
+|originalRequestId|String|The request identifier of the first request in the authentication sequence. Supports `$filter` (`eq` operator only).|
|processingTimeInMilliseconds|Int|The request processing time in milliseconds in AD STS.|
-|resourceDisplayName|String|The name of the resource that the user signed in to.|
-|resourceId|String|The identifier of the resource that the user signed in to.|
-|riskDetail|riskDetail|The reason behind a specific state of a risky user, sign-in, or a risk event. Possible values: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, or `unknownFutureValue`. The value `none` means that no action has been performed on the user or sign-in so far. **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
-|riskEventTypes|riskEventType collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`.|
-|riskEventTypes_v2|String collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`.|
-|riskLevelAggregated|riskLevel|The aggregated risk level. Possible values: `none`, `low`, `medium`, `high`, `hidden`, or `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
-|riskLevelDuringSignIn|riskLevel|The risk level during sign-in. Possible values: `none`, `low`, `medium`, `high`, `hidden`, or `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
-|riskState|riskState|The risk state of a risky user, sign-in, or a risk event. Possible values: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, or `unknownFutureValue`.|
-|servicePrincipalId|String|The application identifier used for sign-in. This field is populated when you are signing in using an application.|
-|servicePrincipalName|String|The application name used for sign-in. This field is populated when you are signing in using an application.|
-|status|[signInStatus](signinstatus.md)|The sign-in status. Includes the error code and description of the error (in case of a sign-in failure).|
-|tokenIssuerName|String|The name of the identity provider. For example, `sts.microsoft.com`.|
+|resourceDisplayName|String|The name of the resource that the user signed in to. Supports `$filter` (`eq` operator only).|
+|resourceId|String|The identifier of the resource that the user signed in to. Supports `$filter` (`eq` operator only).|
+|riskDetail|riskDetail|The reason behind a specific state of a risky user, sign-in, or a risk event. Possible values: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, or `unknownFutureValue`. The value `none` means that no action has been performed on the user or sign-in so far. Supports `$filter` (`eq` operator only).<br> **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
+|riskEventTypes|riskEventType collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|riskEventTypes_v2|String collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`. Supports `$filter` (`eq` and `startsWith` operators only).|
+|riskLevelAggregated|riskLevel|The aggregated risk level. Possible values: `none`, `low`, `medium`, `high`, `hidden`, or `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. Supports `$filter` (`eq` operator only). <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
+|riskLevelDuringSignIn|riskLevel|The risk level during sign-in. Possible values: `none`, `low`, `medium`, `high`, `hidden`, or `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. Supports `$filter` (`eq` operator only). <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers are returned `hidden`.|
+|riskState|riskState|The risk state of a risky user, sign-in, or a risk event. Possible values: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, or `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|servicePrincipalId|String|The application identifier used for sign-in. This field is populated when you are signing in using an application. Supports `$filter` (`eq` and `startsWith` operators only).|
+|servicePrincipalName|String|The application name used for sign-in. This field is populated when you are signing in using an application. Supports `$filter` (`eq` and `startsWith` operators only).|
+|status|[signInStatus](signinstatus.md)|The sign-in status. Includes the error code and description of the error (in case of a sign-in failure). Supports `$filter` (`eq` operator only) on **errorCode** property.|
+|tokenIssuerName|String|The name of the identity provider. For example, `sts.microsoft.com`. Supports `$filter` (`eq` operator only).|
|tokenIssuerType|tokenIssuerType|The type of identity provider. Possible values: `AzureAD`, `ADFederationServices`, or `UnknownFutureValue`.|
-|userAgent|String|The user agent information related to sign-in.|
-|userDisplayName|String|The display name of the user.|
-|userId|String|The identifier of the user.|
-|userPrincipalName|String|The UPN of the user.|
+|userAgent|String|The user agent information related to sign-in. Supports `$filter` (`eq` and `startsWith` operators only).|
+|userDisplayName|String|The display name of the user. Supports `$filter` (`eq` and `startsWith` operators only).|
+|userId|String|The identifier of the user. Supports `$filter` (`eq` operator only).|
+|userPrincipalName|String|The UPN of the user. Supports `$filter` (`eq` and `startsWith` operators only).|
## Relationships None
v1.0 Unifiedroleassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignment.md
Providing either a directoryScopeId or an appScopeId is required.
| Method | Return Type | Description | |:-|:|:|
+| [List unifiedRoleAssignment](../api/rbacapplication-list-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read a list of unifiedRoleAssignment objects and their properties. |
| [Get unifiedRoleAssignment](../api/unifiedroleassignment-get.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Read properties and relationships of unifiedRoleAssignment object. | | [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md) | [unifiedRoleAssignment](unifiedroleassignment.md) | Create a new unifiedRoleAssignment by posting to the roleAssignment collection. | | [Delete unifiedRoleAssignment](../api/unifiedroleassignment-delete.md) | None | Delete unifiedRoleAssignment object. |
Providing either a directoryScopeId or an appScopeId is required.
| Property | Type | Description | |:-|:|:| |id|String| The unique identifier for the unifiedRoleAssignment. Key, not nullable, Read-only. |
-|roleDefinitionId|String| ID of the unifiedRoleDefinition the assignment is for. Read only. |
-|roleDefinition|[unifiedRoleDefinition](unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded
-|principalId|String| Objectid of the principal to which the assignment is granted. |
-|principal|[directoryObject](directoryobject.md)| Property referencing the assigned principal. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
-|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
-|directoryScope|[directoryObject](directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. |
-|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
-|appScope|[appScope](appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. |
-|resourceScope|String| The scope at which the unifiedRoleAssignment applies. This is "/" for service-wide. **DO NOT USE. This property will be deprecated soon.**|
+|roleDefinitionId|String| Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports `$filter` (`eq` operator only). |
+|principalId|String| Identifier of the principal to which the assignment is granted. Supports `$filter` (`eq` operator only). |
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|resourceScope|String| The scope at which the unifiedRoleAssignment applies. This is `/` for service-wide. **DO NOT USE. This property will be deprecated soon.**|
## Relationships
-None
+| Relationship | Type |Description|
+|:|:--|:-|
+|appScope|[appScope](appscope.md)|Details of the app specific scope when the assignment scope is app specific. Containment entity. |
+|directoryScope|[directoryObject](directoryobject.md)|The directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`. |
+|principal|[directoryObject](directoryobject.md)| The assigned principal. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`. |
+|roleDefinition|[unifiedRoleDefinition](unifiedroledefinition.md)|The roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. **roleDefinition.id** will be auto expanded. Supports `$expand`. |
++ ## JSON representation
v1.0 Unifiedroleassignmentmultiple https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentmultiple.md
Title: "unifiedRoleAssignmentMultiple resource type"
-description: "A role assignment is the link between a role definition and a principal at a particular scope for the purpose of granting access."
+description: "A role definition assigned to an array of principals (typically a user) over an array of scope."
localization_priority: Normal ms.prod: "directory-management"
Providing either **directoryScopeIds** or **appScopeIds** is required.
| Method | Return Type | Description | |:-|:|:|
+| [List unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-list.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Read a list of unifiedRoleAssignmentMultiple objects and their properties. |
| [Get unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-get.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Read properties and relationships of unifiedRoleAssignmentMultiple object. | | [Create unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-post.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignment collection. | | [Update unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-update.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Update an existing unifiedRoleAssignmentMultiple object. |
Providing either **directoryScopeIds** or **appScopeIds** is required.
| id | String | The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. | | displayName | String | Name of the role assignment. Required. | | description | String | Description of the role assignment. |
-| roleDefinitionId | String | ID of the unifiedRoleDefinition the assignment is for. |
-| roleDefinition | [unifiedRoleDefinition](unifiedroledefinition.md) |Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. Read-only. |
-| principalIds | String collection | Objectids of the principals to which the assignment is granted. |
-| principals| [directoryObject](directoryobject.md) collection | Read-only collection referencing the assigned principals. Provided so that callers can get the principals using `$expand` at the same time as getting the role assignment. Read-only. |
+| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. |
+| roleDefinition | [unifiedRoleDefinition](unifiedroledefinition.md) |Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. Read-only. Supports `$filter` (`eq` operator on **id**, **isBuiltIn**, and **displayName**, and `startsWith` operator on **displayName**) and `$expand`. |
+| principalIds | String collection | Identifiers of the principals to which the assignment is granted. Supports `$filter` (`any` operator only). |
| directoryScopeIds | String collection | Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
-| directoryScopes | [directoryObject](directoryobject.md) collection | Read-only collection referencing the directory objects that are scope of the assignment. Provided so that callers can get the directory objects using `$expand` at the same time as getting the role assignment. Read-only. |
-| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
-| appScopes | [appScope](appscope.md) collection |Read-only collection with details of the app specific scopes when the assignment scopes are app specific. Containment entity. Read-only. |
+| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
## Relationships
-None
+| Relationship | Type |Description|
+|:|:--|:-|
+| appScopes | [appScope](appscope.md) collection |Read-only collection with details of the app specific scopes when the assignment scopes are app specific. Containment entity. Read-only. |
+| directoryScopes | [directoryObject](directoryobject.md) collection | Read-only collection referencing the directory objects that are scope of the assignment. Provided so that callers can get the directory objects using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`.|
+| principals| [directoryObject](directoryobject.md) collection | Read-only collection referencing the assigned principals. Provided so that callers can get the principals using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`.|
+|roleDefinition|[unifiedRoleDefinition](unifiedroledefinition.md)|The roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. **roleDefinition.id** will be auto expanded. Supports `$expand`. |
## JSON representation
v1.0 Unifiedroledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroledefinition.md
A unifiedRoleDefinition is a collection of permissions listing the operations th
| Property | Type | Description | |:-|:|:|
-|description|String| The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true. |
-|displayName|String| The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required.|
-|id|String| The unique identifier for the unifiedRoleDefinition. Key, not nullable, Read-only. |
-|isBuiltIn|Boolean| Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. |
-|isEnabled|Boolean| Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. |
-|resourceScopes|String collection| List of scopes permissions granted by the role definition apply to. Currently only "/" is supported. Read-only when isBuiltIn is true. **DO NOT USE. This is going to be deprecated soon. Attach scope to role assignment** |
-|rolePermissions|[unifiedRolePermission](unifiedrolepermission.md) collection| List of permissions included in the role. Read-only when isBuiltIn is true. Required. |
-|templateId|String| Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true. |
-|inheritsPermissionsFrom| [unifiedRoleDefinition](unifiedroledefinition.md) collection| Read-only collection of role definitions that the given role definition inherits from. Only Azure AD built-in roles support this attribute. |
-|version|String| Indicates version of the unifiedRoleDefinition. Read-only when isBuiltIn is true.|
+|description|String| The description for the unifiedRoleDefinition. Read-only when **isBuiltIn** is true. |
+|displayName|String| The display name for the unifiedRoleDefinition. Read-only when **isBuiltIn** is true. Required. Supports `$filter` (`eq` and `startsWith` operators only).|
+|id|String| The unique identifier for the unifiedRoleDefinition. Key, not nullable, Read-only. Supports `$filter` (`eq` operator only). |
+|isBuiltIn|Boolean| Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports `$filter` (`eq` operator only).|
+|isEnabled|Boolean| Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when **isBuiltIn** is true. |
+|resourceScopes|String collection| List of scopes permissions granted by the role definition apply to. Currently only `/` is supported. Read-only when isBuiltIn is true. **DO NOT USE. This is going to be deprecated soon. Attach scope to role assignment** |
+|rolePermissions|[unifiedRolePermission](unifiedrolepermission.md) collection| List of permissions included in the role. Read-only when **isBuiltIn** is true. Required. |
+|templateId|String| Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when **isBuiltIn** is true. |
+|version|String| Indicates version of the unifiedRoleDefinition. Read-only when **isBuiltIn** is true.|
## Relationships
-None
+| Relationship | Type |Description|
+|:|:--|:-|
+|inheritsPermissionsFrom| [unifiedRoleDefinition](unifiedroledefinition.md) collection| Read-only collection of role definitions that the given role definition inherits from. Only Azure AD built-in roles support this attribute. |
## JSON representation
v1.0 Directory Deleteditems List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directory-deleteditems-list.md
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and collection of [directoryObject](../resources/directoryobject.md) objects in the response body. ## Example
-##### Request
+### Request
-
-# [HTTP](#tab/http)
<!-- {
- "blockType": "request",
+ "blockType": "ignored",
"name": "get_deleteditems" }--> ```msgraph-interactive GET https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.group ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--
-##### Response
+### Response
Note: The response object shown here might be shortened for readability. <!-- { "blockType": "response",
v1.0 Onlinemeeting Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/onlinemeeting-update.md
PATCH /users/{userId}/onlineMeetings/{meetingId}
The table below lists the properties that can be updated. In the request body, include only the properties that need updating, with the following exceptions: - Adjusting the start or end date/time of an online meeting always requires both **startDateTime** and **endDateTime** properties in the request body.
+- **organizer** field of the **participants** property cannot be updated. The organizer of the meeting cannot be modified once the meeting is created.
- Adjusting the **attendees** field of the **participants** property, such as adding or removing an attendee to the meeting, always requires the full list of attendees in the request body. | Property | Type | Description |
The table below lists the properties that can be updated. In the request body, i
| startDateTime | DateTime | The meeting start time in UTC. | | endDateTime | DateTime | The meeting end time in UTC. | | subject | String | The subject of the online meeting. |
-| participants | [meetingParticipants](../resources/meetingparticipants.md) | The participants associated with the online meeting. This includes the organizer and the attendees. |
+| participants | [meetingParticipants](../resources/meetingparticipants.md) | The participants associated with the online meeting. Only attendees can be updated. |
| isEntryExitAnnounced | Boolean | Whether or not to announce when callers join or leave. | | lobbyBypassSettings | [lobbyBypassSettings](../resources/lobbyBypassSettings.md) | Specifies which participants can bypass the meeting lobby. | | allowedPresenters | onlineMeetingPresenters | Specifies who can be a presenter in a meeting. Possible values are everyone, organization, roleIsPresenter, organizer, and unknownFutureValue. |
v1.0 Printdocument Createuploadsession https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/printdocument-createuploadsession.md
If successful, this method returns a `200 OK` response code and a new [uploadSes
The following example shows how to create an upload session that you can use in subsequent file upload operations to the specified printDocument. ### Request+
+# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "printdocument_createuploadsession"
Content-length: 96
} } ```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
+++ ### Response
v1.0 Provisioningobjectsummary List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/provisioningobjectsummary-list.md
+
+ Title: "List provisioningObjectSummary"
+description: "Get all provisioning events that occurred in your tenant."
+localization_priority: Normal
+++
+# List provisioningObjectSummary
+
+Namespace: microsoft.graph
+
+Get all provisioning events that occurred in your tenant, such as the deletion of a group in a target application or the creation of a user when provisioning user accounts from your HR system.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AuditLog.Read.All and Directory.Read.All |
+|Delegated (personal Microsoft account) | Not supported |
+|Application | AuditLog.Read.All |
+
+## HTTP request
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /auditLogs/provisioning
+```
+
+## Optional query parameters
+
+This method supports the following OData query parameters to help customize the response. Note that the filters are all case sensitive except for status.
+
+|Name |Description |Example|
+|:--|-||
+|[$filter](/graph/query-parameters#filter-parameter)|Filters results (rows). |/`auditLogs/provisioning?$filter=id eq '74c3b0ae-9cc5-850e-e0a5-7r6a4231de87'`
+|[$top](/graph/query-parameters#top-parameter)|Sets the page size of results.|`/auditLogs/provisioning?$top=20`|
+|[$skiptoken](/graph/query-parameters#skiptoken-parameter)|Retrieves the next page of results from result sets that span multiple pages. You must pass the top filter in the query to generate the token. You cannot specify the number of results to be skipped.|`/auditLogs/provisioning?$top=20&$skiptoken=g822a72df43b19c8ce94b71d153981b680a08800bc3e35f239dffb378ff72c25"`|
+
+For general information, see [OData query parameters](/graph/query_parameters).
+
+### Attributes supported by the $filter parameter
+
+|Attribute name |Supported operators|
+|:-|:|
+|id| eq, contains|
+|activityDateTime| eq, gt, lt|
+|tenantid|eq, contains|
+|jobid|eq, contains|
+|changeid|eq, contains|
+|cycleid|eq, contains|
+|provisioningAction|eq, contains|
+|durationInMilliseconds|eq, gt, lt|
+|provisioningStatusInfo/status|eq, contains|
+|sourceSystem/displayName|eq, contains|
+|targetSystem/displayName|eq, contains|
+|sourceIdentity/identityType|eq, contains|
+|targetIdentity/identityType|eq, contains|
+|sourceIdentity/id|eq, contains|
+|servicePrincipal/id|eq|
+|servicePrincipal/displayName|eq|
+|targetIdentity/id|eq, contains|
+|sourceIdentity/displayName|eq, contains|
+|targetIdentity/displayName|eq, contains|
+|initiatedBy/displayName|eq, contains|
+
+## Request headers
+
+| Header | Value |
+|:--|:|
+| Authorization | Bearer {token} (required) |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [provisioningObjectSummary](../resources/provisioningobjectsummary.md) objects in the response body.
+
+## Examples
+
+### Example 1: Successful request
+
+### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_provisioningobjectsummary"
+} -->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/auditLogs/provisioning
+```
+
+### Response
+
+The following is an example of the response for a successful event.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.provisioningObjectSummary",
+ "name": "list_provisioningobjectsummary"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/provisioning",
+ "value": [
+ {
+ "id": "75b5b0ae-9fc5-8d0e-e0a9-7y6a4728de56",
+ "activityDateTime": "2019-05-04T03:00:54Z",
+ "tenantId": "74beb175-3b80-7b63-b9d5-6f0b76082b16",
+ "jobId": "aws.74beb1753b704b63b8d56f0b76082b16.10a7a801-7101-4c69-ae00-ce9f75f8460a",
+ "cycleId": "b6502552-018d-79bd-8869-j47194dc65c1",
+ "changeId": "b6502552-018d-89bd-9969-b49194dc65c1",
+ "provisioningAction": "create",
+ "durationInMilliseconds": 3236,
+ "provisioningStatusInfo": {
+ "status": "success",
+ "errorInformation" : null
+ },
+ "provisioningSteps": [
+ {
+ "name": "EntryImport",
+ "provisioningStepType": "Import",
+ "status": "success",
+ "description": "Retrieved RolesCompound '10a7a801-7101-4c69-ae00-ce9f75f8460a' from Contoso",
+ "details": {}
+ },
+ {
+ "name": "EntryExportUpdate",
+ "provisioningStepType": "Export",
+ "status": "success",
+ "description": "RolesCompound '60a7a801-7101-4c69-ae00-ce9f75f8460a' was updated in Azure Active Directory",
+ "details": {
+ "ReportableIdentifier": "60a7a801-7101-4c69-ae00-ce9f75f8460a"
+ }
+ }
+ ],
+ "modifiedProperties": [
+ {
+ "displayName": "appId",
+ "oldValue": null,
+ "newValue": "60a7a801-7101-4c69-ae00-ce9f75f8460a"
+ },
+ {
+ "displayName": "Roles",
+ "oldValue": null,
+ "newValue": "jaws-prod-role2,jaws-prod-saml2, jayaws-role,jayaws-saml, TestRole,super-saml"
+ },
+ {
+ "displayName": "objectId",
+ "oldValue": null,
+ "newValue": "6nn37b93-185a-4485-a519-50c09549f3ad"
+ },
+ {
+ "displayName": "displayName",
+ "oldValue": null,
+ "newValue": "Contoso"
+ },
+ {
+ "displayName": "homepage",
+ "oldValue": null,
+ "newValue": "https://signin.contoso.com/saml?metadata=contoso|ISV9.1|primary|z"
+ },
+ ],
+ "servicePrincipal": {
+ "id": "6cc35b93-185a-4485-a519-50c09549g3ad",
+ "displayName": "Contoso"
+ },
+ "sourceSystem": {
+ "id": "d1e090e1-f2f4-4678-be44-6442ffff0621",
+ "displayName": "Contoso",
+ "details": {}
+ },
+ "targetSystem": {
+ "id": "e69d4bd2-2da2-483e-bc49-aad4080b91b3",
+ "displayName": "Azure Active Directory",
+ "details": {
+ "ApplicationId": "bcf4d658-ac9f-408d-bf04-e86dc10328fb",
+ "ServicePrincipalId": "6nn35b93-185a-4485-a519-50c09549f3ad",
+ "ServicePrincipalDisplayName": "Contoso"
+ }
+ },
+ "initiatedBy": {
+ "initiatingType": "system",
+ "id": "",
+ "displayName": "Azure AD Provisioning Service"
+ },
+ "sourceIdentity": {
+ "identityType": "RolesCompound",
+ "id": "60a7a801-7101-4c69-ae00-ce9f75f8460a",
+ "displayName": "",
+ "details": {}
+ },
+ "targetIdentity": {
+ "identityType": "ServicePrincipal",
+ "id": "6nn35b93-185a-4485-a519-50c09549f3ad",
+ "displayName": "",
+ "details": {}
+ }
+ }
+ ]
+}
+
+```
+### Example 2: Error reponse
+
+### Request
+
+The following is an example of the request.
+
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "list_provisioningobjectsummary_error"
+} -->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/auditLogs/provisioning
+```
++
+### Response
+
+The following is an example of the response for a failed provisioning event.
+
+>**Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.provisioningObjectSummary",
+ "name": "list_provisioningobjectsummary_error"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/provisioning",
+ "value": [
+ {
+ "id": "gc532ff9-r265-ec76-861e-42e2970a8218",
+ "activityDateTime": "2019-06-24T20:53:08Z",
+ "tenantId": "7928d5b5-7442-4a97-ne2d-66f9j9972ecn",
+ "jobId": "ContosoOutDelta.7928d5b574424a97ne2d66f9j9972ecn",
+ "cycleId": "44576n58-v14b-70fj-8404-3d22tt46ed93",
+ "changeId": "eaad2f8b-e6e3-409b-83bd-e4e2e57177d5",
+ "provisioningAction": "create",
+ "durationInMilliseconds": 2785,
+ "sourceSystem": {
+ "id": "0404601d-a9c0-4ec7-bbcd-02660120d8c9",
+ "displayName": "Azure Active Directory",
+ "details": {}
+ },
+ "targetSystem": {
+ "id": "cd22f60b-5f2d-1adg-adb4-76ef31db996b",
+ "displayName": "Contoso",
+ "details": {
+ "ApplicationId": "f2764360-e0ec-5676-711e-cd6fc0d4dd61",
+ "ServicePrincipalId": "chc46a42-966b-47d7-9774-576b1c8bd0b8",
+ "ServicePrincipalDisplayName": "Contoso"
+ }
+ },
+ "initiatedBy": {
+ "id": "",
+ "displayName": "Azure AD Provisioning Service",
+ "initiatorType": "system"
+ },
+ "servicePrincipal": {
+ "id": "chc46a42-966b-47d7-9774-576b1c8bd0b8",
+ "displayName": "Contoso"
+ },
+ "sourceIdentity": {
+ "id": "5e6c9rae-ab4d-5239-8ad0-174391d110eb",
+ "displayName": "Self-service Pilot",
+ "identityType": "Group",
+ "details": {}
+ },
+ "targetIdentity": {
+ "id": "",
+ "displayName": "",
+ "identityType": "Group",
+ "details": {}
+ },
+ "provisioningStatusInfo": {
+ "status": "failure",
+ "errorInformation" : {
+ "errorCode": "ContosoEntryConflict",
+ "reason": "Message: Contoso returned an error response with the HTTP status code 409. This response indicates that a user or a group already exisits with the same name. This can be avoided by identifying and removing the conflicting user from Contoso via the Contoso administrative user interface, or removing the current user from the scope of provisioning either by removing their assignment to the Contoso application in Azure Active Directory or adding a scoping filter to exclude the user.",
+ "additionalDetails": null,
+ "errorCategory": "nonServiceFailure",
+ "recommendedAction": null
+ }
+ },
+ "provisioningSteps": [
+ {
+ "name": "EntryImportAdd",
+ "provisioningStepType": "import",
+ "status": "success",
+ "description": "Received Group 'Self-service Pilot' change of type (Add) from Azure Active Directory",
+ "details": {}
+ },
+ {
+ "name": "EntrySynchronizationAdd",
+ "provisioningStepType": "matching",
+ "status": "success",
+ "description": "Group 'Self-service Pilot' will be created in Contoso (Group is active and assigned in Azure Active Directory, but no matching Group was found in Contoso)",
+ "details": {}
+ },
+ {
+ "name": "EntryExportAdd",
+ "provisioningStepType": "export",
+ "status": "failure",
+ "description": "Failed to create Group 'Self-service Pilot' in Contoso",
+ "details": {
+ "ReportableIdentifier": "Self-service Pilot"
+ }
+ }
+ ],
+ "modifiedProperties": [
+ {
+ "displayName": "objectId",
+ "oldValue": null,
+ "newValue": "5e0c9eae-ad3d-4139-5ad0-174391d110eb"
+ },
+ {
+ "displayName": "displayName",
+ "oldValue": null,
+ "newValue": "Self-service Pilot"
+ },
+ {
+ "displayName": "mailEnabled",
+ "oldValue": null,
+ "newValue": "False"
+ },
+ {
+ "displayName": "mailNickname",
+ "oldValue": null,
+ "newValue": "5ce25n9a-4c5f-45c9-8362-ef3da29c66c5"
+ },
+ {
+ "displayName": "securityEnabled",
+ "oldValue": null,
+ "newValue": "True"
+ },
+ {
+ "displayName": "Name",
+ "oldValue": null,
+ "newValue": "Self-service Pilot"
+ }
+ ]
+ }
+ ]
+}
+
+```
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Get provisioningObjectSummary",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Signin Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/signin-get.md
If successful, this method returns a `200 OK` response code and [signIn](../reso
Here is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "get_signin" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/v1.0/auditLogs/signIns/{id}
+GET https://graph.microsoft.com/v1.0/auditLogs/signIns/66ea54eb-6301-4ee5-be62-ff5a759b0100
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--- ### Response
Here is an example of the response.
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 211
-```
-```json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/signIns",
- "@odata.nextLink": "https://graph.microsoft.com/v1.0/auditLogs/signIns?$top=1&$skiptoken=9177f2e3532fcd4c4d225f68f7b9bdf7_1",
"value": [ { "id": "66ea54eb-6301-4ee5-be62-ff5a759b0100",
v1.0 Signin List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/signin-list.md
doc_type: apiPageType
Namespace: microsoft.graph
-Retrieve the Azure AD user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs.
+Retrieve the Azure AD user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs. The maximum and default page size is 1,000 objects and by default, the most recent sign-ins are returned first.
## Permissions
GET auditLogs/signIns
## Optional query parameters
-This method supports the following OData query parameters to help customize the response. For details about how to use these parameters, see [OData query parameters](/graph/query_parameters).
-
-|Name |Description |Example|
-|:--|-||
-|[$filter](/graph/query_parameters#filter-parameter)|Filters results (rows). |`/auditLogs/signIns?&$filter=createdDateTime le 2018-01-24`
-|[$top](/graph/query_parameters#top-parameter)|Sets the page size of results.|`/auditLogs/signIns?$top=1`|
-|[$skiptoken](/graph/query_parameters#skiptoken-parameter)|Retrieves the next page of results from result sets that span multiple pages.|`/auditLogs/signIns?$skiptoken=01fa0e77c60c2d3d63226c8e3294c860__1`|
-
-### Attributes supported by $filter parameter
-
-|Attribute name |Supported operators|
-|:-|:|
-|id|eq|
-|userId|eq|
-|appId|eq|
-|createdDateTime| eq, le, ge|
-|userDisplayName| eq, startswith|
-|userPrincipalName| eq, startswith|
-|appDisplayName| eq, startswith|
-|ipAddress| eq, startswith|
-|location/city| eq, startswith|
-|location/state| eq, startswith|
-|location/countryOrRegion| eq, startswith|
-|status/errorCode|eq|
-|initiatedBy/user/id|eq|
-|initiatedBy/user/displayName| eq|
-|initiatedBy/user/userPrincipalName| eq, startswith|
-|clientAppUsed| eq|
-|conditionalAccessStatus | eq|
-|deviceDetail/browser| eq, startswith|
-|deviceDetail/operatingSystem| eq, startswith|
-|correlationId| eq|
+This method supports the `$top`, `$skiptoken`, and `$filter` OData Query Parameters to help customize the response. For details about how to use these parameters, see [OData query parameters](/graph/query_parameters).
## Response If successful, this method returns a `200 OK` response code and collection of [signIn](../resources/signin.md) objects in the response body. The collection of objects is listed in descending order based on **createdDateTime**.
-## Example
+## Examples
-### Request
+### Example 1: List all sign-ins
+
+#### Request
Here is an example of the request.
GET https://graph.microsoft.com/v1.0/auditLogs/signIns
-### Response
+#### Response
Here is an example of the response. >**Note:** The response object shown here might be shortened for readability.
Here is an example of the response.
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 264
-```
-```json
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/signIns", "@odata.nextLink": "https://graph.microsoft.com/v1.0/auditLogs/signIns?$top=1&$skiptoken=9177f2e3532fcd4c4d225f68f7b9bdf7_1",
Content-length: 264
} ] }
+```
+
+### Example 2: Retrieve the first 10 sign-ins to apps with the appDisplayName that starts with 'Graph'
+
+#### Request
+
+Here is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_signins_2"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/auditLogs/signIns?&$filter=startsWith(appDisplayName,'Graph')&top=10
+```
+
+#### Response
+
+Here is an example of the response. The response includes a `@odata.nextLink` property which contains a URL that can be used to retrieve the next 10 results.
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.signIn",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditLogs/signIns",
+ "@odata.nextLink": "https://graph.microsoft.com/v1.0/auditLogs/signins?$filter=startsWith(appDisplayName%2c%27Graph%27)&$top=10&$skiptoken=70f66c0893886b49370ffdb44cd8d137b1a12b9ba02f34a16f33c5e0f7c42fc7",
+ "value": [
+ {
+ "id": "66ea54eb-6301-4ee5-be62-ff5a759b0100",
+ "createdDateTime": "2020-03-13T19:15:41.6195833Z",
+ "userDisplayName": "Test Contoso",
+ "userPrincipalName": "testaccount1@contoso.com",
+ "userId": "26be570a-ae82-4189-b4e2-a37c6808512d",
+ "appId": "de8bc8b5-d9f9-48b1-a8ad-b748da725064",
+ "appDisplayName": "Graph explorer",
+ "ipAddress": "131.107.159.37",
+ "clientAppUsed": "Browser",
+ "correlationId": "d79f5bee-5860-4832-928f-3133e22ae912",
+ "conditionalAccessStatus": "notApplied",
+ "isInteractive": true,
+ "riskDetail": "none",
+ "riskLevelAggregated": "none",
+ "riskLevelDuringSignIn": "none",
+ "riskState": "none",
+ "riskEventTypes": [],
+ "resourceDisplayName": "Microsoft Graph",
+ "resourceId": "00000003-0000-0000-c000-000000000000",
+ "status": {
+ "errorCode": 0,
+ "failureReason": null,
+ "additionalDetails": null
+ },
+ "deviceDetail": {
+ "deviceId": "",
+ "displayName": null,
+ "operatingSystem": "Windows 10",
+ "browser": "Edge 80.0.361",
+ "isCompliant": null,
+ "isManaged": null,
+ "trustType": null
+ },
+ "location": {
+ "city": "Redmond",
+ "state": "Washington",
+ "countryOrRegion": "US",
+ "geoCoordinates": {
+ "altitude": null,
+ "latitude": 47.68050003051758,
+ "longitude": -122.12094116210938
+ }
+ },
+ "appliedConditionalAccessPolicies": [
+ {
+ "id": "de7e60eb-ed89-4d73-8205-2227def6b7c9",
+ "displayName": "SharePoint limited access for guest workers",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled"
+ },
+ {
+ "id": "6701123a-b4c6-48af-8565-565c8bf7cabc",
+ "displayName": "Medium signin risk block",
+ "enforcedGrantControls": [],
+ "enforcedSessionControls": [],
+ "result": "notEnabled"
+ },
+ ]
+ }
+ ]
+}
``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 Detailsinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/detailsinfo.md
+
+ Title: "detailsInfo resource type"
+description: "A property bag that can contain any information about the associated identity or system."
+localization_priority: Normal
+++
+# detailsInfo resource type
+
+Namespace: microsoft.graph
+
+A property bag that can contain any information about the associated identity or system. This can include details about the property that is being provisioned or the source/target system.
+
+## Properties
+The **detailsInfo** resource is a JSON string that contains additional properties such as **ApplicationId**, **ObjectId**, and **UPN**. The set of properties varies based on the type of resource that is being provisioned. [List provisioningObjectSummary](../api/provisioningobjectsummary-list.md) shows an example of this.
+
+## Relationships
+None
+## JSON Representation
+Here is a JSON representation of the resource.
+<!--{
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.detailsInfo",
+ "openType": true,
+ "optionalProperties": [
+
+ ],
+}-->
+``` json
+{
+ "@odata.type": "microsoft.graph.detailsInfo"
+}
+```
++
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/enums.md
Possible values for user account types (group membership), per Windows definitio
| :-- | | entityUrl | | text |++
+### provisioningResult values
+
+|Member|
+|:|
+|success|
+|failure|
+|skipped|
+|warning|
+|unknownFutureValue|
+
+### provisioningStepType values
+
+|Member|
+|:|
+|import|
+|scoping|
+|matching|
+|processing|
+|referenceResolution|
+|export|
+|unknownFutureValue|
+
+### provisioningStatusErrorCategory values
+
+|Member|
+|:|
+|failure|
+|nonServiceFailure|
+|success|
+|unknownFutureValue|
+
+### provisioningAction values
+
+|Member|
+|:|
+|other|
+|create|
+|delete|
+|disable|
+|update|
+|stagedDelete|
+|unknownFutureValue|
++
+### initiatorType values
+
+|Member|
+|:|
+|user|
+|application|
+|system|
+|unknownFutureValue|
v1.0 Initiator https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/initiator.md
+
+ Title: "initiator resource type"
+description: "Describes who or what initiated the provisioning event."
+localization_priority: Normal
+++
+# initiator resource type
+
+Namespace: microsoft.graph
+
+Describes who or what initiated the provisioning event.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|displayName|String|Name of the person or service that initiated the provisioning event.|
+|id|String|Uniquely identifies the person or service that initiated the provisioning event.|
+|initiatorType|initiatorType| Type of initiator. Possible values are: `user`, `application`, `system`, `unknownFutureValue`.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.initiator",
+ "baseType": null
+}-->
+
+```json
+{
+ "displayName": "String",
+ "id": "String",
+ "initiatorType": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "initiator resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisionedidentity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisionedidentity.md
+
+ Title: "provisionedIdentity resource type"
+description: "Describes the identity associated with the provisioning object summary event."
+localization_priority: Normal
+++
+# provisionedIdentity resource type
+
+Namespace: microsoft.graph
++
+Describes the identity associated with the provisioning object summary event.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|details|[detailsInfo](detailsinfo.md)|Details of the identity.|
+|displayName|String|Display name of the identity. |
+|id|String|Uniquely identifies the identity.|
+|identityType|String|Type of identity that has been provisioned, such as 'user' or 'group'.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisionedIdentity",
+ "baseType": null
+}-->
+
+```json
+{
+ "details": {"@odata.type": "microsoft.graph.detailsInfo"},
+ "displayName": "String",
+ "id": "String",
+ "identityType": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisionedIdentity resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningerrorinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningerrorInfo.md
+
+ Title: "provisioningErrorInfo resource type"
+description: "Describes the status of the provisioning event and the associated errors."
+localization_priority: Normal
+++
+# provisioningErrorInfo resource type
+
+Namespace: microsoft.graph
++
+Describes the status of the provisioning event and the associated errors.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|additionalDetails|String|Additional details in case of error.|
+|errorCategory|provisioningStatusErrorCategory|Categorizes the error code. Possible values are `failure`, `nonServiceFailure`, `success`, `unknownFutureValue`|
+|errorCode|String|Unique error code if any occurred. [Learn more](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-provisioning-logs#error-codes)|
+|reason|String|Summarizes the status and describes why the status happened.|
+|recommendedAction|String|Provides the resolution for the corresponding error.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningErrorInfo",
+ "baseType": null
+}-->
+
+```json
+{
+ "additionalDetails": "String",
+ "errorCategory": "String",
+ "errorCode": "String",
+ "reason": "String",
+ "recommendedAction": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningErrorInfo resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningobjectsummary https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningobjectsummary.md
+
+ Title: "provisioningObjectSummary resource type"
+description: "Represents an action performed by the Azure AD Provisioning service and its associated properties."
+localization_priority: Normal
+++
+# provisioningObjectSummary resource type
+
+Namespace: microsoft.graph
++
+Represents an action performed by the Azure AD Provisioning service and its associated properties.
+
+## Methods
+
+| Method | Return Type | Description |
+|:-|:|:|
+| [List provisioningObjectSummary](../api/provisioningobjectsummary-list.md) | [provisioningObjectSummary](provisioningobjectsummary.md) | Get a list of all provisioning events that occurred in your tenant. |
++
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|provisioningAction|provisioningAction|Indicates the activity name or the operation name. Possible values are: `create`, `update`, `delete`, `stageddelete`, `disable`, `other` and `unknownFutureValue`. For a list of activities logged, refer to Azure AD activity list.|
+|activityDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
+|changeId|String|Unique ID of this change in this cycle.|
+|cycleId|String|Unique ID per job iteration.|
+|durationInMilliseconds|Int32|Indicates how long this provisioning action took to finish. Measured in milliseconds.|
+|id|String| Indicates the unique ID for the activity. This is a read-only GUID.|
+|initiatedBy|[initiator](initiator.md)|Details of who initiated this provisioning.|
+|jobId|String|The unique ID for the whole provisioning job.|
+|modifiedProperties|[modifiedProperty](modifiedproperty.md) collection|Details of each property that was modified in this provisioning action on this object.|
+|provisioningSteps|[provisioningStep](provisioningstep.md) collection|Details of each step in provisioning.|
+|servicePrincipal|[servicePrincipal](provisioningserviceprincipal.md) collection|Represents the service principal used for provisioning.|
+|sourceIdentity|[provisionedIdentity](provisionedidentity.md)|Details of source object being provisioned.|
+|sourceSystem|[provisioningSystem](provisioningsystem.md)|Details of source system of the object being provisioned.|
+|provisioningStatusInfo|[provisioningStatusInfo](provisioningstatusinfo.md)|Details of provisioning status.|
+|targetIdentity|[provisionedIdentity](provisionedidentity.md)|Details of target object being provisioned.|
+|targetSystem|[provisioningSystem](provisioningsystem.md)|Details of target system of the object being provisioned.|
+|tenantId|String|Unique Azure AD tenant ID.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningObjectSummary",
+ "keyProperty": "id"
+}-->
+
+```json
+{
+ "provisioningAction": "String",
+ "activityDateTime": "String (timestamp)",
+ "changeId": "String",
+ "cycleId": "String",
+ "durationInMilliseconds": 1024,
+ "id": "String (identifier)",
+ "initiatedBy": {"@odata.type": "microsoft.graph.initiator"},
+ "jobId": "String",
+ "modifiedProperties": [{"@odata.type": "microsoft.graph.modifiedProperty"}],
+ "provisioningSteps": [{"@odata.type": "microsoft.graph.provisioningStep"}],
+ "servicePrincipal": [{"@odata.type": "microsoft.graph.provisioningServicePrincipal"}],
+ "sourceIdentity": {"@odata.type": "microsoft.graph.provisionedIdentity"},
+ "sourceSystem": {"@odata.type": "microsoft.graph.provisioningSystem"},
+ "provisioningStatusInfo": {"@odata.type": "microsoft.graph.provisioningStatusInfo"},
+ "targetIdentity": {"@odata.type": "microsoft.graph.provisionedIdentity"},
+ "targetSystem": {"@odata.type": "microsoft.graph.provisioningSystem"},
+ "tenantId": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningObjectSummary resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningserviceprincipal https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningserviceprincipal.md
+
+ Title: "provisioningServicePrincipal resource type"
+description: "Represents the service principal used for provisioning."
+localization_priority: Normal
+++
+# provisioningServicePrincipal resource type
+
+Namespace: microsoft.graph
++
+Represents the service principal used for provisioning.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|id|String|Uniquely identifies the **servicePrincipal** used for provisioning.|
+|name|String| Customer-defined name for the **servicePrincipal**.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningServicePrincipal",
+ "baseType": null
+}-->
+
+```json
+{
+ "id": "String",
+ "name": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningServicePrincipal resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningstatusinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningstatusinfo.md
+
+ Title: "provisioningStatusInfo resource type"
+description: "Describes the status of the provisioning summary event."
+localization_priority: Normal
+++
+# provisioningStatusInfo resource type
+
+Namespace: microsoft.graph
++
+Describes the status of the provisioning summary event.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|status|provisioningResult| Possible values are: `success`, `warning`, `failure`, `skipped`, `unknownFutureValue`.|
+|errorInfo|[provisioningErrorInfo](provisioningErrorInfo.md)| If status is not success/ skipped details for the error are contained in this.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningStatusInfo",
+ "baseType": null
+}-->
+
+```json
+{
+ "status": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningStatusInfo resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningstep https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningstep.md
+
+ Title: "provisioningStep resource type"
+description: "Describes the steps taken to perform an action. "
+localization_priority: Normal
+++
+# provisioningStep resource type
+
+Namespace: microsoft.graph
+
+Describes the steps taken to perform an action.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|description|String|Summary of what occurred during the step.|
+|details|[detailsInfo](detailsinfo.md)|Details of what occurred during the step.|
+|name|String|Name of the step.|
+|provisioningStepType|provisioningStepType| Type of step. Possible values are: `import`, `scoping`, `matching`, `processing`, `referenceResolution`, `export`, `unknownFutureValue`.|
+|status|provisioningResult| Status of the step. Possible values are: `success`, `warning`, `failure`, `skipped`, `unknownFutureValue`.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningStep",
+ "baseType": null
+}-->
+
+```json
+{
+ "description": "String",
+ "details": {"@odata.type": "microsoft.graph.detailsInfo"},
+ "name": "String",
+ "provisioningStepType": "String",
+ "status": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningStep resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Provisioningsystem https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/provisioningsystem.md
+
+ Title: "provisioningSystem resource type"
+description: "Represents the system that a user was provisioned to or from."
+localization_priority: Normal
+++
+# provisioningSystem resource type
+
+Namespace: microsoft.graph
++
+Represents the system that a user was provisioned to or from. For example, when provisioning a user from Azure Active Directory (Azure AD) to ServiceNow, the source system is Azure AD, and the target system is ServiceNow.
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|details|[detailsInfo](detailsinfo.md)|Details of the system.|
+|displayName|String|Name of the system that a user was provisioned to or from.|
+|id|String|Identifier of the system that a user was provisioned to or from.|
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.provisioningSystem",
+ "baseType": null
+}-->
+
+```json
+{
+ "details": {"@odata.type": "microsoft.graph.detailsInfo"},
+ "displayName": "String",
+ "id": "String"
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "provisioningSystem resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Signin https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/signin.md
Details user and application sign-in activity for a tenant (directory). You must
## Properties | Property | Type |Description| |:|:--|:-|
-|appDisplayName|String|App name displayed in the Azure Portal.|
-|appId|String|Unique GUID representing the app ID in the Azure Active Directory.|
+|appDisplayName|String|App name displayed in the Azure Portal. Supports `$filter` (`eq` and `startsWith` operators only).|
+|appId|String|Unique GUID representing the app ID in the Azure Active Directory. Supports `$filter` (`eq` operator only).|
|appliedConditionalAccessPolicy|[appliedConditionalAccessPolicy](appliedconditionalaccesspolicy.md) collection|Provides a list of conditional access policies that are triggered by the corresponding sign-in activity.|
-|clientAppUsed|String|Identifies the legacy client used for sign-in activity. Includes `Browser`, `Exchange Active Sync`, `modern clients`, `IMAP`, `MAPI`, `SMTP`, and `POP`.|
-|conditionalAccessStatus|conditionalAccessStatus| Reports status of an activated conditional access policy. Possible values are: `success`, `failure`, `notApplied`, and `unknownFutureValue`.|
-|correlationId|String|The request ID sent from the client when the sign-in is initiated; used to troubleshoot sign-in activity.|
-|createdDateTime|DateTimeOffset|Date and time (UTC) the sign-in was initiated. Example: midnight on Jan 1, 2014 is reported as `2014-01-01T00:00:00Z`.|
-|deviceDetail|[deviceDetail](devicedetail.md)|Device information from where the sign-in occurred; includes device ID, operating system, and browser. |
-|id|String|Unique ID representing the sign-in activity.|
-|ipAddress|String|IP address of the client used to sign in.|
+|clientAppUsed|String|Identifies the legacy client used for sign-in activity. Includes `Browser`, `Exchange Active Sync`, `modern clients`, `IMAP`, `MAPI`, `SMTP`, and `POP`. Supports `$filter` (`eq` operator only).|
+|conditionalAccessStatus|conditionalAccessStatus| Reports status of an activated conditional access policy. Possible values are: `success`, `failure`, `notApplied`, and `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|correlationId|String|The request ID sent from the client when the sign-in is initiated; used to troubleshoot sign-in activity. Supports `$filter` (`eq` operator only).|
+|createdDateTime|DateTimeOffset|Date and time (UTC) the sign-in was initiated. Example: midnight on Jan 1, 2014 is reported as `2014-01-01T00:00:00Z`. Supports `$orderby` and `$filter` (`eq`, `le`, and `ge` operators only).|
+|deviceDetail|[deviceDetail](devicedetail.md)|Device information from where the sign-in occurred; includes device ID, operating system, and browser. Supports `$filter` (`eq` and `startsWith` operators only) on **browser** and **operatingSytem** properties. |
+|id|String|Unique ID representing the sign-in activity. Supports `$filter` (`eq` operator only).|
+|ipAddress|String|IP address of the client used to sign in. Supports `$filter` (`eq` and `startsWith` operators only).|
|isInteractive|Boolean|Indicates if a sign-in is interactive or not.|
-|location|[signInLocation](signinlocation.md)|Provides the city, state, and country code where the sign-in originated.|
-|resourceDisplayName|String|Name of the resource the user signed into.|
-|resourceId|String|ID of the resource that the user signed into.|
-|riskDetail|riskDetail|Provides the 'reason' behind a specific state of a risky user, sign-in or a risk event. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `unknownFutureValue`. The value `none` means that no action has been performed on the user or sign-in so far. <br>**Note:** Details for this property require an Azure AD Premium P2 license. Other licenses return the value `hidden`.|
-|riskEventTypes|riskEventType collection|Risk event types associated with the sign-in. The possible values are: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, and `unknownFutureValue`.|
-|riskEventTypes_v2|String collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`.|
-|riskLevelAggregated|riskLevel|Aggregated risk level. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers will be returned `hidden`.|
-|riskLevelDuringSignIn|riskLevel|Risk level during sign-in. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers will be returned `hidden`.|
-|riskState|riskState|Reports status of the risky user, sign-in, or a risk event. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
-|status|[signInStatus](signinstatus.md)|Sign-in status. Includes the error code and description of the error (in case of a sign-in failure).|
-|userDisplayName|String|Display name of the user that initiated the sign-in.|
-|userId|String|ID of the user that initiated the sign-in.|
-|userPrincipalName|String|User principal name of the user that initiated the sign-in.|
+|location|[signInLocation](signinlocation.md)|Provides the city, state, and country code where the sign-in originated. Supports `$filter` (`eq` and `startsWith` operators only) on **city**, **state**, and **countryOrRegion** properties.|
+|resourceDisplayName|String|Name of the resource the user signed into. Supports `$filter` (`eq` operator only).|
+|resourceId|String|ID of the resource that the user signed into. Supports `$filter` (`eq` operator only).|
+|riskDetail|riskDetail|Provides the 'reason' behind a specific state of a risky user, sign-in or a risk event. The possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `unknownFutureValue`. The value `none` means that no action has been performed on the user or sign-in so far. Supports `$filter` (`eq` operator only).<br>**Note:** Details for this property require an Azure AD Premium P2 license. Other licenses return the value `hidden`.|
+|riskEventTypes|riskEventType collection|Risk event types associated with the sign-in. The possible values are: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, and `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|riskEventTypes_v2|String collection|The list of risk event types associated with the sign-in. Possible values: `unlikelyTravel`, `anonymizedIPAddress`, `maliciousIPAddress`, `unfamiliarFeatures`, `malwareInfectedIPAddress`, `suspiciousIPAddress`, `leakedCredentials`, `investigationsThreatIntelligence`, `generic`, or `unknownFutureValue`. Supports `$filter` (`eq` and `startsWith` operators only).|
+|riskLevelAggregated|riskLevel|Aggregated risk level. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. Supports `$filter` (`eq` operator only). <br> **Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers will be returned `hidden`.|
+|riskLevelDuringSignIn|riskLevel|Risk level during sign-in. The possible values are: `none`, `low`, `medium`, `high`, `hidden`, and `unknownFutureValue`. The value `hidden` means the user or sign-in was not enabled for Azure AD Identity Protection. Supports `$filter` (`eq` operator only). <br>**Note:** Details for this property are only available for Azure AD Premium P2 customers. All other customers will be returned `hidden`.|
+|riskState|riskState|Reports status of the risky user, sign-in, or a risk event. The possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`. Supports `$filter` (`eq` operator only).|
+|status|[signInStatus](signinstatus.md)|Sign-in status. Includes the error code and description of the error (in case of a sign-in failure). Supports `$filter` (`eq` operator only) on **errorCode** property.|
+|userDisplayName|String|Display name of the user that initiated the sign-in. Supports `$filter` (`eq` and `startsWith` operators only).|
+|userId|String|ID of the user that initiated the sign-in. Supports `$filter` (`eq` operator only).|
+|userPrincipalName|String|User principal name of the user that initiated the sign-in. Supports `$filter` (`eq` and `startsWith` operators only).|
## Relationships
Here is a JSON representation of the resource.
"correlationId": "String", "conditionalAccessStatus": "string", "appliedConditionalAccessPolicy": [{"@odata.type": "microsoft.graph.appliedConditionalAccessPolicy"}],
- "isInteractive": "String",
+ "isInteractive": true,
"deviceDetail": {"@odata.type": "microsoft.graph.deviceDetail"}, "location": {"@odata.type": "microsoft.graph.signInLocation"}, "riskDetail": "string",
v1.0 Tokenlifetimepolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/tokenlifetimepolicy.md
Namespace: microsoft.graph
-Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization. For more scenario details see [Configurable token lifetimes in Azure Active Directory](/azure/active-directory/develop/active-directory-configurable-token-lifetimes).
+Represents a policy that can control the lifetime of a JWT access token, an ID token or a SAML 1.1/2.0 token issued by Azure Active Directory (Azure AD). You can set token lifetimes for all apps in your organization, for a multi-tenant (multi-organization) application, or for a specific service principal in your organization.
>**Note:** Configuring this policy for Refresh Tokens and Session Tokens is not supported.
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
href: api/signin-list.md - name: Get sign-in href: api/signin-get.md
+ - name: Provisioning
+ href: resources/provisioningobjectsummary.md
+ items:
+ - name: List provisioning
+ href: api/provisioningobjectsummary-list.md
- name: Microsoft 365 usage reports items: - name: Overview