Updates from: 05/08/2021 03:08:02
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accesspackage Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackage-filterbycurrentuser.md
+
+ Title: "accessPackage: filterByCurrentUser"
+description: "Retrieve a list of accesspackage objects filtered on the signed-in user."
+localization_priority: Normal
+++
+# accessPackage: filterByCurrentUser
+Namespace: microsoft.graph
++
+In [Azure AD Entitlement Management](../resources/entitlementmanagement-root.md), retrieve a list of [accessPackage](../resources/accesspackage.md) objects filtered on the signed-in user.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser
+```
+
+## Function parameters
+The following table shows the parameters that can be used with this function.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|[accessPackageFilterByCurrentUserOptions](../resources/accesspackage-accesspackagefilterbycurrentuseroptions.md)|The list of current user options that can be used to filter on the access packages list.|
+
+- `allowedRequestor` is used to get the `accessPackage` objects for which the signed-in user is allowed to submit access requests. The resulting list includes all access packages that can be requested by the caller across all catalogs.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessPackage](../resources/accesspackage.md) collection in the response body.
+
+## Examples
+The following example gets the access packages that can be requested by the signed-in user.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accesspackageassignmentrequest_filterByCurrentUser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/filterByCurrentUser(on='allowedRequestor')
+```
++
+### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessPackageAssignmentRequest)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessPackage",
+ "id": "d378b3b7-b42a-445a-8780-2841194f777e",
+ "catalogId": "eb0f5e12-484d-4545-8ae1-fb1dfc28ab3c",
+ "displayName": "Sales resources",
+ "description": "Resources needed by the Sales department.",
+ "isHidden": false,
+ "isRoleScopesVisible": false,
+ "createdBy": "TestGA@example.com",
+ "createdDateTime": "2021-01-26T22:30:57.37Z",
+ "modifiedBy": "TestGA@example.com",
+ "modifiedDateTime": "2021-01-26T22:30:57.37Z"
+ }
+ ]
+}
+```
+
v1.0 Accesspackageassignment Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignment-filterbycurrentuser.md
+
+ Title: "accessPackageAssignment: filterByCurrentUser"
+description: "Retrieve a list of accesspackageassignment objects filtered on the signed-in user."
+localization_priority: Normal
+++
+# accessPackageAssignment: filterByCurrentUser
+Namespace: microsoft.graph
++
+In [Azure AD Entitlement Management](../resources/entitlementmanagement-root.md), retrieve a list of [accessPackageAssignment](../resources/accesspackageassignment.md) objects filtered on the signed-in user.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageAssignments/filterByCurrentUser
+```
+
+## Function parameters
+The following table shows the parameters that can be used with this function.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|[accessPackageAssignmentFilterByCurrentUserOptions](../resources/accesspackageassignment-accesspackageassignmentfilterbycurrentuseroptions.md)|The list of current user options that can be used to filter on the access package assignments list.|
+
+- `target` is used to get the `accessPackageAssignment` objects where the signed-in user is the target. The resulting list includes all of the assignments, current and expired, for the caller across all catalogs and access packages.
+
+- `createdBy` is used to get the `accessPackageAssignment` objects created by the signed-in user. The resulting list includes all of the assignments that the caller created for themselves or on behalf of others, such as in case of admin direct assignment, across all catalogs and access packages.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessPackageAssignment](../resources/accesspackageassignment.md) collection in the response body.
+
+When a result set spans multiple pages, Microsoft Graph returns that page with an `@odata.nextLink` property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the `@odata.nextLink` URL in each response, until all the results are returned. For more information, see [paging Microsoft Graph data in your app](/graph/paging.md).
+
+## Examples
+
+The following example gets the status of access package assignments targeted for the signed-in user.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accesspackageassignment_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignments/filterByCurrentUser(on='target')
+```
++
+### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessPackageAssignment)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessPackageAssignment",
+ "id": "5521fb4f-6a6c-410a-9191-461a65fd39d4",
+ "catalogId": "34cfe9a8-88bc-4c82-b3d8-6b77d7035c33",
+ "accessPackageId": "ca6992f8-e413-49a1-9619-c9819f4f73e0",
+ "assignmentPolicyId": "7c6e6874-789e-4f11-b351-cc7b5883deef",
+ "targetId": "2cb14f51-0108-41d8-89da-cd0e05e2c988",
+ "assignmentStatus": "Delivered",
+ "assignmentState": "Delivered",
+ "isExtended": false,
+ "expiredDateTime": null,
+ "schedule": {
+ "startDateTime": "2021-01-19T20:02:36.013Z",
+ "recurrence": null,
+ "expiration": {
+ "endDateTime": "2022-01-19T20:02:36.013Z",
+ "duration": null,
+ "type": "afterDateTime"
+ }
+ }
+ }
+ ]
+}
+
+```
+
v1.0 Accesspackageassignmentpolicy Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentpolicy-update.md
Content-length: 1000
### Response
-**Note:** The response object shown here might be shortened for readability.
+> **Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Accesspackageassignmentrequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-cancel.md
+
+ Title: "accessPackageAssignmentRequest: cancel"
+description: "Cancel accessPackageAssignmentRequest objects that are in a cancellable state."
+localization_priority: Normal
+++
+# accessPackageAssignmentRequest: cancel
+Namespace: microsoft.graph
++
+In [Azure AD Entitlement Management](../resources/entitlementmanagement-root.md), cancel [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects that are in a cancellable state: `accepted`, `pendingApproval`, `pendingNotBefore`, `pendingApprovalEscalated`.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/cancel
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+In the request body, supply a JSON representation of an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object.
+
+For a non-administrator user to cancel their own request, the request must contain the **id** of the [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) and a **requestStatus** with a value of `cancelled`.
+
+## Response
+
+If successful, this method returns a `200 OK` response code. It does not return anything in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accesspackageassignmentrequest_cancel"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{id}/cancel
+
+{
+ "id":"request-id",
+ "requestStatus":"cancelled"
+}
+```
++
+### Response
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
v1.0 Accesspackageassignmentrequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-filterbycurrentuser.md
+
+ Title: "accessPackageAssignmentRequest: filterByCurrentUser"
+description: "Retrieve a list of accesspackageassignmentrequest objects filtered on the signed-in user."
+localization_priority: Normal
+++
+# accessPackageAssignmentRequest: filterByCurrentUser
+Namespace: microsoft.graph
++
+In [Azure AD Entitlement Management](../resources/entitlementmanagement-root.md), retrieve a list of [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects filtered on the signed-in user.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/filterByCurrentUser
+```
+
+## Function parameters
+The following table shows the parameters that can be used with this function.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|[accessPackageAssignmentRequestFilterByCurrentUserOptions](../resources/accesspackageassignmentrequest-accesspackageassignmentrequestfilterbycurrentuseroptions.md)|The list of current user options that can be used to filter on the access package assignment requests list.|
+
+- `target` is used to get the `accessPackageAssignmentRequest` objects where the signed-in user is the target. The resulting list includes all the assignment requests, current and expired, that were requested by the caller or for the caller, across all catalogs and access packages.
+
+- `createdBy` is used to get the `accessPackageAssignmentRequest` objects created by the signed-in user. The resulting list includes all of the assignment requests that the caller has created for themselves or on behalf of others, such as in case of admin direct assignment, across all catalogs and access packages.
+
+- `approver` is used to get the `accessPackageAssignmentRequest` objects where the signed-in user is an allowed approver in any contained `accessPackageAssignment/accessPackageAssignmentPolicy/requestApprovalSettings/approvalStages` (`primaryApprovers` or `escalationApprovers`). The resulting list includes the assignment requests in *pending* state, across all catalogs and access packages and that need a decision from the caller. The resulting list includes the assignment requests in a `pending` state, across all catalogs and access packages and that need a decision from the caller.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) collection in the response body.
+
+## Examples
+
+The following example gets the status of access package assignment requests targeted for the signed-in user.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accesspackageassignmentrequest_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/filterByCurrentUser(on='target')
+```
++
+### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessPackageAssignmentRequest)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequest",
+ "createdDateTime": "2021-01-19T20:02:23.907Z",
+ "completedDate": "2021-01-19T20:02:40.97Z",
+ "id": "46c1410d-ef96-44c5-ae9c-a577d014fe0e",
+ "requestType": "AdminAdd",
+ "requestState": "Delivered",
+ "requestStatus": "Fulfilled",
+ "isValidationOnly": false,
+ "expirationDateTime": null,
+ "justification": null,
+ "answers": [],
+ "schedule": {
+ "startDateTime": "2021-01-19T20:01:57.643Z",
+ "recurrence": null,
+ "expiration": {
+ "endDateTime": null,
+ "duration": null,
+ "type": "noExpiration"
+ }
+ }
+ }
+ ]
+}
+```
+
v1.0 Accesspackageassignmentrequest Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageassignmentrequest-post.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](../resources/entitlementmanagement-root.md), create a new [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object. This operation is used to assign a user to an access package, or to remove an access package assignment.
+In [Azure AD Entitlement Management](../resources/entitlementmanagement-root.md), create a new [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object. This operation is used to assign a user to an access package, or to remove an access package assignment.
## Permissions
For an administrator to request to create an assignment for a user, the value of
For an administrator to request to remove an assignment, the value of the **requestType** property is `AdminRemove`, and the **accessPackageAssignment** property contains the **id** property identifying the [accessPackageAssignment](../resources/accesspackageassignment.md) being removed.
-For a non-administrator user to request to create an assignment for themselves, the value of the **requestType** property is `UserAdd`, and the **accessPackageAssignment** property contains the `targetId` with the ID of the users themselves, the **assignmentPolicyId** property identifying the [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md), and the **accessPackageId** property identifying the [accessPackage](../resources/accesspackage.md). The user making the request must already exist in the directory.
+For a non-administrator user to request to create their own assignment for either a first assignment or renew assignment, the value of the **requestType** property is `UserAdd`. The **accessPackageAssignment** property contains the `targetId` with the `id` of the users. The **assignmentPolicyId** property identifies the [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md). The **accessPackageId** property identifies the [accessPackage](../resources/accesspackage.md). The user making the request must already exist in the directory.
+
+For a non-administrator user to request to extend their own assignments, the value of the **requestType** property is `UserExtend`. The **accessPackageAssignment** property contains the `targetId` with the `id` of the users. The **assignmentPolicyId** property identifies the [accessPackageAssignmentPolicy](../resources/accesspackageassignmentpolicy.md). The **accessPackageId** property identifies the [accessPackage](../resources/accesspackage.md). The user making the request must already exist in the directory.
## Response
Content-type: application/json
--- #### Response The following is an example of the response.
Content-type: application/json
}] } ```
+### Example 3: Request a package and provide a justification
+#### Request
+
+The following example shows how to request an access package and provide justification to the approver.
+
++
+<!-- {
+ "blockType": "request",
+ "name": "create_accesspackageassignmentrequest_from_accesspackageassignmentrequests"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests
+Content-type: application/json
+
+{
+ "requestType": "UserAdd",
+ "accessPackageAssignment": {
+ "accessPackageId": "a914b616-e04e-476b-aa37-91038f0b165b"
+ },
+ "justification":"Need access to New Hire access package"
+}
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessPackageAssignmentRequest"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "id": "813bbc6b-31f5-4cdf-8fed-1ba4284a1e3f",
+ "requestType": "UserAdd",
+ "requestState": "Submitted",
+ "requestStatus": "Accepted",
+ "isValidationOnly": false,
+ "expirationDateTime": null,
+ "justification": "Requested for the new task.",
+ "answers": [],
+ "schedule": {
+ "startDateTime": null,
+ "recurrence": null,
+ "expiration": {
+ "endDateTime": null,
+ "duration": null,
+ "type": null
+ }
+ }
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC -->
v1.0 Accesspackageresourceenvironment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageresourceenvironment-get.md
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-**Note:** The response object shown here might be shortened for readability.
+> **Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Accesspackageresourceenvironment List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accesspackageresourceenvironment-list.md
GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
### Response
-**Note:** The response object shown here might be shortened for readability.
+> **Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
v1.0 Organizationalbrandingproperties Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingproperties-create.md
The **id** property is ignored on PUT/PATCH to the /branding singleton. If Conte
<!-- { "blockType": "ignored" } --> ```http
-PUT /organization/{id}/branding
-PATCH /organization/{id}/branding
+PUT /organization/{tenant id}/branding
+PATCH /organization/{tenant id}/branding
``` ## Optional query parameters
v1.0 Organizationalbrandingproperties Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingproperties-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /organization/{id}/branding
+DELETE /organization/{tenant id}/branding
``` ## Request headers
v1.0 Organizationalbrandingproperties Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingproperties-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /organization/{id}/branding
+GET /organization/{tenant id}/branding
``` ## Optional query parameters
v1.0 Organizationalbrandingproperties Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingproperties-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-PATCH /organization/{id}/branding
-PUT /organization/{id}/branding
+PATCH /organization/{tenant id}/branding
+PUT /organization/{tenant id}/branding
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingpropertieslocalization-create.md
POST to branding/localizations to create a new localization. The id specified in
<!-- { "blockType": "ignored" } --> ```http
-POST /organization/{id}/branding/localizations
+POST /organization/{tenant id}/branding/localizations
``` ## Optional query parameters
v1.0 Organizationalbrandingpropertieslocalization Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingpropertieslocalization-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /organization/{id}/branding/localizations/{locale}
+DELETE /organization/{tenant id}/branding/localizations/{locale}
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingpropertieslocalization-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /organization/{id}/branding/localizations/{locale}
+GET /organization/{tenant id}/branding/localizations/{locale}
``` ## Optional query parameters
v1.0 Organizationalbrandingpropertieslocalization Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/organizationalbrandingpropertieslocalization-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-PATCH /organization/{id}/branding/localizations/{locale}
-PUT /organization/{id}/branding/localizations/{locale}
+PATCH /organization/{tenant id}/branding/localizations/{locale}
+PUT /organization/{tenant id}/branding/localizations/{locale}
``` ## Request headers
v1.0 Policyroot List Rolemanagementpolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/policyroot-list-rolemanagementpolicies.md
+
+ Title: "List roleManagementPolicies"
+description: "Get the unifiedRoleManagementPolicy resources from the roleManagementPolicies navigation property."
+
+localization_priority: Normal
++
+# List roleManagementPolicies
+Namespace: microsoft.graph
+++
+Get the unifiedRoleManagementPolicy resources from the roleManagementPolicies navigation property.
++
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicy"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicy)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "displayName": "Policy1",
+ "description": "A policy for all privileged administrators",
+ "isOrganizationDefault": true,
+ "scopeId": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "scopeType": "subscriptions",
+ "lastModifiedDateTime": "2021-03-17T02:54:27.167+00:00",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identity"
+ }
+ }
+ ]
+}
+```
+
v1.0 Policyroot List Rolemanagementpolicyassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/policyroot-list-rolemanagementpolicyassignments.md
+
+ Title: "List roleManagementPolicyAssignments"
+description: "Get the unifiedRoleManagementPolicyAssignment resources from the roleManagementPolicyAssignments navigation property."
+
+localization_priority: Normal
++
+# List roleManagementPolicyAssignments
+Namespace: microsoft.graph
++
+Get the unifiedRoleManagementPolicyAssignment resources from the roleManagementPolicyAssignments navigation property.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicyAssignments
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicyassignment"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicyAssignments
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyAssignment"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "policyId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeType": "subscription",
+ "roleDefinitionId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6"
+ }
+ ]
+}
+```
+
v1.0 Rbacapplication Rolescheduleinstances https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-rolescheduleinstances.md
+
+ Title: "rbacApplication: roleScheduleInstances"
+description: "Retrieve both roleAssignmentScheduleInstances and roleEligibilityScheduleInstances."
+
+localization_priority: Normal
++
+# rbacApplication: roleScheduleInstances
+Namespace: microsoft.graph
++
+Retrieve both roleAssignmentScheduleInstances and roleEligibilityScheduleInstances.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleScheduleInstances
+```
+
+## Query parameters
+In the request URL, provide the following query parameters with values.
+The following table shows the query parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|directoryScopeId|String|Id of the directory object that represents the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
+|appScopeId|String|Id of the app specific scope. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
+|principalId|String|Objectid of the principal to which the schedules belong. |
+|roleDefinitionId|String|ID of the unifiedRoleDefinition for the assignment. Read only.|
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "rbacapplication_rolescheduleinstances"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleScheduleInstances(directoryScopeId='parameterValue',appScopeId='parameterValue',principalId='parameterValue',roleDefinitionId='parameterValue')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleScheduleInstanceBase)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleScheduleInstanceBase",
+ "id": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "roleDefinitionId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "directoryScopeId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "appScopeId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea"
+ }
+ ]
+}
+```
v1.0 Rbacapplication Roleschedules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-roleschedules.md
+
+ Title: "rbacApplication: roleSchedules"
+description: "Retrieve both roleAssignmentSchedules and roleEligibilitySchedules."
+
+localization_priority: Normal
++
+# rbacApplication: roleSchedules
+Namespace: microsoft.graph
++
+Retrieve both roleAssignmentSchedules and roleEligibilitySchedules.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleSchedules
+```
+
+## Function parameters
+The following table shows the query parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|directoryScopeId|String|Id of the directory object that represents the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
+|appScopeId|String|Id of the app specific scope. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
+|principalId|String|Objectid of the principal to which the schedules belong. |
+|roleDefinitionId|String|ID of the unifiedRoleDefinition for the assignment. Read only.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "rbacapplication_roleschedules"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleSchedules(directoryScopeId='a3bb8764-cb92-4276-9d2a-ca1e895e55ea',appScopeId='a3bb8764-cb92-4276-9d2a-ca1e895e55ea',principalId='a3bb8764-cb92-4276-9d2a-ca1e895e55ea',roleDefinitionId='a3bb8764-cb92-4276-9d2a-ca1e895e55ea')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleScheduleBase)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleScheduleBase",
+ "id": "String (identifier)",
+ "principalId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "roleDefinitionId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "directoryScopeId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "appScopeId": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "createdUsing": "a3bb8764-cb92-4276-9d2a-ca1e895e55ea",
+ "createdDateTime": "2020-09-09T21:32:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:32:27.91Z",
+ "status": "Provisioned"
+ }
+ ]
+}
+```
v1.0 Serviceprincipal Addtokensigningcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-addtokensigningcertificate.md
If successful, this method returns a `200 OK` response code and a new [selfSigne
The following is an example of the request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "serviceprincipal_addtokensigningcertificate" }--> ```http
-POST https://graph.microsoft.com/beta/servicePrincipals/7c8d4399-b4bf-413a-8b6a-c577790cae7d/addTokenSigningCertificate
+POST https://graph.microsoft.com/beta/servicePrincipals/004375c5-6e2e-4dec-95e3-626838cb9f80/addTokenSigningCertificate
Content-type: application/json {
Content-type: application/json
"endDateTime":"2024-01-25T00:00:00Z" } ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
---- ### Response
HTTP/1.1 200 OK
Content-Type: application/json {
- "customKeyIdentifier": null,
- "displayName": "customDisplayName",
- "endDateTime": "2023-06-29T00:00:00Z",
- "key": null,
- "keyId": "b859fc29-969f-48b2-9a27-8399b69f441e",
- "startDateTime": "2020-06-29T00:00:00Z",
- "type": "AsymmetricX509Cert",
- "thumbprint":"QWESRTGFWQWEDSASDTGGSADASDWQW",
- "usage": "Verify"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.selfSignedCertificate",
+ "customKeyIdentifier": "2iD8ppbE+D6Kmu1ZvjM2jtQh88E=",
+ "displayName": "CN=customDisplayName",
+ "endDateTime": "2024-01-25T00:00:00Z",
+ "key": "MIICuDCCAaCgAwIBAgIIYXJsNtL4oUMwDQYJKoZIhvcNAQEL...StP8s/w==",
+ "keyId": "93bc223f-7235-4b9c-beea-d66847531c49",
+ "startDateTime": "2021-05-05T18:38:51.8100763Z",
+ "thumbprint": "DA20FCA696C4F83E8A9AED59BE33368ED421F3C1",
+ "type": "AsymmetricX509Cert",
+ "usage": "Verify"
} ``` <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
v1.0 Unifiedroleassignmentschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-filterbycurrentuser.md
+
+ Title: "unifiedRoleAssignmentSchedule: filterByCurrentUser"
+description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentSchedule: filterByCurrentUser
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedRoleAssignmentSchedule.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser
+```
+
+## Query parameters
+The following table shows the query parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|roleAssignmentScheduleFilterByCurrentUserOptions|Id of the current user.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleassignmentschedule_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='dce468b2-68b2-dce4-b268-e4dcb268e4dc')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentSchedule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provisioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "assignmentType": "Eligible",
+ "memberType": "direct"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleassignmentschedule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-get.md
+
+ Title: "Get unifiedRoleAssignmentSchedule"
+description: "Read the properties and relationships of an unifiedRoleAssignmentSchedule object."
+
+localization_priority: Normal
++
+# Get unifiedRoleAssignmentSchedule
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentSchedules/{unifiedRoleAssignmentSchedulesId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignmentschedule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/directory/roleAssignmentSchedules/b1477448-2cc6-4ceb-93b4-54a202a89413
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentSchedule"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provisioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "assignmentType": "Eligible",
+ "memberType": "direct"
+ }
+}
+```
+
v1.0 Unifiedroleassignmentschedule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedule-list.md
+
+ Title: "List unifiedRoleAssignmentSchedules"
+description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleAssignmentSchedules
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentSchedules
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleassignmentschedule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentSchedules
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentSchedule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdUsing": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provsioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "assignmentType": "eligible",
+ "memberType": "direct"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleassignmentscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md
+
+ Title: "unifiedRoleAssignmentScheduleInstance: filterByCurrentUser"
+description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentScheduleInstance: filterByCurrentUser
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedRoleAssignmentScheduleInstance.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUser
+```
+
+## Query parameters
+The following table shows the parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|roleAssignmentScheduleInstanceFilterByCurrentUserOptions|Id of the current user.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleassignmentscheduleinstance_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances/unifiedRoleAssignmentScheduleInstances/filterByCurrentUser(on='dce468b2-68b2-dce4-b268-e4dcb268e4dc')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentScheduleInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "principalId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "roleDefinitionId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "directoryScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "appScopeId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "assignmentType": "eligible",
+ "memberType": "direct",
+ "roleAssignmentOriginId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc",
+ "roleAssignmentScheduleId": "dce468b2-68b2-dce4-b268-e4dcb268e4dc"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleassignmentscheduleinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-get.md
+
+ Title: "Get unifiedRoleAssignmentScheduleInstance"
+description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleInstance object."
+
+localization_priority: Normal
++
+# Get unifiedRoleAssignmentScheduleInstance
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentScheduleInstances/{unifiedRoleAssignmentScheduleInstancesId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignmentscheduleinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/unifiedRoleAssignmentScheduleInstances/eb18c026-c026-eb18-26c0-18eb26c018eb
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleInstance"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "assignmentType": "eligible",
+ "memberType": "direct",
+ "roleAssignmentOriginId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "roleAssignmentScheduleId": "eb18c026-c026-eb18-26c0-18eb26c018eb"
+ }
+}
+```
+
v1.0 Unifiedroleassignmentscheduleinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentscheduleinstance-list.md
+
+ Title: "List unifiedRoleAssignmentScheduleInstances"
+description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleAssignmentScheduleInstances
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|RoleManagement.ReadWrite.Directory|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentScheduleInstances
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleassignmentscheduleinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleInstances
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentScheduleInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "assignmentType": "eligible",
+ "memberType": "direct",
+ "roleAssignmentOriginId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "roleAssignmentScheduleId": "eb18c026-c026-eb18-26c0-18eb26c018eb"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleassignmentschedulerequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-cancel.md
+
+ Title: "unifiedRoleAssignmentScheduleRequest: cancel"
+description: "Cancel a unifiedRoleAssignmentScheduleRequest."
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentScheduleRequest: cancel
+Namespace: microsoft.graph
++
+Immediately cancel a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) and have the system automatically delete the cancelled request after 30 days.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}/cancel
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleassignmentschedulerequest_cancel"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}/cancel
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Unifiedroleassignmentschedulerequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md
+
+ Title: "unifiedRoleAssignmentScheduleRequest: filterByCurrentUser"
+description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentScheduleRequest: filterByCurrentUser
+Namespace: microsoft.graph
+++
+Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser
+```
+
+## Query parameters
+The following table shows the query parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|RoleAssignmentScheduleRequestFilterByCurrentUserOptions|Id of the principal object.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedRoleAssignmentScheduleRequest.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleassignmentschedulerequest_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/RoleAssignmentScheduleRequests/filterByCurrentUser(on='d6e4112f-112f-d6e4-2f11-e4d62f11e4d6')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentScheduleRequest)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "action": "AdminAssign",
+ "principalId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "roleDefinitionId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "directoryScopeId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "appScopeId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "isValidationOnly": false,
+ "targetScheduleId": "b1477448-2cc6-4ceb-93b4-54a202a89413",
+ "justification": "this is a justification",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleassignmentschedulerequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-get.md
+
+ Title: "Get unifiedRoleAssignmentScheduleRequest"
+description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleRequest object."
+
+localization_priority: Normal
++
+# Get unifiedRoleAssignmentScheduleRequest
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignmentschedulerequest"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+}
+```
+
v1.0 Unifiedroleassignmentschedulerequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-list.md
+
+ Title: "List unifiedRoleAssignmentScheduleRequests"
+description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleAssignmentScheduleRequests
+
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+| :- | : |
+| Delegated (work or school account) | PrivilegedAccess.ReadWrite.AzureAD |
+| Delegated (personal Microsoft account) | Not supported |
+| Application | PrivilegedAccess.Read.AzureAD |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+
+```http
+GET /roleManagement/directory/roleAssignmentScheduleRequests
+```
+
+## Optional query parameters
+
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+| Name | Description |
+| : | : |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects in the response body.
+
+## Examples
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleassignmentschedulerequest"
+}
+-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests
+```
+
+### Response
+
+**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleAssignmentScheduleRequest)"
+}
+-->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+ ]
+}
+```
v1.0 Unifiedroleassignmentschedulerequest Post Unifiedroleassignmentschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests.md
+
+ Title: "Create unifiedRoleAssignmentScheduleRequest"
+description: "Create a new unifiedRoleAssignmentScheduleRequest object."
+
+localization_priority: Normal
++
+# Create unifiedRoleAssignmentScheduleRequest
+Namespace: microsoft.graph
++
+Create a new [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /roleManagement/directory/roleAssignmentScheduleRequests
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+
+The following table shows the properties that are required when you create the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|principalId|String|Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleassignmentschedulerequest_from_unifiedroleassignmentschedulerequests"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/
+Content-Type: application/json
+Content-length: 510
+
+{
+ "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleAssignmentScheduleRequest",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
+
v1.0 Unifiedroleassignmentschedulerequest Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentschedulerequest-update.md
+
+ Title: "Update unifiedRoleAssignmentScheduleRequest"
+description: "Update the properties of an unifiedRoleAssignmentScheduleRequest object."
+
+localization_priority: Normal
++
+# Update unifiedRoleAssignmentScheduleRequest
+Namespace: microsoft.graph
++
+Update the properties of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+
+The following table shows the properties that are required when you update the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|principalId|String|Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_unifiedroleassignmentschedulerequest"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignmentScheduleRequestsId}
+Content-Type: application/json
+Content-length: 466
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleRequest",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest"
+}
+-->
+```http
+HTTP/1.1 204 OK
+
+```
+
+<!--
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleRequest",
+ "id": "c13ee236-e236-c13e-36e2-3ec136e23ec1",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```-->
+
v1.0 Unifiedroleeligibilityschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-filterbycurrentuser.md
+
+ Title: "unifiedRoleEligibilitySchedule: filterByCurrentUser"
+description: "Get a list of the unifiedRoleEligibilitySchedule objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleEligibilitySchedule: filterByCurrentUser
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilitySchedule](../resources/unifiedRoleEligibilitySchedule.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser
+```
+
+## Query parameters
+The following table shows the parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|roleEligibilityScheduleFilterByCurrentUserOptions|Id of the current user.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleeligibilityschedule_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/filterByCurrentUser(on='eb18c026-c026-eb18-26c0-18eb26c018eb')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilitySchedule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "principalId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "roleDefinitionId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "directoryScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "appScopeId": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "createdUsing": "eb18c026-c026-eb18-26c0-18eb26c018eb",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provisioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "memberType": "direct"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityschedule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-get.md
+
+ Title: "Get unifiedRoleEligibilitySchedule"
+description: "Read the properties and relationships of an unifiedRoleEligibilitySchedule object."
+
+localization_priority: Normal
++
+# Get unifiedRoleEligibilitySchedule
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilitySchedules/{unifiedRoleEligibilitySchedulesId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleeligibilityschedule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules/5cfd7709-7709-5cfd-0977-fd5c0977fd5c
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilitySchedule"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "createdUsing": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provisioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "memberType": "direct"
+ }
+}
+```
+
v1.0 Unifiedroleeligibilityschedule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedule-list.md
+
+ Title: "List unifiedRoleEligibilitySchedules"
+description: "Get a list of the unifiedRoleEligibilitySchedule objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleEligibilitySchedules
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilitySchedules
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleeligibilityschedule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilitySchedules
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilitySchedule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "createdUsing": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "createdDateTime": "2020-09-09T21:35:27.91Z",
+ "modifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "status": "Provisioned",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "memberType": "direct"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-filterbycurrentuser.md
+
+ Title: "unifiedRoleEligibilityScheduleInstance: filterByCurrentUser"
+description: "Get a list of the unifiedRoleEligibilityScheduleInstance objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleEligibilityScheduleInstance: filterByCurrentUser
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilityScheduleInstance](../resources/unifiedRoleEligibilityScheduleInstance.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser
+```
+
+## Query parameters
+The following table shows the query parameters that can be used with this method.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|roleEligibilityScheduleInstanceFilterByCurrentUserOptions|Id of the current user.|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleeligibilityscheduleinstance_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/filterByCurrentUser(on='5cfd7709-7709-5cfd-0977-fd5c0977fd5c')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilityScheduleInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "memberType": "direct",
+ "roleEligibilityScheduleId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityscheduleinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-get.md
+
+ Title: "Get unifiedRoleEligibilityScheduleInstance"
+description: "Read the properties and relationships of an unifiedRoleEligibilityScheduleInstance object."
+
+localization_priority: Normal
++
+# Get unifiedRoleEligibilityScheduleInstance
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilityScheduleInstances/{unifiedRoleEligibilityScheduleInstancesId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleeligibilityscheduleinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances/5cfd7709-7709-5cfd-0977-fd5c0977fd5c
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleInstance"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "principalId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "roleDefinitionId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "directoryScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "appScopeId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "memberType": "direct",
+ "roleEligibilityScheduleId": "5cfd7709-7709-5cfd-0977-fd5c0977fd5c"
+ }
+}
+```
+
v1.0 Unifiedroleeligibilityscheduleinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityscheduleinstance-list.md
+
+ Title: "List unifiedRoleEligibilityScheduleInstances"
+description: "Get a list of the unifiedRoleEligibilityScheduleInstance objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleEligibilityScheduleInstances
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilityScheduleInstances
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleeligibilityscheduleinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleInstances
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilityScheduleInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "principalId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "roleDefinitionId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "directoryScopeId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "appScopeId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1",
+ "startDateTime": "2020-09-09T21:35:27.91Z",
+ "endDateTime": "2020-09-09T21:35:27.91Z",
+ "memberType": "direct",
+ "roleEligibilityScheduleId": "d12c1ab0-1ab0-d12c-b01a-2cd1b01a2cd1"
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-cancel.md
+
+ Title: "unifiedRoleEligibilityScheduleRequest: cancel"
+description: "Cancel a unifiedRoleEligibilityScheduleRequest."
+
+localization_priority: Normal
++
+# unifiedRoleEligibilityScheduleRequest: cancel
+Namespace: microsoft.graph
+
+Immediately cancel a [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) and have the system automatically delete the cancelled request after 30 days.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}/cancel
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedroleeligibilityschedulerequest_cancel"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}/cancel
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
+
v1.0 Unifiedroleeligibilityschedulerequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-filterbycurrentuser.md
+
+ Title: "unifiedRoleEligibilityScheduleRequest: filterByCurrentUser"
+description: "Get a list of the unifiedRoleEligibilityScheduleRequest objects and their properties filtered by a particular user principal"
+
+localization_priority: Normal
++
+# unifiedRoleEligibilityScheduleRequest: filterByCurrentUser
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) objects and their properties associated with a particular principal object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser
+```
+
+## Function parameters
+In the request URL, provide the following query parameters with values.
+The following table shows the parameters that can be used with this function.
+
+|Parameter|Type|Description|
+|:|:|:|
+|on|RoleEligibilityScheduleRequestFilterByCurrentUserOptions|ID of the principal object|
++
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [unifiedRoleEligibilityScheduleRequest](../resources/unifiedRoleEligibilityScheduleRequest.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "unifiedRoleEligibilityScheduleRequest_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/RoleEligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilityScheduleRequest)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "String (identifier)",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-get.md
+
+ Title: "Get unifiedRoleEligibilityScheduleRequest"
+description: "Read the properties and relationships of an unifiedRoleEligibilityScheduleRequest object."
+
+localization_priority: Normal
++
+# Get unifiedRoleEligibilityScheduleRequest
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleeligibilityschedulerequest"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-list.md
+
+ Title: "List unifiedRoleEligibilityScheduleRequests"
+description: "Get a list of the unifiedRoleEligibilityScheduleRequest objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleEligibilityScheduleRequests
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /roleManagement/directory/roleEligibilityScheduleRequests
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleeligibilityschedulerequest"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleEligibilityScheduleRequest)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest Post Unifiedroleeligibilityschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests.md
+
+ Title: "Create unifiedRoleEligibilityScheduleRequest"
+description: "Create a new unifiedRoleEligibilityScheduleRequest object."
+
+localization_priority: Normal
++
+# Create unifiedRoleEligibilityScheduleRequest
+Namespace: microsoft.graph
++
+Create a new [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /roleManagement/directory/roleEligibilityScheduleRequests
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+
+The following table shows the properties that are required when you create the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest. Key, not nullable, Read-only.|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|principalId|String|Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+
+## Response
+
+If successful, this method returns a `201 Created` response code and an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleeligibilityschedulerequest_from_unifiedroleeligibilityschedulerequests"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests
+Content-Type: application/json
+Content-length: 511
+
+{
+ "@odata.type": "#Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.unifiedRoleEligibilityScheduleRequest",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleeligibilityschedulerequest-update.md
+
+ Title: "Update unifiedRoleEligibilityScheduleRequest"
+description: "Update the properties of an unifiedRoleEligibilityScheduleRequest object."
+
+localization_priority: Normal
++
+# Update unifiedRoleEligibilityScheduleRequest
+Namespace: microsoft.graph
++
+Update the properties of an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.
+
+The following table shows the properties that are required when you update the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest. Key, not nullable, Read-only|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|principalId|String|Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+++
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_unifiedroleeligibilityschedulerequest"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/roleManagement/directory/roleEligibilityScheduleRequests/{unifiedRoleEligibilityScheduleRequestsId}
+Content-Type: application/json
+Content-length: 467
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleRequest",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest"
+}
+-->
+```http
+HTTP/1.1 204 OK
+
+```
+<!--
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleRequest",
+ "id": "a2e242a0-42a0-a2e2-a042-e2a2a042e2a2",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
+-->
v1.0 Unifiedrolemanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-get.md
+
+ Title: "Get unifiedRoleManagementPolicy"
+description: "Read the properties and relationships of an unifiedRoleManagementPolicy object."
+
+localization_priority: Normal
++
+# Get unifiedRoleManagementPolicy
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrolemanagementpolicy"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/f93a5c37-5c37-f93a-375c-3af9375c3af9
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicy"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "displayName": "Policy1",
+ "description": "Policy for privileged admins",
+ "isOrganizationDefault": true,
+ "scopeId": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "scopeType": "subscription",
+ "lastModifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identity"
+ }
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicy List Effectiverules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list-effectiverules.md
+
+ Title: "List effectiveRules"
+description: "Get the unifiedRoleManagementPolicyRule resources from the effectiveRules navigation property."
+
+localization_priority: Normal
++
+# List effectiveRules
+Namespace: microsoft.graph
++
+Get the unifiedRoleManagementPolicyRule resources from the effectiveRules navigation property.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicyrule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba/effectiveRules
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicyRule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicy List Rules https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list-rules.md
+
+ Title: "List rules"
+description: "Get the unifiedRoleManagementPolicyRule resources from the rules navigation property."
+
+localization_priority: Normal
++
+# List rules
+Namespace: microsoft.graph
++
+Get the unifiedRoleManagementPolicyRule resources from the rules navigation property.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicyrule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba/rules
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicyRule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicy List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicy-list.md
+
+ Title: "List unifiedRoleManagementPolicies"
+description: "Get a list of the unifiedRoleManagementPolicy objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleManagementPolicies
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicy"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicy)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "displayName": "Policy1",
+ "description": "Policy for all privileged admins",
+ "isOrganizationDefault": false,
+ "scopeId": "f93a5c37-5c37-f93a-375c-3af9375c3af9",
+ "scopeType": "subscription",
+ "lastModifiedDateTime": "2020-09-09T21:35:27.91Z",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identity"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicyassignment Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyassignment-get.md
+
+ Title: "Get unifiedRoleManagementPolicyAssignment"
+description: "Read the properties and relationships of an unifiedRoleManagementPolicyAssignment object."
+
+localization_priority: Normal
++
+# Get unifiedRoleManagementPolicyAssignment
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicyAssignments/{unifiedRoleManagementPolicyAssignmentId}
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrolemanagementpolicyassignment"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicyAssignments/d6e4112f-112f-d6e4-2f11-e4d62f11e4d6
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyAssignment"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "policyId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeType": "subscription",
+ "roleDefinitionId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6"
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicyassignment List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyassignment-list.md
+
+ Title: "List unifiedRoleManagementPolicyAssignments"
+description: "Get a list of the unifiedRoleManagementPolicyAssignment objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleManagementPolicyAssignments
+Namespace: microsoft.graph
++
+Get a list of the [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicyAssignments
+```
+
+## Optional query parameters
+This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicyassignment"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicyAssignments
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicyAssignment)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "policyId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6",
+ "scopeType": "subscription",
+ "roleDefinitionId": "d6e4112f-112f-d6e4-2f11-e4d62f11e4d6"
+ }
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicyrule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-get.md
+
+ Title: "Get unifiedRoleManagementPolicyRule"
+description: "Read the properties and relationships of an unifiedRoleManagementPolicyRule object."
+
+localization_priority: Normal
++
+# Get unifiedRoleManagementPolicyRule
+Namespace: microsoft.graph
+
+Read the properties and relationships of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules/{unifiedRoleManagementPolicyRuleId}
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedrolemanagementpolicyrule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRule"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicyrule List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-list.md
+
+ Title: "List unifiedRoleManagementPolicyRules"
+description: "Get a list of the unifiedRoleManagementPolicyRule objects and their properties."
+
+localization_priority: Normal
++
+# List unifiedRoleManagementPolicyRules
+Namespace: microsoft.graph
+
+Get a list of the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects and their properties.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|PrivilegedAccess.Read.AzureAD|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
+GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedrolemanagementpolicyrule"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.unifiedRoleManagementPolicyRule)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+ }
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicyrule Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedrolemanagementpolicyrule-update.md
+
+ Title: "Update unifiedRoleManagementPolicyRule"
+description: "Update the properties of an unifiedRoleManagementPolicyRule object."
+
+localization_priority: Normal
++
+# Update unifiedRoleManagementPolicyRule
+Namespace: microsoft.graph
+
+Update the properties of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|PrivilegedAccess.ReadWrite.AzureAD|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|Not supported|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules/{unifiedRoleManagementPolicyRuleId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
+
+The following table shows the properties that are required when you update the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the rule.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the policy rule.|
+++
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_unifiedrolemanagementpolicyrule"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+Content-Type: application/json
+Content-length: 170
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyRule",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+}
+```
++
+### Response
+**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRule"
+}
+-->
+```http
+HTTP/1.1 204 OK
+
+```
+<!--
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyRule",
+ "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+}
+```
+-->
v1.0 Accesspackage Accesspackagefilterbycurrentuseroptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackage-accesspackagefilterbycurrentuseroptions.md
+
+ Title: "accessPackageFilterByCurrentUserOptions enum type"
+description: "Options for current user to use as a filter on access packages list."
+localization_priority: Normal
+++
+# accessPackageFilterByCurrentUserOptions enum type
+
+Namespace: microsoft.graph
++
+The list of current user options that can be used to filter on the access packages list.
+
+## Members
+|Member|Value|Description|
+|:|:|:|
+|allowedRequestor|1|Allowed requestor.|
v1.0 Accesspackage https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackage.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-root.md), an access package defines the collections of resource roles and the policies for how one or more users can get access to those resources.
+In [Azure AD Entitlement Management](entitlementmanagement-root.md), an access package defines the collections of resource roles and the policies for how one or more users can get access to those resources.
+ Each access package is referenced by a single access package catalog, and has links to the resources from that catalog via the resource-specific role scopes that define the access the package provides. An access package also links to the access package assignment policies, each of which define who can request or be assigned an access package assignment. To assign a user to an access package, [create an accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-post.md) that references the access package and access package assignment policy.
To assign a user to an access package, [create an accessPackageAssignmentRequest
| [Delete accessPackage](../api/accesspackage-delete.md) |None | Delete an **accesspackage**. | | [List accessPackageResourceRoleScopes](../api/accesspackage-list-accesspackageresourcerolescopes.md) | [accessPackageResourceRoleScope](accesspackageresourcerolescope.md) collection | Retrieve a list of **accessPackageResourceRoleScope** objects for this access package. | | [Create accessPackageResourceRoleScope](../api/accesspackage-post-accesspackageresourcerolescopes.md) |None | Create a new **accessPackageResourceRoleScope** object for this access package. |
+|[filterByCurrentUser](../api/accesspackage-filterbycurrentuser.md)|[accessPackage](../resources/accesspackage.md) collection|Retrieve the list of **accessPackage** objects filtered on the signed-in user.|
## Properties
v1.0 Accesspackageassignment Accesspackageassignmentfilterbycurrentuseroptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageassignment-accesspackageassignmentfilterbycurrentuseroptions.md
+
+ Title: "accessPackageAssignmentFilterByCurrentUserOptions enum type"
+description: "Options for current user to use as a filter on access package assignments list."
+localization_priority: Normal
+++
+# accessPackageAssignmentFilterByCurrentUserOptions enum type
+
+Namespace: microsoft.graph
++
+The list of current user options that can be used to filter on the access package assignments list.
+
+## Members
+|Member|Value|Description|
+|:|:|:|
+|target|1|The user the assignment is targeted for.|
+|createdBy|2|The user that created the assignment.|
v1.0 Accesspackageassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageassignment.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-root.md), an access package assignment is an assignment of an access package to a particular subject, for a period of time. For example, an access package assignment can state that user Alice has been assigned access via the access package Sales for the period January 2019 through July 2019.
+In [Azure AD Entitlement Management](entitlementmanagement-root.md), an access package assignment is an assignment of an access package to a particular subject, for a period of time. For example, an access package assignment can state that user Alice has been assigned access via the access package Sales for the period January 2019 through July 2019.
## Methods | Method | Return Type | Description | |:-|:|:|
-| [List accessPackageAssignments](../api/accesspackageassignment-list.md) | [accessPackageAssignment](accesspackageassignment.md) collection | Retrieve a list of **accesspackageassignment** objects. |
+| [List accessPackageAssignments](../api/accesspackageassignment-list.md) | [accessPackageAssignment](accesspackageassignment.md) collection | Retrieve a list of **accessPackageAssignment** objects. |
+|[filterByCurrentUser](../api/accesspackageassignment-filterbycurrentuser.md)|[accessPackageAssignment](../resources/accesspackageassignment.md) collection|Retrieve the list of **accessPackageAssignment** objects filtered on the signed-in user.|
>**Note:** You can't use a method to create or remove an access package assignment. Instead, a client that wants to request an access package assignment for a user, or remove an access package assignment from a user, can [create an accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-post.md).
v1.0 Accesspackageassignmentrequest Accesspackageassignmentrequestfilterbycurrentuseroptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageassignmentrequest-accesspackageassignmentrequestfilterbycurrentuseroptions.md
+
+ Title: "accessPackageAssignmentRequestFilterByCurrentUserOptions enum type"
+description: "Options for current user to use as a filter on access package assignment requests list."
+localization_priority: Normal
+++
+# accessPackageAssignmentRequestFilterByCurrentUserOptions enum type
+
+Namespace: microsoft.graph
++
+The list of current user options that can be used to filter on the access package assignment requests list.
+
+## Members
+|Member|Value|Description|
+|:|:|:|
+|target|1|The user the assignment request is targeted for.|
+|createdBy|2|The user that created the assignment request.|
+|approver|3|The approver of the assignment request.|
v1.0 Accesspackageassignmentrequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accesspackageassignmentrequest.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-In [Azure AD entitlement management](entitlementmanagement-root.md), an access package assignment request is created by or on behalf of a user who wants to obtain an access package assignment. If the request is successful, with any necessary approvals, the user receives an access package assignment, and is the subject of that resulting access package assignment. Azure AD also creates access package assignment requests automatically for tracking access removal.
+In [Azure AD Entitlement Management](entitlementmanagement-root.md), an access package assignment request is created by or on behalf of a user who wants to obtain an access package assignment. If the request is successful, with any necessary approvals, the user receives an access package assignment, and is the subject of that resulting access package assignment. Azure AD also creates access package assignment requests automatically for tracking access removal.
## Methods | Method | Return Type | Description | |:-|:|:|
-| [List accessPackageAssignmentRequests](../api/accesspackageassignmentrequest-list.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) collection | Retrieve a list of accesspackageassignmentrequest objects. |
-| [Create accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-post.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Create a new accessPackageAssignmentRequest. |
-| [Get accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-get.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Read properties and relationships of an accessPackageAssignmentRequest object. |
+| [List accessPackageAssignmentRequests](../api/accesspackageassignmentrequest-list.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) collection | Retrieve a list of **accesspackageassignmentrequest** objects. |
+| [Create accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-post.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Create a new **accessPackageAssignmentRequest**. |
+| [Get accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-get.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Read properties and relationships of an **accessPackageAssignmentRequest** object. |
+|[filterByCurrentUser](../api/accesspackageassignmentrequest-filterbycurrentuser.md)|[accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) collection|Retrieve the list of **accessPackageAssignmentRequest** objects filtered on the signed-in user.|
+|[cancel](../api/accesspackageassignmentrequest-cancel.md)|[accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) collection|Cancel an **accessPackageAssignmentRequest** object that is in a cancellable state.|
## Properties
In [Azure AD entitlement management](entitlementmanagement-root.md), an access p
| Relationship | Type | Description | |:-|:|:|
+|accessPackage|[accessPackage](../resources/accesspackage.md)|The access package associated with the accessPackageAssignmentRequest. An access package defines the collections of resource roles and the policies for how one or more users can get access to those resources. Read-only. Nullable.|
|requestor|[accessPackageSubject](accesspackagesubject.md)| The subject who requested or, if a direct assignment, was assigned. Read-only. Nullable.| + ## JSON representation The following is a JSON representation of the resource.
v1.0 Cloudpconpremisesconnectionhealthcheck https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/cloudpconpremisesconnectionhealthcheck.md
The result of a cloud PC on-premises connection health check.
|aadConnectivityCheckUnknownError|The Azure Active Directory connectivity check failed due to an unknown error. Please contact customer support.| |resourceAvailabilityCheckNoSubnetIP|The resource availability check failed because there were no available IP addresses in the subnet. Please free up some or change to another subnet and retry.| |resourceAvailabilityCheckSubscriptionDisabled|The resource availability check failed due to a disabled Azure subscription. Please re-enable the subscription.|
+|resourceAvailabilityCheckUnsupportedVNetRegion|Selected vNet is not in a supported Azure region.|
|resourceAvailabilityCheckUnknownError|The resource availability check failed due to an unknown error. Please contact customer support.| |permissionCheckNoSubscriptionReaderRole|Cloud PC service principal does not have reader permissions on the specified Azure subscription. Please work with subscription owner to add reader role assignment on the Azure subscription for the Cloud PC service principal.| |permissionCheckNoResourceGroupOwnerRole|Cloud PC service principal does not have owner permissions on the specified resource group. Please work with the subscription owner to add owner role assignment on the resource group for the Cloud PC service principal.|
v1.0 Entitlementmanagement Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/entitlementmanagement-root.md
The following table lists the methods that you can use to interact with entitlem
| [Get accessPackage](../api/accesspackage-get.md) | [accessPackage](accesspackage.md) | Read properties and relationships of an **accessPackage** object. | | [Update accessPackage](../api/accesspackage-update.md)|None | Update the properties of an **accesspackage** object. | | [Delete accessPackage](../api/accesspackage-delete.md) | | Delete **accessPackage**. |
+| [FilterByCurrentUser](../api/accesspackage-filterbycurrentuser.md) | [accessPackage](accesspackage.md) collection | Retrieve a list of **accessPackage** objects filtered on the signed-in user. |
| [List accessPackageResourceRoleScopes](../api/accesspackage-list-accesspackageresourcerolescopes.md) | [accessPackageResourceRoleScope](accesspackageresourcerolescope.md) collection | Retrieve a list of **accessPackageResourceRoleScope** objects for an access package. | | [Create accessPackageResourceRoleScope](../api/accesspackage-post-accesspackageresourcerolescopes.md) | | Create a new **accessPackageResourceRoleScope** object for an access package. | | [List accessPackageAssignmentPolicies](../api/accesspackageassignmentpolicy-list.md) | [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) collection | Retrieve a list of **accessPackageAssignmentPolicy** objects. |
The following table lists the methods that you can use to interact with entitlem
| [List accessPackageAssignmentRequests](../api/accesspackageassignmentrequest-list.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) collection | Retrieve a list of **accessPackageAssignmentRequest** objects. | | [Create accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-post.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Create a new **accessPackageAssignmentRequest**. | | [Get accessPackageAssignmentRequest](../api/accesspackageassignmentrequest-get.md) | [accessPackageAssignmentRequest](accesspackageassignmentrequest.md) | Read properties and relationships of an **accessPackageAssignmentRequest** object. |
+|[FilterByCurrentUser](../api/accesspackageassignmentrequest-filterbycurrentuser.md)|[accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) collection|Retrieve the list of **accessPackageAssignmentRequest** objects filtered on the signed-in user.|
+|[cancel](../api/accesspackageassignmentrequest-cancel.md)|[accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) collection|Cancel an **accessPackageAssignmentRequest** object that is in a cancellable state: `accepted`, `pendingApproval`, `pendingNotBefore`, `pendingApprovalEscalated`.|
| [List accessPackageAssignments](../api/accesspackageassignment-list.md) | [accessPackageAssignment](accesspackageassignment.md) collection | Retrieve a list of **accessPackageAssignment** objects. |
+|[FilterByCurrentUser](../api/accesspackageassignment-filterbycurrentuser.md)|[accessPackageAssignment](../resources/accesspackageassignment.md) collection|Retrieve the list of **accessPackageAssignment** objects filtered on the signed-in user.|
| [List accessPackageAssignmentResourceRoles](../api/accesspackageassignmentresourcerole-list.md) | [accessPackageAssignmentResourceRole](accesspackageassignmentresourcerole.md) collection | Retrieve a list of **accessPackageAssignmentResourceRole** objects. | | [Get accessPackageAssignmentResourceRole](../api/accesspackageassignmentresourcerole-get.md) | [accessPackageAssignmentResourceRole](accesspackageassignmentresourcerole.md) | Retrieve a **accessPackageAssignmentResourceRole** object. | | [List accessPackageCatalogs](../api/accesspackagecatalog-list.md) | [accessPackageCatalog](accesspackagecatalog.md) collection | Retrieve a list of **accessPackageCatalogs** objects. |
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/enums.md
Possible values for user account types (group membership), per Windows definitio
|:|:--|:-- | |team |0 |Indicates that the Teams app can be installed within a team and is authorized to access that team's data.| |groupChat |1 |Indicates that the Teams app can be installed within a group chat and is authorized to access that group chat's data.|
-|personal |2 |Indicates that the Teams app can be installed in the personal scope of a user and is authorized to access that user's data.|
+|personal |2 |Indicates that the Teams app can be installed in the personal scope of a user and is authorized to access that user's data.|
+
+### roleAssignmentScheduleRequestFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|createdBy|
+|approver|
+|unknownFutureValue|
+
+### roleAssignmentScheduleFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|unknownFutureValue|
+
+### roleAssignmentScheduleInstanceFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|unknownFutureValue|
+
+### roleEligibilityScheduleRequestFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|createdBy|
+|approver|
+|unknownFutureValue|
+
+### roleEligibilityScheduleFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|unknownFutureValue|
+
+### roleEligibilityScheduleInstanceFilterByCurrentUserOptions values
+
+|Member|
+|:|
+|principal|
+|unknownFutureValue|
+
v1.0 Microsoftauthenticatorauthenticationmethod https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/microsoftauthenticatorauthenticationmethod.md
doc_type: resourcePageType
Namespace: microsoft.graph + A representation of the Microsoft Authenticator app registered to a user. Microsoft Authenticator is an authentication method. Inherits from [authenticationMethod](../resources/authenticationmethod.md).
v1.0 Organizationalbrandingproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organizationalbrandingproperties.md
Title: "organizationalBrandingProperties resource type" description: "Contains details of the organization's branding." localization_priority: Normal-+ ms.prod: "identity-and-sign-in" doc_type: "resourcePageType"
v1.0 Policyroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/policyroot.md
+
+ Title: "policyRoot resource type"
+description: "A new navigation properties binding for unifiedRoleManagementPolicy and unifiedRoleManagementPolicyAssignment to policyRoot."
+
+localization_priority: Normal
++
+# policyRoot resource type
+
+Namespace: microsoft.graph
+
+A new navigation properties binding for unifiedRoleManagementPolicy and unifiedRoleManagementPolicyAssignment to policyRoot.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List roleManagementPolicies](../api/policyroot-list-rolemanagementpolicies.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection|Get the unifiedRoleManagementPolicy resources from the roleManagementPolicies navigation property.|
+|[List roleManagementPolicyAssignments](../api/policyroot-list-rolemanagementpolicyassignments.md)|[unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection|Get the unifiedRoleManagementPolicyAssignment resources from the roleManagementPolicyAssignments navigation property.|
+
+<!--
+## Properties
+|Property|Type|Description|
+|:|:|:|
++
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|roleManagementPolicies|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection|Represents the role management policies.|
+|roleManagementPolicyAssignments|[unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection|Represents the role management policy assignments.|
+-->
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.policyRoot",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.policyRoot"
+}
+```
+
v1.0 Selfsignedcertificate https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/selfsignedcertificate.md
Here is a JSON representation of the resource
```json {
- "customKeyIdentifier": "binary",
+ "customKeyIdentifier": "string (binary)",
"displayName": "string", "endDateTime": "string (timestamp)",
- "key": "binary",
+ "key": "string (binary)",
"keyId": "guid", "startDateTime": "String (timestamp)", "type": "string",
v1.0 Ticketinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/ticketinfo.md
+
+ Title: "ticketInfo resource type"
+description: "The object that represents ticket information related to role assignment requests"
+
+localization_priority: Normal
++
+# ticketInfo resource type
+
+Namespace: microsoft.graph
+
+The object that represents ticket information related to role assignment requests
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|ticketNumber|String|Ticket number meta data|
+|ticketSystem|String|Ticket system meta data|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.ticketInfo"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.ticketInfo",
+ "ticketNumber": "String",
+ "ticketSystem": "String"
+}
+```
+
v1.0 Unifiedroleassignmentschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentschedule.md
+
+ Title: "unifiedRoleAssignmentSchedule resource type"
+description: "Represents a schedule for an active role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentSchedule resource type
+
+Namespace: microsoft.graph
++
+Represents the schedule for an active role assignment through Azure AD Privileged Identity Management. A `roleAssignmentSchedule` is created by `roleAssignmentScheduleRequest` and is used to instantiate a `roleAssignmentInstance`. We support list and get operations to retrieve the schedule for the purpose of viewing current and future assignments.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleAssignmentSchedules](../api/unifiedroleassignmentschedule-list.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties.|
+|[Get unifiedRoleAssignmentSchedule](../api/unifiedroleassignmentschedule-get.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)|Read the properties and relationships of an [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) object.|
+|[filterByCurrentUser](../api/unifiedroleassignmentschedule-filterbycurrentuser.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties granted to a particular user.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.|
+|createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|createdUsing|String|ID of the roleAssignmentScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|id|String|The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
+|modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|principalId|String| Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|status|String|Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the roleAssignmentSchedule is activated by a roleEligibilitySchedule, this is the link to that schedule.|
+|activeInstance|[unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|Will be deprecated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentSchedule",
+ "baseType": "microsoft.graph.unifiedRoleScheduleBase",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentSchedule",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "createdUsing": "String",
+ "createdDateTime": "String (timestamp)",
+ "modifiedDateTime": "String (timestamp)",
+ "status": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "assignmentType": "String",
+ "memberType": "String"
+}
+```
+
v1.0 Unifiedroleassignmentscheduleinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentscheduleinstance.md
+
+ Title: "unifiedRoleAssignmentScheduleInstance resource type"
+description: "Represents a schedule instance for an active role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentScheduleInstance resource type
+
+Namespace: microsoft.graph
++
+Represents the instance for an active role assignment through Azure AD Privileged Identity Management. A `roleAssignmentInstance` is created by `roleAssignmentSchedule` and and represents an actual roleAssignment created through Privileged Identity Management. We support list and get operations on the roleAssignmentInstance for the purpose of viewing current and future assignments.
+
+Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleAssignmentScheduleInstances](../api/unifiedroleassignmentscheduleinstance-list.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects and their properties.|
+|[Get unifiedRoleAssignmentScheduleInstance](../api/unifiedroleassignmentscheduleinstance-get.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md)|Read the properties and relationships of an [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) object.|
+|[filterByCurrentUser](../api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedRoleAssignmentScheduleInstance.md) objects and their properties granted to a particular user.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.|
+|createdDateTime|DateTimeOffset|Time that the schedule was created.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|endDateTime|DateTimeOffset|Time that the roleAssignmentInstance will expire|
+|id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
+|principalId|String|Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleAssignmentOriginId|String|ID of the roleAssignment in the directory|
+|roleAssignmentScheduleId|String|ID of the parent roleAssignmentSchedule for this instance|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|startDateTime|DateTimeOffset|Time that the roleAssignmentInstance will start|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|activatedUsing|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md)|If the roleAssignmentScheduleInstance is activated by a roleEligibilityScheduleRequest, this is the link to the related schedule instance.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleInstance",
+ "baseType": "microsoft.graph.unifiedRoleScheduleInstanceBase",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleInstance",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "startDateTime": "String (timestamp)",
+ "endDateTime": "String (timestamp)",
+ "assignmentType": "String",
+ "memberType": "String",
+ "roleAssignmentOriginId": "String",
+ "roleAssignmentScheduleId": "String"
+}
+```
+
v1.0 Unifiedroleassignmentschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentschedulerequest.md
+
+ Title: "unifiedRoleAssignmentScheduleRequest resource type"
+description: "Represents the request for active role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleAssignmentScheduleRequest resource type
+
+Namespace: microsoft.graph
++
+Represents the request for active role assignment operations through Azure AD Privileged Identity Management.
+
+`unifiedRoleAssignmentScheduleRequest` is a ticket-modeled entity used to manage the lifecycle of active role assignments in the directory. It represents the intention/decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleAssignmentSchedule` and `unifiedRoleAssignmentInstance`.
+
+Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active role assignments with or without start and end time. While an eligible administrator can use it to create a request to activate an eligible role assignment.
++
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleAssignmentScheduleRequests](../api/unifiedroleassignmentschedulerequest-list.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection|Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties.|
+|[Create unifiedRoleAssignmentScheduleRequest](../api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Create a new [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
+|[Get unifiedRoleAssignmentScheduleRequest](../api/unifiedroleassignmentschedulerequest-get.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Read the properties and relationships of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
+|[Update unifiedRoleAssignmentScheduleRequest](../api/unifiedroleassignmentschedulerequest-update.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Update the properties of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
+|[filterByCurrentUser](../api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection|Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties that are related to a particular user.|
+|[cancel](../api/unifiedroleassignmentschedulerequest-cancel.md)|None|Cancels a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) immediately and marks it for deletion in 30 days|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.|
+|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|principalId|String| Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the request is from an eligible administrator to activate a role, this parameter will show the related eligible assignment for that activation.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. |
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentScheduleRequest",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleRequest",
+ "id": "String (identifier)",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
+
v1.0 Unifiedroleeligibilityschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityschedule.md
+
+ Title: "unifiedRoleEligibilitySchedule resource type"
+description: "Represents a schedule for an eligible role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleEligibilitySchedule resource type
+
+Namespace: microsoft.graph
++
+Represents the schedule for an eligible role assignment through Azure AD Privileged Identity Management. A `roleEligibilitySchedule` is created by `roleEligibilityScheduleRequest` and is used to instantiate a `roleEligibilityInstance`. We support list and get operations to retrieve the schedule for the purpose of viewing current and future eligible assignments.
+
+Inherits from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleEligibilitySchedules](../api/unifiedroleeligibilityschedule-list.md)|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) collection|Get a list of the [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) objects and their properties.|
+|[Get unifiedRoleEligibilitySchedule](../api/unifiedroleeligibilityschedule-get.md)|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|Read the properties and relationships of an [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) object.|
+|[filterByCurrentUser](../api/unifiedroleeligibilityschedule-filterbycurrentuser.md)|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) collection|Get a list of the [unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md) objects and their properties granted to a particular user.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|createdUsing|String|ID of the RoleEligibilityScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|id|String|The unique identifier for the unifiedRoleEligibilitySchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|memberType|String|Membership type of the eligible assignment. It can either be `Inherited`, `Direct`, or `Group`.|
+|modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|principalId|String| Objectid of the principal to which the eligible assignment is being granted to. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the eligible assignment is for. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the eligible role assignment request.|
+|status|String|Status for the `roleEligibilitySchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|activeInstance|[unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|Will be deprecated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the eligible assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the eligible role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting an eligible role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the eligible role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the eligible assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the eligible role assignment. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilitySchedule",
+ "baseType": "microsoft.graph.unifiedRoleScheduleBase",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilitySchedule",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "createdUsing": "String",
+ "createdDateTime": "String (timestamp)",
+ "modifiedDateTime": "String (timestamp)",
+ "status": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "memberType": "String"
+}
+```
+
v1.0 Unifiedroleeligibilityscheduleinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityscheduleinstance.md
+
+ Title: "unifiedRoleEligibilityScheduleInstance resource type"
+description: "Represents a schedule instance for an eligible role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleEligibilityScheduleInstance resource type
+
+Namespace: microsoft.graph
++
+Represents the instance for an eligible role assignment through Azure AD Privileged Identity Management. A `roleEligibilityInstance` is created by `roleEligibilitySchedule` and and represents an actual eligible role Assignment created through Privileged Identity Management. We support list and get operations on the roleEligibilityInstance for the purpose of viewing current and future assignments.
+
+Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleEligibilityScheduleInstances](../api/unifiedroleeligibilityscheduleinstance-list.md)|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) collection|Get a list of the [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) objects and their properties.|
+|[Get unifiedRoleEligibilityScheduleInstance](../api/unifiedroleeligibilityscheduleinstance-get.md)|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md)|Read the properties and relationships of an [unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) object.|
+|[filterByCurrentUser](../api/unifiedroleeligibilityscheduleinstance-filterbycurrentuser.md)|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md) collection|Get a list of the [unifiedRoleEligibilityInstance](../resources/unifiedroleeligibilityscheduleinstance.md) objects and their properties granted to a particular user.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|endDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will expire|
+|id|String|The unique identifier for the roleEligibilityScheduleInstance. Key, not nullable, Read-only.Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
+|principalId|String|Objectid of the principal to which the assignment is being granted to. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleEligibilityScheduleId|String|ID of the parent roleEligibilitySchedule for this instance|
+|startDateTime|DateTimeOffset|Time that the roleEligibilityScheduleInstance will start|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the eligible role assignments. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting an eligible role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the eligible role assignments. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the eligible role assignments. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleInstance",
+ "baseType": "microsoft.graph.unifiedRoleScheduleInstanceBase",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleInstance",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "startDateTime": "String (timestamp)",
+ "endDateTime": "String (timestamp)",
+ "memberType": "String",
+ "roleEligibilityScheduleId": "String"
+}
+```
+
v1.0 Unifiedroleeligibilityschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleeligibilityschedulerequest.md
+
+ Title: "unifiedRoleEligibilityScheduleRequest resource type"
+description: "Represents the request for eligible role assignment operations through Azure AD Privileged Identity Management."
+
+localization_priority: Normal
++
+# unifiedRoleEligibilityScheduleRequest resource type
+
+Namespace: microsoft.graph
++
+Represents the request for eligible role assignment operations through Azure AD Privileged Identity Management.
+
+`unifiedRoleEligibilityScheduleRequest` is a ticket-modeled entity used to manage the lifecycle of eligible role assignments in the directory. It represents the intention/decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleEligibilitySchedule` and `unifiedRoleEligibilityInstance`.
+
+Administrators can use `unifiedRoleEligibilityScheduleRequest` to create and/or update eligible role assignments with or without start and end time. While eligible administrators, can use it to create a request to extend or renew their eligible assignments.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleEligibilityScheduleRequests](../api/unifiedroleeligibilityschedulerequest-list.md)|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) collection|Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) objects and their properties.|
+|[Create unifiedRoleEligibilityScheduleRequest](../api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests.md)|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md)|Create a new [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.|
+|[Get unifiedRoleEligibilityScheduleRequest](../api/unifiedroleeligibilityschedulerequest-get.md)|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md)|Read the properties and relationships of an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.|
+|[Update unifiedRoleEligibilityScheduleRequest](../api/unifiedroleeligibilityschedulerequest-update.md)|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md)|Update the properties of an [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) object.|
+|[filterByCurrentUser](../api/unifiedroleeligibilityschedulerequest-filterbycurrentuser.md)|[unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) collection|Get a list of the [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) objects and their properties that are related to a particular user.|
+|[cancel](../api/unifiedroleeligibilityschedulerequest-cancel.md)|None|Cancels a [unifiedRoleEligibilityScheduleRequest](../resources/unifiedroleeligibilityschedulerequest.md) immediately and marks it for deletion in 30 days|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|action|String|Representing the type of the operation on the role assignment. The value can be <ul><li>`AdminAdd`: Administrators assign users/groups to roles;</li><li>`UserAdd`: Users activate eligible assignments;</li><li> `AdminUpdate`: Administrators change existing role assignments</li><li>`AdminRemove`: Administrators remove users/groups from roles;<li>`UserRemove`: Users deactivate active assignments;<li>`UserExtend`: Users request to extend their expiring assignments;</li><li>`AdminExtend`: Administrators extend expiring assignments.</li><li>`UserRenew`: Users request to renew their expired assignments;</li><li>`AdminRenew`: Administrators extend expiring assignments.</li></ul>|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|id|String|The unique identifier for the unifiedRoleEligibilityScheduleRequest.|
+|isValidationOnly|Boolean|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|justification|String|A message provided by users and administrators when create the request about why it is needed.|
+|principalId|String| Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
+|targetScheduleId|String|ID of the schedule object attached to the assignment.|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only.|
+|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleEligibilityScheduleRequest",
+ "openType": false
+}
+-->
+``` json
+{
+ "id": "String (identifier)",
+ "action": "String",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "isValidationOnly": "Boolean",
+ "targetScheduleId": "String",
+ "justification": "String",
+ "scheduleInfo": {
+ "@odata.type": "microsoft.graph.requestSchedule"
+ },
+ "ticketInfo": {
+ "@odata.type": "microsoft.graph.ticketInfo"
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicy.md
+
+ Title: "unifiedRoleManagementPolicy resource type"
+description: "A unifiedRoleManagementPolicy specifies the various policies associated with a scope and role definition. It is derived from microsoft.graph.policyBase."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicy resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicy specifies the various policies associated with a scope and role definition. It is derived from microsoft.graph.policyBase.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleManagementPolicies](../api/unifiedrolemanagementpolicy-list.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection|Get a list of the [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects and their properties.|
+|[Get unifiedRoleManagementPolicy](../api/unifiedrolemanagementpolicy-get.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md)|Read the properties and relationships of an [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) object.|
+|[List effectiveRules](../api/unifiedrolemanagementpolicy-list-effectiverules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the unifiedRoleManagementPolicyRule resources from the effectiveRules navigation property.|
+|[List rules](../api/unifiedrolemanagementpolicy-list-rules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the unifiedRoleManagementPolicyRule resources from the rules navigation property.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|description|String|Description for the policy.|
+|displayName|String|Display name for the policy.|
+|id|String|Unique identifier for the policy.|
+|isOrganizationDefault|Boolean|This can only be set to true for a single tenant wide policy which will apply to all scopes and roles. Set the scopeId to "/" and scopeType to Directory.|
+|lastModifiedBy|[identity](../resources/identity.md)|The identity who last modified the role setting.|
+|lastModifiedDateTime|DateTimeOffset|The time when the role setting was last modified.|
+|scopeId|String|The id of the scope where the policy is created. E.g. "/", groupId, etc.|
+|scopeType|String|The type of the scope where the policy is created. One of Directory, DirectoryRole, Group.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|effectiveRules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|The list of effective rules like approval rule, expiration rule, etc. evaluated based on inherited referenced rules. E.g. If there is a tenant wide policy to enforce enabling approval rule, the effective rule will be to enable approval even if the polcy has a rule to disable approval.|
+|rules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|The collection of rules like approval rule, expiration rule, etc.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicy",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicy",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "description": "String",
+ "isOrganizationDefault": "Boolean",
+ "scopeId": "String",
+ "scopeType": "String",
+ "lastModifiedDateTime": "String (timestamp)",
+ "lastModifiedBy": {
+ "@odata.type": "microsoft.graph.identity"
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicyapprovalrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyapprovalrule.md
+
+ Title: "unifiedRoleManagementPolicyApprovalRule resource type"
+description: "A unifiedRoleManagementPolicyApprovalRule specifies the approval rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyApprovalRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyApprovalRule specifies the approval rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+
+Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|setting|[approvalSettings](../resources/approvalsettings.md)|The approval setting for the rule.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
+ "baseType": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ },
+ "setting": {
+ "@odata.type": "microsoft.graph.approvalSettings"
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicyassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyassignment.md
+
+ Title: "unifiedRoleManagementPolicyAssignment resource type"
+description: "A unifiedRoleManagementPolicyAssignment assigns the policy to a specific scope and role definition."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyAssignment resource type
+
+A unifiedRoleManagementPolicyAssignment assigns the policy to a specific scope and role definition.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleManagementPolicyAssignments](../api/unifiedrolemanagementpolicyassignment-list.md)|[unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) collection|Get a list of the [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) objects and their properties.|
+|[Get unifiedRoleManagementPolicyAssignment](../api/unifiedrolemanagementpolicyassignment-get.md)|[unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md)|Read the properties and relationships of an [unifiedRoleManagementPolicyAssignment](../resources/unifiedrolemanagementpolicyassignment.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the policy assignment.|
+|policyId|String|The id of the policy.|
+|roleDefinitionId|String|The id of the role definition where the policy applies. If not specified, the policy applies to all roles.|
+|scopeId|String|The id of the scope where the policy is assigned. E.g. "/", groupId, etc.|
+|scopeType|String|The type of the scope where the policy is assigned. One of Directory, DirectoryRole, Group.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|policy|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md)|The policy for the assignment.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyAssignment",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAssignment",
+ "id": "String (identifier)",
+ "policyId": "String",
+ "scopeId": "String",
+ "scopeType": "String",
+ "roleDefinitionId": "String"
+}
+```
+
v1.0 Unifiedrolemanagementpolicyauthenticationcontextrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyauthenticationcontextrule.md
+
+ Title: "unifiedRoleManagementPolicyAuthenticationContextRule resource type"
+description: "A unifiedRoleManagementPolicyAuthenticationContextRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyAuthenticationContextRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyAuthenticationContextRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+
+Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|claimValue|String|Value of the authentication context claim.|
+|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|isEnabled|Boolean|Indicates if the setting is enabled.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
+ "baseType": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ },
+ "isEnabled": "Boolean",
+ "claimValue": "String"
+}
+```
+
v1.0 Unifiedrolemanagementpolicyenablementrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyenablementrule.md
+
+ Title: "unifiedRoleManagementPolicyEnablementRule resource type"
+description: "A unifiedRoleManagementPolicyEnablementRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyEnablementRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyEnablementRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+
+Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|enabledRules|String collection|The rules which are enabled. Allowed values are MultifactorAuthentication, Justification, Ticketing.|
+|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
+ "baseType": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ },
+ "enabledRules": [
+ "String"
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicyexpirationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyexpirationrule.md
+
+ Title: "unifiedRoleManagementPolicyExpirationRule resource type"
+description: "A unifiedRoleManagementPolicyExpirationRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyExpirationRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyExpirationRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+
+Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|isExpirationRequired|Boolean|Indicates if expiration is required for eligibility or assignment.|
+|maximumDuration|Duration|The maximum duration allowed for eligiblity or assignment which is not permanent.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "baseType": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ },
+ "isExpirationRequired": "Boolean",
+ "maximumDuration": "String (duration)"
+}
+```
+
v1.0 Unifiedrolemanagementpolicynotificationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicynotificationrule.md
+
+ Title: "unifiedRoleManagementPolicyNotificationRule resource type"
+description: "A unifiedRoleManagementPolicyNotificationRule specifies the notification rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyNotificationRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyNotificationRule specifies the notification rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+
+Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|notificationLevel|String|The level of notification. One of None, Critical, All.|
+|notificationRecipients|String collection|The list of notification recepients like email.|
+|notificationType|String|The type of notification. One of Email.|
+|recipientType|String|The type of recipient. One of Requestor, Approver, Admin.|
+|isDefaultRecipientsEnabled|Boolean|Whether default recipient is receiving the email or not.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "baseType": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ },
+ "notificationType": "String",
+ "recipientType": "String",
+ "notificationLevel": "String",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [
+ "String"
+ ]
+}
+```
+
v1.0 Unifiedrolemanagementpolicyrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyrule.md
+
+ Title: "unifiedRoleManagementPolicyRule resource type"
+description: "A unifiedRoleManagementPolicyRule specifies the rule associated with a role management policy. It is abstract."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyRule resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyRule specifies the rule associated with a role management policy. It is abstract.
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List unifiedRoleManagementPolicyRules](../api/unifiedrolemanagementpolicyrule-list.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get a list of the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects and their properties.|
+|[Get unifiedRoleManagementPolicyRule](../api/unifiedrolemanagementpolicyrule-get.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|Read the properties and relationships of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.|
+|[Update unifiedRoleManagementPolicyRule](../api/unifiedrolemanagementpolicyrule-update.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|Update the properties of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|id|String|Unique identifier for the rule.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the policy rule.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyRule",
+ "id": "String (identifier)",
+ "target": {
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ }
+}
+```
+
v1.0 Unifiedrolemanagementpolicyruletarget https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolemanagementpolicyruletarget.md
+
+ Title: "unifiedRoleManagementPolicyRuleTarget resource type"
+description: "A unifiedRoleManagementPolicyRuleTarget specifies the target associated with the role management policy."
+
+localization_priority: Normal
++
+# unifiedRoleManagementPolicyRuleTarget resource type
+
+Namespace: microsoft.graph
+
+A unifiedRoleManagementPolicyRuleTarget specifies the target associated with the role management policy.
+<!--
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|caller|String|The caller for the policy rule target. One of None, Admin, EndUser. |
+|enforcedSettings|String collection|The list of settings which are enforced and cannot be overridden by child scopes. Use All for all settings.|
+|inheritableSettings|String collection|The list of settings which can be inherited by child scopes. Use All for all settings.|
+|level|String|The level for the policy rule target. One of Eligibility, Assignment. |
+|operations|String collection|The operations for policy rule target. One of All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|targetObjects|[directoryObject](../resources/directoryobject.md) collection|The collection of users, groups and servicePrincipals which are in scope of the policy. If not specified, all objects are in scope of the policy.|
+-->
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
+ "caller": "String",
+ "operations": [
+ "String"
+ ],
+ "level": "String",
+ "inheritableSettings": [
+ "String"
+ ],
+ "enforcedSettings": [
+ "String"
+ ]
+}
+```
+
v1.0 Unifiedroleschedulebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleschedulebase.md
+
+ Title: "unifiedRoleScheduleBase resource type"
+description: "Base property of unified role schedules that combines unified role assignment schedules and unified role eligibility schedules"
+
+localization_priority: Normal
++
+# unifiedRoleScheduleBase resource type
+
+Namespace: microsoft.graph
+
+Base property of unified role schedules that combines unified role assignment schedules and unified role eligibility schedules
+
+## Properties
+
+| Property | Type | Description |
+| : | :- | : |
+| appScopeId | String | Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
+| createdDateTime | DateTimeOffset | Time that the schedule was created. |
+| createdUsing | String | ID of the roleAssignmentScheduleRequest that created this schedule. |
+| directoryScopeId | String | Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
+| id | String | The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. |
+| modifiedDateTime | DateTimeOffset | Last time the schedule was updated. |
+| principalId | String | Objectid of the principal to which the assignment is being granted to. |
+| roleDefinitionId | String | ID of the unifiedRoleDefinition the assignment is for. Read only. |
+| status | String | Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. |
+
+## Relationships
+
+| Relationship | Type | Description |
+| :- | : | : |
+| activeInstance | [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md) | Will be deprecated. |
+| appScope | [appScope](../resources/appscope.md) | Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. |
+| directoryScope | [directoryObject](../resources/directoryobject.md) | Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. |
+| principal | [directoryObject](../resources/directoryobject.md) | Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
+| roleDefinition | [unifiedRoleDefinition](../resources/unifiedroledefinition.md) | Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. |
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleScheduleBase",
+ "openType": false
+}
+-->
+
+```json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleScheduleBase",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String",
+ "createdUsing": "String",
+ "createdDateTime": "String (timestamp)",
+ "modifiedDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
v1.0 Unifiedrolescheduleinstancebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedrolescheduleinstancebase.md
+
+ Title: "unifiedRoleScheduleInstanceBase resource type"
+description: "Base property of unified role schedule instance that combines unified role assignment schedule instance and unified role eligibility schedule instance"
+
+localization_priority: Normal
++
+# unifiedRoleScheduleInstanceBase resource type
+
+Namespace: microsoft.graph
+
+"Base property of unified role schedule instance that combines unified role assignment schedule instance and unified role eligibility schedule instance
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Id of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use "/" for tenant-wide scope. App scopes are scopes that are defined and understood by this application only.|
+|directoryScopeId|String|Id of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only.|
+|id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only.|
+|principalId|String|Objectid of the principal to which the assignment is being granted to.|
+|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only.|
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. |
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment. Enables the retrieval of the directory object using `$expand` at the same time as getting the role assignment. Read-only.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that is getting a role assignment through the request. Enables the retrieval of the principal using `$expand` at the same time as getting the role assignment. Read-only.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|The roleDefinition for the assignment. Enables the retrieval of the role definition using `$expand` at the same time as getting the role assignment. The roleDefinition.Id is automatically expanded.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.unifiedRoleScheduleInstanceBase",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleScheduleInstanceBase",
+ "id": "String (identifier)",
+ "principalId": "String",
+ "roleDefinitionId": "String",
+ "directoryScopeId": "String",
+ "appScopeId": "String"
+}
+```
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/user.md
This resource supports:
| infoCatalogs | String collection | Identifies the info segments assigned to the user. Returned by default. | | interests | String collection | A list for the user to describe their interests. <br><br>Returned only on `$select`. | | isResourceAccount | Boolean | Do not use ΓÇô reserved for future use. |
-| jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Returned by default. Supports `$filter`.|
+| jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Returned by default. Supports `$filter` (`eq` and `startsWith` operators).|
| lastPasswordChangeDateTime | DateTimeOffset | The time when this Azure AD user last changed their password. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z` <br><br>Returned only on `$select`. Read-only. | | legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information. <br><br>Returned only on `$select`. | | licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. <br><br>Returned only on `$select`. Read-only. |
v1.0 Organizationalbrandingproperties Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingproperties-create.md
The `id` property is ignored on PUT/PATCH to the /branding singleton. If **Conte
<!-- { "blockType": "ignored" } --> ```http
-PUT /organization/{id}/branding
-PATCH /organization/{id}/branding
+PUT /organization/{tenant id}/branding
+PATCH /organization/{tenant id}/branding
``` ## Request headers
v1.0 Organizationalbrandingproperties Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingproperties-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /organization/{id}/branding
+DELETE /organization/{tenant id}/branding
``` ## Request headers
v1.0 Organizationalbrandingproperties Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingproperties-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /organization/{id}/branding/{property name}
+GET /organization/{tenant id}/branding/{property name}
``` ## Request headers
v1.0 Organizationalbrandingproperties Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingproperties-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-PATCH /organization/{id}/branding/{property name}
-PUT /organization/{id}/branding/{property name}
+PATCH /organization/{tenant id}/branding/{property name}
+PUT /organization/{tenant id}/branding/{property name}
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Create https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingpropertieslocalization-create.md
POST to branding/localizations to create a new localization. The id specified in
<!-- { "blockType": "ignored" } --> ```http
-POST /organization/{id}/branding/localizations
+POST /organization/{tenant id}/branding/localizations
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingpropertieslocalization-delete.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /organization/{id}/branding/localizations/{locale}
+DELETE /organization/{tenant id}/branding/localizations/{locale}
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingpropertieslocalization-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /organization/{id}/branding/localizations/{locale}
+GET /organization/{tenant id}/branding/localizations/{locale}
``` ## Request headers
v1.0 Organizationalbrandingpropertieslocalization Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/organizationalbrandingpropertieslocalization-update.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-PATCH /organization/{id}/branding/localizations/{locale}
-PUT /organization/{id}/branding/localizations/{locale}
+PATCH /organization/{tenant id}/branding/localizations/{locale}
+PUT /organization/{tenant id}/branding/localizations/{locale}
``` ## Request headers
v1.0 Organizationalbrandingproperties https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/organizationalbrandingproperties.md
Title: "organizationalBrandingProperties resource type" description: "Contains details of the organization's branding." localization_priority: Normal-+ ms.prod: "identity-and-sign-in" doc_type: "resourcePageType"
v1.0 User https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/user.md
This resource supports:
|imAddresses|String collection|The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only.| |interests|String collection|A list for the user to describe their interests.| |isResourceAccount|Boolean| Do not use ΓÇô reserved for future use.|
-|jobTitle|String|The user's job title. Maximum length is 128 characters. Returned by default. Supports `$filter`.|
+|jobTitle|String|The user's job title. Maximum length is 128 characters. Returned by default. Supports `$filter` (`eq` and `startsWith` operators).|
|lastPasswordChangeDateTime| DateTimeOffset | The time when this Azure AD user last changed their password. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |legalAgeGroupClassification|[legalAgeGroupClassification](#legalagegroupclassification-values)| Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `minorWithOutParentalConsent`, `minorWithParentalConsent`, `minorNoParentalConsentRequired`, `notAdult` and `adult`. Refer to the [legal age group property definitions](#legal-age-group-property-definitions) for further information.| |licenseAssignmentStates|[licenseAssignmentState](licenseassignmentstate.md) collection|State of license assignments for this user. Read-only.|