Updates from: 06/02/2021 03:13:19
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accessreviewscheduledefinition List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-list.md
The following example shows a request to retrieve all the access review series s
"name": "list_accessReviewScheduleDefinition_allgroups" }--> ```msgraph-interactive
-GET https://graph.microsoft.com//beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')
``` #### Response
v1.0 Chat Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-get-members.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/members/{membership-id}
-GET /users/{user-id}/chats/{chat-id}/members/{membership-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/members/{membership-id}
``` ## Optional query parameters
v1.0 Chat Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/chats/{chat-id}
-GET /users/{user-id}/chats/{chat-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}
GET /chats/{chat-id} ```
v1.0 Chat List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-members.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/members
-GET /users/{user-id}/chats/{chat-id}/members
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/members
``` ## Optional query parameters
v1.0 Chat List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-messages.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/chats/{chat-id}/messages
-GET /users/{user-id}/chats/{chat-id}/messages
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages
GET /chats/{chat-id}/messages ```
v1.0 Chat List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/chats
-GET /users/{user-id}/chats
+GET /users/{user-id | user-principal-name}/chats
GET /chats ```
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-get.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}
GET /me/chats/{chat-id}/messages/{message-id} ```
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessage-list-hostedcontents.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}/hostedContents
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}/hostedContents
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}/hostedContents
``` ## Optional query parameters
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chatmessagehostedcontent-get.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
``` ## Optional query parameters
v1.0 Chats Getallmessages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chats-getallmessages.md
The following permissions are required to call this API. To learn more, includin
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{id}/chats/getAllMessages
+GET /users/{id | user-principal-name}/chats/getAllMessages
``` ## Optional query parameters
v1.0 Educationassignment Setupresourcesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationassignment-setupresourcesfolder.md
POST /education/classes/{id}/assignments/{id}/setUpResourcesFolder
## Request headers | Header | Value | |:|:--|
-| Authorization | Bearer {token}. Required. |
+| Authorization | Bearer `{token}`. Required. |
## Request body
-Do not supply a request body for this method.
+You need to provide an empty json `{}` as request body for this method.
## Response If successful, this method returns a 200 Ok response code and [educationAssignment](/graph/api/resources/educationAssignment?view=graph-rest-beta&preserve-view=true) object in the request body. ## Example The following example shows how to call this API.+ ### Request The following is an example of a request.
The following is an example of a request.
}--> ```msgraph-interactive POST https://graph.microsoft.com/beta/education/classes/11012/assignments/19002/setUpResourcesFolder
+Content-type: application/json
+
+{
+}
``` - ### Response The following is an example of a response.
v1.0 Educationsubmission Return https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationsubmission-return.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http POST /education/classes/{id}/assignments/{id}/submissions/{id}/return- ``` ## Request headers | Header | Value |
v1.0 Educationsubmission Setupresourcesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/educationsubmission-setupResourcesFolder.md
POST /education/classes/{id}/assignments/{id}/submissions/{id}/setUpResourcesFol
## Request headers | Header | Value | |:|:--|
-| Authorization | Bearer {token}. Required. |
+| Authorization | Bearer `{token}`. Required. |
## Request body
-Do not supply a request body for this method.
+Provide an empty json `{}` as request body for this method.
+ ## Response If successful, this method returns a `200 Ok` response code. The body will contain the submission model. ## Example The following example shows how to call this API.+ ### Request The following is an example of a request. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "educationsubmission_setupresourcesfolder" }--> ```msgraph-interactive POST https://graph.microsoft.com/beta/education/classes/11012/assignments/19002/submissions/20302/setUpResourcesFolder
-```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--
+Content-type: application/json
+{
+}
+```
- ### Response The following is an example of a response.
v1.0 Rbacapplication List Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-list-roledefinitions.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of [unifiedRoleDefinition](../resources/unifiedroledefinition.md) objects for the provider.
+Get a list of [unifiedRoleDefinition](../resources/unifiedroledefinition.md) objects for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+- directory (Azure AD)
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
+
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.Read.All, CloudPC.ReadWrite.All | Not supported. | CloudPC.Read.All, CloudPC.ReadWrite.All |
+| Device management | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All | Not supported. | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
+| Directory | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All | Not supported.| RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
## HTTP request
+To list role definitions for a cloud PC provider:
<!-- { "blockType": "ignored" } -->
+```http
+GET /roleManagement/cloudPC/roleDefinitions
+```
+
+To list role definitions for a device management provider:
+<!-- { "blockType": "ignored" } -->
+```http
+GET /roleManagement/deviceManagement/roleDefinitions
+```
+To list role definitions for a directory provider:
+<!-- { "blockType": "ignored" } -->
```http GET /roleManagement/directory/roleDefinitions ```
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleDefinition](../resources/unifiedroledefinition.md) objects in the response body.
-## Example
+## Examples
+
+### Example 1: List role definitions for a directory provider
-### Request
+#### Request
The following is an example of the request.
The following is an example of the request.
# [HTTP](#tab/http) <!-- { "blockType": "request",
- "name": "get_roledefinitions"
+ "name": "get_roledefinitions_directory"
}--> ```msgraph-interactive
GET https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions
-### Response
+#### Response
The following is an example of the response.
The following is an example of the response.
<!-- { "blockType": "response",
+ "name": "get_roledefinitions_directory",
"truncated": true, "@odata.type": "microsoft.graph.unifiedRoleDefinition", "isCollection": true
Content-type: application/json
} ```
+### Example 2: List role definitions for a cloud PC provider
+
+#### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_roledefinitions_cloudpc"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleDefinitions
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "name": "get_roledefinitions_cloudpc",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleDefinition",
+ "isCollection": true
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleDefinitions",
+ "value": [
+ {
+ "id": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "description": "Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade.",
+ "displayName": "Cloud PC Administrator",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "resourceScopes": [
+ "/"
+ ],
+ "templateId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "version": null,
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "Microsoft.CloudPC/CloudPCs/Read",
+ "Microsoft.CloudPC/CloudPCs/Reprovision",
+ "Microsoft.CloudPC/DeviceImages/Create",
+ "Microsoft.CloudPC/DeviceImages/Delete",
+ "Microsoft.CloudPC/DeviceImages/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Create",
+ "Microsoft.CloudPC/OnPremisesConnections/Delete",
+ "Microsoft.CloudPC/OnPremisesConnections/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Update",
+ "Microsoft.CloudPC/OnPremisesConnections/RunHealthChecks",
+ "Microsoft.CloudPC/OnPremisesConnections/UpdateAdDomainPassword",
+ "Microsoft.CloudPC/ProvisioningPolicies/Assign",
+ "Microsoft.CloudPC/ProvisioningPolicies/Create",
+ "Microsoft.CloudPC/ProvisioningPolicies/Delete",
+ "Microsoft.CloudPC/ProvisioningPolicies/Read",
+ "Microsoft.CloudPC/ProvisioningPolicies/Update",
+ "Microsoft.CloudPC/RoleAssignments/Create",
+ "Microsoft.CloudPC/RoleAssignments/Update",
+ "Microsoft.CloudPC/RoleAssignments/Delete",
+ "Microsoft.CloudPC/Roles/Read"
+ ],
+ "condition": null
+ }
+ ]
+ },
+ {
+ "id": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
+ "description": "Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade.",
+ "displayName": "Cloud PC Reader",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "resourceScopes": [
+ "/"
+ ],
+ "templateId": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
+ "version": null,
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "Microsoft.CloudPC/CloudPCs/Read",
+ "Microsoft.CloudPC/DeviceImages/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Read",
+ "Microsoft.CloudPC/ProvisioningPolicies/Read",
+ "Microsoft.CloudPC/Roles/Read"
+ ],
+ "condition": null
+ }
+ ]
+ }
+ ]
+}
+```
++ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Rbacapplication Post Roledefinitions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplication-post-roledefinitions.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Create a new [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object.
+Create a new [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- device management (Intune)
+- directory (Azure AD)
+
+> [!NOTE]
+> The cloud PC RBAC provider currently supports only the [list](rbacapplication-list-roledefinitions.md) and [get](unifiedroledefinition-get.md) operations.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleManagement.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | RoleManagement.ReadWrite.Directory |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Device management | DeviceManagementRBAC.ReadWrite.All | Not supported. | DeviceManagementRBAC.ReadWrite.All |
+| Directory | RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All | Not supported.| RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
## HTTP request
+To create a role definition for a device management provider:
<!-- { "blockType": "ignored" } -->
+```http
+POST /roleManagement/deviceManagement/roleDefinitions
+```
+To create a role definition for a directory provider:
+<!-- { "blockType": "ignored" } -->
```http POST /roleManagement/directory/roleDefinitions ```
If successful, this method returns `201 Created` response code and a new [unifie
### Request
-The following is an example of creating a custom role.
+The following is an example of creating a custom role for a directory provider.
# [HTTP](#tab/http)
v1.0 Rbacapplicationmultiple List Roleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplicationmultiple-list-roleassignments.md
+
+ Title: "List unifiedRoleAssignmentMultiple"
+description: "Retrieve the properties and relationships of unifiedRoleAssignmentMultiple object."
+localization_priority: Normal
+++
+# List unifiedRoleAssignmentMultiple
+
+Namespace: microsoft.graph
++
+Get a list of [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) objects for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+
+For other Microsoft 365 applications (like Azure AD), use [unifiedRoleAssignment](../resources/unifiedroleassignment.md).
++
+## Permissions
+
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
+
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.Read.All, CloudPC.ReadWrite.All | Not supported. | CloudPC.Read.All, CloudPC.ReadWrite.All |
+| Intune | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All | Not supported.| DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
+
+## HTTP request
+
+To list role assignments for a cloud PC provider:
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /roleManagement/cloudPc/roleAssignments
+```
+
+To list role assignments for an Intune provider:
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+GET /roleManagement/deviceManagement/roleAssignments
+```
+
+## Optional query parameters
+You can filter on the `roleDefinitionId` or `principalId` properties. The `roleDefinitionId` property can be either a role object ID or a role template object ID. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+| Name | Description |
+|:- |:-- |
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) objects in the response body.
+
+## Example
+
+### Example 1: List the role assignments for a specific principal for an Intune provider
+
+### Request
+
+The following is an example of the request:
+
+<!-- {
+ "blockType": "request",
+ "name": "list_unifiedroleassignmentmultiple"
+}-->
+
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments/$filter=principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'
+```
+
+### Response
+
+The following is an example of the response:
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
+ "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
+ "principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"],
+ "directoryScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0", "8152656a-cf9a-4928-a457-1512d4cae295"]
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "id": "2BNpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SWRD-2",
+ "roleDefinitionId": "9e47fc6f-2d7a-464c-944e-d3dd0de522e4",
+ "principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "53a6c08d-0227-41bd-8bc6-2728df6be749", "a4991fe1-6d7c-427c-969b-bda6df78c458"],
+ "appScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0"]
+ }
+ ]
+}
+```
+### Example 2: List role assignments for a cloud PC provider
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_cloudpcunifiedroleassignmentmultiple_1"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
+```
+
+### Response
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
+ "value": [
+ {
+ "id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
+ "description": null,
+ "displayName": "My test role assignment 1",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": [
+ "8e811502-ebda-4782-8f81-071d17f0f892",
+ "30e3492f-964c-4d73-88c6-986a53c6e2a0"
+ ],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": []
+ },
+ {
+ "id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
+ "description": null,
+ "displayName": "My test role assignment 2",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": [
+ "8e811502-ebda-4782-8f81-071d17f0f892",
+ ],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": []
+ }
+ ]
+}
+```
+
+### Example 3: List role assignments for specific role of a cloud PC provider
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_cloudpcunifiedroleassignmentmultiple_2"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
+```
+
+### Response
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments",
+ "value": [{
+ "id": "ed9e247f-f23b-4d72-9e8c-97fa6f385246",
+ "description": "",
+ "displayName": "test",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": ["689c9051-77ff-4f14-9b39-3d22de07321a"],
+ "directoryScopeIds": ["/"],
+ "appScopeIds": []
+ }, {
+ "id": "3d8e564b-761a-4b32-8f50-63d555f7bc00",
+ "description": "test1",
+ "displayName": "AssignmentTest",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": ["0ec7855b-4057-4b7c-9217-09ee9bf4dfd7"],
+ "directoryScopeIds": ["/"],
+ "appScopeIds": []
+ }, {
+ "id": "f36a3269-d03d-4d33-81e7-190bded40ad2",
+ "description": "",
+ "displayName": "test3",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": ["e4ea53cf-cdd6-46b5-bf38-570033a0fba3"],
+ "directoryScopeIds": ["/"],
+ "appScopeIds": []
+ }]
+}
+```
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "List roleAssignmentsMultiple",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Rbacapplicationmultiple Post Roleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/rbacapplicationmultiple-post-roleassignments.md
+
+ Title: "Create unifiedRoleAssignmentMultiple"
+description: "Create a new unifiedRoleAssignmentMultiple object."
+localization_priority: Normal
+++
+# Create unifiedRoleAssignmentMultiple
+
+Namespace: microsoft.graph
++
+Create a new [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+
+For other Microsoft 365 applications (like Azure AD), use [unifiedRoleAssignment](../resources/unifiedroleassignment.md).
++
+## Permissions
+
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
+
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.ReadWrite.All | Not supported. | CloudPC.ReadWrite.All |
+| Intune | DeviceManagementRBAC.ReadWrite.All | Not supported.| DeviceManagementRBAC.ReadWrite.All |
+
+## HTTP request
+
+To create role assignment for a cloud PC provider:
+
+<!-- { "blockType": "ignored" } -->
+
+```http
+POST /roleManagement/cloudPC/roleAssignments
+```
+
+To create role assignment for an Intune provider:
+<!-- { "blockType": "ignored" } -->
+
+```http
+POST /roleManagement/deviceManagement/roleAssignments
+```
+
+## Request headers
+
+| Name | Description |
+|:- |:-- |
+| Authorization | Bearer {token}. Required. |
+| Content-type | application/json. Required. |
+
+## Request body
+
+In the request body, supply a JSON representation of [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object. The request must have either a scope defined in Azure AD, such as `directoryScopeIds`, or an application-specific scope, such as `appScopeId`. Examples of Azure AD scope are tenant ("/"), administrative units, or applications.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a new [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object in the response body.
+
+## Examples
+
+### Example 1: Create a role assignment in Intune over two scope groups (which are Azure AD objects)
+
+#### Request
+
+The following is an example of the request.
+> **Note:** the use of the **roleTemplateId** for **roleDefinitionId**. **roleDefinitionId** can be either the service-wide template ID or the directory-specific **roleDefinitionId**.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleassignmentmultiple_from_rbacapplication"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
+Content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "displayName": "My test role assignment 1",
+ "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
+ "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
+ "directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+#### Response
+
+The following is an example of the response.
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
+ "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
+ "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
+ "directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"]
+}
+```
+
+### Example 2: Create a role assignment in Intune at Intune-specific scope of "all Devices"
+
+Use the following information for creating Intune role assignments:
+- To allow assignments over all Intune devices, use the `AllDevices` value in **appScopeIds**.
+- To allow assignments over all Intune licensed users, use the `AllLicensedUsers` value in **appScopeIds**.
+- To allow assignments over all Intune devices and licensed users, use the `/` value in **directoryScopeIds**.
+
+#### Request
+
+The following is an example of the request.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleassignmentmultiple_intune_specific"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
+Content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "displayName": "My test role assignment 1",
+ "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
+ "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
+ "appScopeIds": ["allDevices"]
+}
+```
+# [C#](#tab/csharp)
+
+# [JavaScript](#tab/javascript)
+
+# [Objective-C](#tab/objc)
+
+# [Java](#tab/java)
++++
+#### Response
+
+The following is an example of the response.
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
+ "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
+ "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
+ "appScopeIds": ["allDevices"]
+}
+```
+
+### Example 3: Create a role assignment for a cloud PC provider
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "create_unifiedroleassignmentmultiple_from_rbacapplication_cloudpc"
+}-->
+
+```http
+POST https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
+Content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "displayName": "My test role assignment 1",
+ "description": "My role assignment description",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"]
+}
+```
++
+#### Response
+
+The following is an example of the response.
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
+ "id": "47c88dcd-cc79-4b0c-ba7d-7af2199649c5",
+ "displayName": "My role assignment",
+ "description": "My role assignment description",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": [
+ "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
+ "c1518aa9-4da5-4c84-a902-a31404023890"
+ ],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": []
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2019-02-04 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "Create unifiedRoleAssignmentMultiple",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
++
v1.0 Serviceprincipal Delete Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-delete-approleassignedto.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /servicePrincipals/{id}/appRoleAssignedTo/{id}
+DELETE /servicePrincipals/{resource-SP-id}/appRoleAssignedTo/{principal-id}
``` > [!NOTE]
If successful, this method returns `204 No Content` response code. It does not r
Here is an example of the request to delete an app role assignment from the resource service principal. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "serviceprincipal_delete_approleassignedto"
Here is an example of the request to delete an app role assignment from the reso
```http DELETE https://graph.microsoft.com/beta/servicePrincipals/{resource-SP-id}/appRoleAssignedTo/{principal-id} ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-- In this example, `{resource-SP-id}` would be the id of the resource service principal, and `{principalId}` would be the id of the assigned user, group, or client service principal.
v1.0 Serviceprincipal Delete Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/serviceprincipal-delete-approleassignments.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /servicePrincipals/{id}/appRoleAssignments/{id}
+DELETE /servicePrincipals/{servicePrincipal-id}/appRoleAssignments/{appRoleAssignment-id}
``` > [!NOTE]
If successful, this method returns `204 No Content` response code. It does not r
Here is an example of the request to delete an app role assignment. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "serviceprincipal_delete_approleassignment" }--> ```http
-DELETE https://graph.microsoft.com/beta/servicePrincipals/{id}/appRoleAssignments/{id}
+DELETE https://graph.microsoft.com/beta/servicePrincipals/{servicePrincipal-id}/appRoleAssignments/{appRoleAssignment-id}
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--- ### Response
v1.0 Unifiedroleassignmentmultiple Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentmultiple-delete.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Delete a [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object. This is applicable for a RBAC application that supports multiple principals and scopes. Microsoft Intune is such an application.
+Delete a [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object of an RBAC provider.
+
+This is applicable for a RBAC application that supports multiple principals and scopes. The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|: |:- |
-| Delegated (work or school account) | DeviceManagementRBAC.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | DeviceManagementRBAC.ReadWrite.All |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.ReadWrite.All | Not supported. | CloudPC.ReadWrite.All |
+| Intune | DeviceManagementRBAC.ReadWrite.All | Not supported.| DeviceManagementRBAC.ReadWrite.All |
## HTTP request
+To delete a unifiedRoleAssignmentMultiple for a cloud PC provider:
+<!-- { "blockType": "ignored" } -->
+
+```http
+DELETE /roleManagement/cloudPC/roleAssignments/{id}
+```
+
+To delete a unifiedRoleAssignmentMultiple for an Intune provider:
<!-- { "blockType": "ignored" } --> ```http
If successful, this method returns a `204 No Content` response code. It does not
## Example
+### Example 1: Delete a unifiedRoleAssignmentMultiple in an Intune provider
+ ### Request The following is an example of the request.
The following is an example of the response.
HTTP/1.1 204 No Content ```
+### Example 2: Delete a unifiedRoleAssignmentMultiple in a cloud PC provider
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_unifiedroleassignmentMultiple_cloudpc"
+}-->
+
+```http
+DELETE https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments/id
+```
++
+### Response
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Unifiedroleassignmentmultiple Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentmultiple-get.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the properties and relationships of a [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object. Use this object for get role assignments in Microsoft Intune. For other Microsoft 365 applications (like Azure AD), use [unifiedRoleAssignment](../resources/unifiedroleassignment.md).
+Get the properties and relationships of a [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object of an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+
+For other Microsoft 365 applications (like Azure AD), use [unifiedRoleAssignment](../resources/unifiedroleassignment.md).
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|: |:- |
-| Delegated (work or school account) | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.Read.All, CloudPC.ReadWrite.All | Not supported. | CloudPC.Read.All, CloudPC.ReadWrite.All |
+| Intune | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All | Not supported.| DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
## HTTP request
+To get the properties and relationships of a unifiedRoleAssignmentMultiple for a cloud PC provider:
+<!-- { "blockType": "ignored" } -->
+```http
+GET /roleManagement/cloudPC/roleAssignments/{id}
+```
+
+To get the properties and relationships of a unifiedRoleAssignmentMultiple for an Intune provider:
<!-- { "blockType": "ignored" } --> ```http GET /roleManagement/deviceManagement/roleAssignments/{id}
If successful, this method returns a `200 OK` response code and the requested [u
## Examples
-### Example 1: Get a directory-scoped roleAssignmentMultiple in Intune
+### Example 1: Get a directory-scoped roleAssignmentMultiple in an Intune provider
#### Request
Content-type: application/json
} ```
-### Example 2: Get a roleAssignmentMultiple in Intune assigned to a group
+### Example 2: Get a roleAssignmentMultiple assigned to a group in an Intune provider
#### Request
Content-type: application/json
} ```
-### Example 3: Get a directory-scoped roleAssignmentMultiple with `$expand`
+### Example 3: Get a directory-scoped roleAssignmentMultiple in an Intune provider with `$expand`
#### Request
Content-type: application/json
] } ```
+### Example 4: Get a roleAssignmentMultiple in a cloud PC provider
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignmentmultiple_1"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments/dbe9d288-fd87-41f4-b33d-b498ed207096
+```
+
+#### Response
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
+ "id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
+ "description": null,
+ "displayName": "My test role assignment 1",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": [
+ "8e811502-ebda-4782-8f81-071d17f0f892",
+ "30e3492f-964c-4d73-88c6-986a53c6e2a0"
+ ],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": []
+}
+```
+
+### Example 5: Get a roleAssignmentMultiple in a cloud PC provider with `$expand`
+
+#### Request
+
+The following is an example of the request with the `$expand` query parameter.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_unifiedroleassignment_3"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments/dbe9d288-fd87-41f4-b33d-b498ed207096?$expand=roleDefinition
+```
+
+#### Response
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignment"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
+ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
+ "id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": ["8e811502-ebda-4782-8f81-071d17f0f892", "30e3492f-964c-4d73-88c6-986a53c6e2a0"],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": [],
+ "roleDefinitions": {
+ "id": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "description": "Have read and write access to all Cloud PC features.",
+ "displayName": "Cloud PC Administrator",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "resourceScopes": [
+ "/"
+ ],
+ "templateId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "version": null,
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "Microsoft.CloudPC/CloudPCs/Read",
+ "Microsoft.CloudPC/CloudPCs/Reprovision",
+ "Microsoft.CloudPC/DeviceImages/Create",
+ "Microsoft.CloudPC/DeviceImages/Delete",
+ "Microsoft.CloudPC/DeviceImages/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Create",
+ "Microsoft.CloudPC/OnPremisesConnections/Delete",
+ "Microsoft.CloudPC/OnPremisesConnections/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Update",
+ "Microsoft.CloudPC/OnPremisesConnections/RunHealthChecks",
+ "Microsoft.CloudPC/OnPremisesConnections/UpdateAdDomainPassword",
+ "Microsoft.CloudPC/ProvisioningPolicies/Assign",
+ "Microsoft.CloudPC/ProvisioningPolicies/Create",
+ "Microsoft.CloudPC/ProvisioningPolicies/Delete",
+ "Microsoft.CloudPC/ProvisioningPolicies/Read",
+ "Microsoft.CloudPC/ProvisioningPolicies/Update",
+ "Microsoft.CloudPC/RoleAssignments/Create",
+ "Microsoft.CloudPC/RoleAssignments/Update",
+ "Microsoft.CloudPC/RoleAssignments/Delete",
+ "Microsoft.CloudPC/Roles/Read",
+ "Microsoft.CloudPC/SelfServiceSettings/Read",
+ "Microsoft.CloudPC/SelfServiceSettings/Update"
+ ],
+ "condition": null
+ }
+ ]
+ }
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Unifiedroleassignmentmultiple List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentmultiple-list.md
- Title: "List unifiedRoleAssignmentMultiple"
-description: "Retrieve the properties and relationships of unifiedRoleAssignmentMultiple object."
-localization_priority: Normal
-
-doc_type: "apiPageType"
--
-# List unifiedRoleAssignmentMultiple
-
-Namespace: microsoft.graph
--
-Get a list of [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object. Use this to get a list of role assignments in Microsoft Intune. For other Microsoft 365 applications (like Azure AD), use [unifiedRoleAssignment](../resources/unifiedroleassignment.md).
-
-## Permissions
-
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
-
-| Permission type | Permissions (from least to most privileged) |
-|: |:- |
-| Delegated (work or school account) | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
-
-## HTTP request
-
-<!-- { "blockType": "ignored" } -->
-
-```http
-GET /roleManagement/deviceManagement/roleAssignments
-```
-
-## Optional query parameters
-You can filter on the `roleDefinitionId` or `principalId` properties. The `roleDefinitionId` property can be either a role object ID or a role template object ID. For general information, see [OData query parameters](/graph/query-parameters).
-
-## Request headers
-
-| Name | Description |
-|:- |:-- |
-| Authorization | Bearer {token}. Required. |
-
-## Request body
-
-Do not supply a request body for this method.
-
-## Response
-
-If successful, this method returns a `200 OK` response code and a collection of [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) objects in the response body.
-
-## Example
-
-### Request
-
-The following is an example of the request:
-
-<!-- {
- "blockType": "request",
- "name": "list_unifiedroleassignmentmultiple"
-}-->
-
-```msgraph-interactive
-GET https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments/$filter=principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'
-```
-
-### Response
-
-The following is an example of the response:
-> **Note:** The response object shown here might be shortened for readability.
-
-<!-- {
- "blockType": "response",
- "truncated": true,
- "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
-} -->
-
-```http
-HTTP/1.1 200 OK
-Content-type: application/json
-
-{
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
- "value": [
- {
- "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
- "id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
- "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
- "principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"],
- "directoryScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0", "8152656a-cf9a-4928-a457-1512d4cae295"]
- },
- {
- "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
- "id": "2BNpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SWRD-2",
- "roleDefinitionId": "9e47fc6f-2d7a-464c-944e-d3dd0de522e4",
- "principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "53a6c08d-0227-41bd-8bc6-2728df6be749", "a4991fe1-6d7c-427c-969b-bda6df78c458"],
- "appScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0"]
- }
- ]
-}
-```
-
-<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
-2019-02-04 14:57:30 UTC -->
-<!-- {
- "type": "#page.annotation",
- "description": "List roleAssignmentsMultiple",
- "keywords": "",
- "section": "documentation",
- "tocPath": ""
-}-->
--
v1.0 Unifiedroleassignmentmultiple Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroleassignmentmultiple-update.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Update an existing [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object. Use this to update role assignments in Microsoft Intune. Note that [unifiedRoleAssignment](../resources/unifiedroleassignment.md) does not support update.
+Update an existing [unifiedRoleAssignmentMultiple](../resources/unifiedroleassignmentmultiple.md) object of an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
++
+In contrast, [unifiedRoleAssignment](../resources/unifiedroleassignment.md) does not support update.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|: |:- |
-| Delegated (work or school account) | DeviceManagementRBAC.ReadWrite.All |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | DeviceManagementRBAC.ReadWrite.All |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.ReadWrite.All | Not supported. | CloudPC.ReadWrite.All |
+| Intune | DeviceManagementRBAC.ReadWrite.All | Not supported.| DeviceManagementRBAC.ReadWrite.All |
## HTTP request
+To update an existing unfiedRoleAssignmentMultiple for a cloud PC provider:
+<!-- { "blockType": "ignored" } -->
+
+```http
+PATCH /roleManagement/cloudPC/roleAssignments
+```
+
+To update an existing unfiedRoleAssignmentMultiple for an Intune provider:
<!-- { "blockType": "ignored" } --> ```http
If successful, this method returns a `200 OK` response code and an updated [unif
## Example
+### Example 1: Update an existing unfiedRoleAssignmentMultiple in an Intune provider
### Request The following is an example of the request.
HTTP/1.1 204 OK
```
+## Example 2: update an existing unfiedRoleAssignmentMultiple in a cloud PC provider
+
+### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "update_unifiedroleassignmentmultiple_from_rbacapplication_cloudpc"
+}-->
+
+```http
+PATCH https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments/dbe9d288-fd87-41f4-b33d-b498ed207096
+Content-type: application/json
+
+{
+ "displayName": "NewName",
+ "description": "A new roleAssignment"
+}
+```
++
+### Response
+
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleAssignmentMultiple"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
+ "id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
+ "description": "A new roleAssignment",
+ "displayName": "NewName",
+ "roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
+ "principalIds": [
+ "0aeec2c1-fee7-4e02-b534-6f920d25b300",
+ "2d5386a7-732f-44db-9cf8-f82dd2a1c0e0"
+ ],
+ "directoryScopeIds": [
+ "/"
+ ],
+ "appScopeIds": []
+}
+```
<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Unifiedroledefinition Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroledefinition-delete.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Delete a [unifiedRoleDefinition](../resources/unifiedRoleDefinition.md) object.
+Delete a [unifiedRoleDefinition](../resources/unifiedRoleDefinition.md) object for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- device management (Intune)
+- directory (Azure AD)
+
+> [!NOTE]
+> The cloud PC RBAC provider currently supports only the [list](rbacapplication-list-roledefinitions.md) and [get](unifiedroledefinition-get.md) operations.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleManagement.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | RoleManagement.ReadWrite.Directory |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Device management | DeviceManagementRBAC.ReadWrite.All | Not supported. | DeviceManagementRBAC.ReadWrite.All |
+| Directory | RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All | Not supported.| RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
## HTTP request
+To delete a role definition for a device management provider:
<!-- { "blockType": "ignored" } -->
+```http
+DELETE /roleManagement/deviceManagement/roleDefinitions/{id}
+```
+To delete a role definition for a directory provider:
+<!-- { "blockType": "ignored" } -->
```http DELETE /roleManagement/directory/roleDefinitions/{id}
If successful, this method returns `204 No Content` response code. It does not r
### Request
-The following is an example of the request.
+The following example deletes a **unifiedRoleDefinition** for a directory provider.
# [HTTP](#tab/http) <!-- {
v1.0 Unifiedroledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroledefinition-get.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the properties and relationships of a [unifiedRoleDefinition](../resources/unifiedRoleDefinition.md) object. Currently "directory" is the only RBAC application supported.
+Get the properties and relationships of a [unifiedRoleDefinition](../resources/unifiedRoleDefinition.md) object of an RBAC provider.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+- directory (Azure AD)
+ ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-|Permission type | Permissions (from least to most privileged) |
-|:--|:|
-|Delegated (work or school account) | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All |
-|Delegated (personal Microsoft account) | Not supported. |
-|Application | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Cloud PC | CloudPC.Read.All, CloudPC.ReadWrite.All | Not supported. | CloudPC.Read.All, CloudPC.ReadWrite.All |
+| Device management | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All | Not supported. | DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
+| Directory | RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All | Not supported.| RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
## HTTP request
+Get a role definition for a cloud PC provider:
+<!-- { "blockType": "ignored" } -->
+```http
+GET /roleManagement/cloudPC/roleDefinitions/{id}
+```
+
+Get a role definition for a device management provider:
+<!-- { "blockType": "ignored" } -->
+```http
+GET /roleManagement/deviceManagement/roleDefinitions/{id}
+```
+
+Get a role definition for a directory provider:
<!-- { "blockType": "ignored" } --> ```http
If successful, this method returns a `200 OK` response code and the requested [u
## Examples
-### Example 1: Get the definition of a custom role
+### Example 1: Get the definition of a custom role for a directory provider
#### Request
Content-type: application/json
} ```
-### Example 2: Get the definition of a built-in role
+### Example 2: Get the definition of a built-in role for a directory provider
#### Request
Content-type: application/json
} ```
+### Example 4: Get the definition of a built-in role for a cloud PC provider
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "get_built-in_cloudpc_role_unifiedroledefinition"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleDefinitions/d40368cb-fbf4-4965-bbc1-f17b3a78e510
+```
++
+#### Response
+> **Note:** The response object shown here might be shortened for readability. All the properties will be returned from an actual call.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.unifiedRoleDefinition"
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleDefinitions/$entity",
+ "id": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
+ "description": "Have read-only access all Cloud PC features.",
+ "displayName": "Cloud PC Reader",
+ "isBuiltIn": true,
+ "isEnabled": true,
+ "resourceScopes": [
+ "/"
+ ],
+ "templateId": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
+ "version": null,
+ "rolePermissions": [
+ {
+ "allowedResourceActions": [
+ "Microsoft.CloudPC/CloudPCs/Read",
+ "Microsoft.CloudPC/DeviceImages/Read",
+ "Microsoft.CloudPC/OnPremisesConnections/Read",
+ "Microsoft.CloudPC/ProvisioningPolicies/Read",
+ "Microsoft.CloudPC/Roles/Read",
+ "Microsoft.CloudPC/SelfServiceSettings/Read"
+ ],
+ "condition": null
+ }
+ ]
+}
+```
+ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
v1.0 Unifiedroledefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/unifiedroledefinition-update.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Update the properties of a [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object.
+Update the properties of a [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object for an RBAC provider.
+
+The following RBAC providers are currently supported:
+- device management (Intune)
+- directory (Azure AD)
+
+> [!NOTE]
+> The cloud PC RBAC provider currently supports only the [list](rbacapplication-list-roledefinitions.md) and [get](unifiedroledefinition-get.md) operations.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).
-| Permission type | Permissions (from least to most privileged) |
-|:|:--|
-| Delegated (work or school account) | RoleManagement.ReadWrite.Directory |
-| Delegated (personal Microsoft account) | Not supported. |
-| Application | RoleManagement.ReadWrite.Directory |
+|Supported provider | Delegated (work or school account) | Delegated (personal Microsoft account) | Application |
+|:--|:|:|:|
+| Device management | DeviceManagementRBAC.ReadWrite.All | Not supported. | DeviceManagementRBAC.ReadWrite.All |
+| Directory | RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All | Not supported.| RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
## HTTP request
+To update a role definition for a device management provider:
<!-- { "blockType": "ignored" } -->
+```http
+PATCH /roleManagement/deviceManagement/roleDefinitions/{id}
+```
+To update a role definition for a directory provider:
+<!-- { "blockType": "ignored" } -->
```http PATCH /roleManagement/directory/roleDefinitions/{id} ```
If successful, this method returns a `200 OK` response code and an updated [unif
### Request
-The following is an example of the request.
+The following example updates a **unifiedRoleDefinition** for a directory provider.
# [HTTP](#tab/http)
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
```http GET /me/joinedTeams or
-GET /users/{id}/joinedTeams
+GET /users/{id | user-principal-name}/joinedTeams
``` ## Optional query parameters
v1.0 User List Ownedobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list-ownedobjects.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (work or school account) | User.Read, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
|Delegated (personal Microsoft account) | Not supported. | |Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
v1.0 User List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list.md
GET /users
This method supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, and `$filter`. You can use `$search` on the **displayName** property. When items are added or updated for this resource, they are specially indexed for use with the `$count` and `$search` query parameters. There can be a slight delay between when an item is added or updated and when it is available in the index. The `$count` and `$search` parameters are currently not available in Azure AD B2C tenants.
+Certain properties cannot be returned within a user collection. The following properties are only supported when [retrieving a single user](./user-get.md): **aboutMe**, **birthday**, **hireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, **skills**, **mailboxSettings**.
+
+The following properties are not supported in personal Microsoft accounts and will be `null`: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, **skills**, **streetAddress**.
+ ## Request headers | Header | Value |
v1.0 Userscopeteamsappinstallation Get Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userscopeteamsappinstallation-get-chat.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps/{app-installation-id}/chat
+GET /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}/chat
``` ## Optional query parameters
v1.0 Userteamwork Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-DELETE /users/{user-id}/teamwork/installedApps/{app-installation-id}
+DELETE /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}
``` ## Request headers
v1.0 Userteamwork Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps/{app-installation-id}
+GET /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}
``` ## Request headers
v1.0 Userteamwork List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps
+GET /users/{user-id | user-principal-name}/teamwork/installedApps
``` ## Optional query parameters
v1.0 Userteamwork Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /users/{user-id}/teamwork/installedApps
+POST /users/{user-id | user-principal-name}/teamwork/installedApps
``` ## Request headers
v1.0 Userteamwork Sendactivitynotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-sendactivitynotification.md
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-POST /users/{userId}/teamwork/sendActivityNotification
+POST /users/{userId | user-principal-name}/teamwork/sendActivityNotification
``` ## Request headers
v1.0 Userteamwork Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/userteamwork-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /users/{user-id}/teamwork/installedApps/{app-installation-id}/upgrade
+POST /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}/upgrade
``` ## Request headers
v1.0 Dynamics Employee https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/dynamics-employee.md
Represents an employee in Dynamics 365 Business Central.
|givenName |string |The given name of the employee. | |middleName |string |The middle name of the employee. | |surname |string |The surname of the employee |
-|jobTitle |string |The full name of the employee |
+|jobTitle |string |The job title of the employee |
|address |[NAV.PostalAddress](../resources/dynamics-complextypes.md)|Specifies the employee's address. This address will appear on all resource documents for the employee.| |phoneNumber |string |Specifies the employee's telephone number. | |mobilePhone |string |Specifies the employee's mobile telephone number. |
v1.0 Organization https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/organization.md
This resource lets you add your own data to custom properties using [extensions]
|**Schema extensions**| | | |[Add schema extension values](../api/schemaextension-post-schemaextensions.md) | [schemaExtension](schemaextension.md) | Create a schema extension definition and then use it to add custom typed data to a resource.| |[Create organizationalBrandingProperties](../api/organizationalbrandingproperties-create.md) | [organizationalBrandingProperties](organizationalbrandingproperties.md) | Create a new organizationalBrandingProperties by posting to the branding collection. |
-|[Get branding](../api/organizationalbrandingproperties-get.md) | [organizationalBrandingProperties](organizationalbrandingproperties.md) collection | Get a organizationalBrandingProperties object collection. |
+|[Get branding](../api/organizationalbrandingproperties-get.md) | [organizationalBrandingProperties](organizationalbrandingproperties.md) collection | Get an organizationalBrandingProperties object collection. |
## Properties | Property | Type | Description |
This resource lets you add your own data to custom properties using [extensions]
| isMultipleDataLocationsForServicesEnabled | Boolean | `true` if organization is Multi-Geo enabled; `false` if organization is not Multi-Geo enabled; `null` (default). Read-only. For more information, see [OneDrive Online Multi-Geo](/sharepoint/dev/solution-guidance/multigeo-introduction). | | marketingNotificationEmails | String collection | Not nullable. | | objectType | String | A string that identifies the object type. For tenants the value is always `Company`.|
-| onPremisesLastSyncDateTime | DateTimeOffset | The time and date at which the tenant was last synced with the on-premise directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+| onPremisesLastSyncDateTime | DateTimeOffset | The time and date at which the tenant was last synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
| onPremisesSyncEnabled | Boolean | `true` if this object is synced from an on-premises directory; `false` if this object was originally synced from an on-premises directory but is no longer synced; Nullable. `null` if this object has never been synced from an on-premises directory (default). | | postalCode | String | Postal code of the address for the organization. | | preferredLanguage | String | The preferred language for the organization. Should follow ISO 639-1 Code; for example `en`. |
v1.0 Rbacapplicationmultiple https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/rbacapplicationmultiple.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Role management container for unified role definitions and role assignments for Microsoft 365 RBAC providers that support multiple principals and multiple scopes in a single role assignment. This is different from [rbacApplication](rbacapplication.md) resource type. Microsoft Intune is an example of such a RBAC provider. A role assignment in Intune can have an array of principals and an array of scope groups.
+Role management container for unified role definitions and role assignments for Microsoft 365 RBAC providers that support multiple principals and multiple scopes in a single role assignment.
+
+This is different from [rbacApplication](rbacapplication.md) resource type.
+
+Cloud PC and Microsoft Intune are examples of such RBAC providers. A role assignment in these providers can have an array of principals and an array of scope groups.
+
+For role definitions, the cloud PC provider currently supports the [list](../api/rbacapplication-list-roledefinitions.md) operation but not the [create](../api/rbacapplication-post-roledefinitions.md).
+ ## Methods | Method | Return Type | Description | |:-|:|:|
-| [Create unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-post.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignments collection. |
-| [List roleAssignmentsMultiple](../api/unifiedroleassignmentmultiple-list.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) collection | Get unifiedRoleAssignmentMultiple object collection. |
| [Create unifiedRoleDefinition](../api/rbacapplication-post-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) | Create a new unifiedRoleDefinition by posting to the roleDefinitions collection. | | [List roleDefinitions](../api/rbacapplication-list-roledefinitions.md) | [unifiedRoleDefinition](unifiedroledefinition.md) collection | Get a unifiedRoleDefinition object collection. |
+| [Create unifiedRoleAssignmentMultiple](../api/rbacapplicationmultiple-post-roleassignments.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignments collection. |
+| [List roleAssignments](../api/rbacapplicationmultiple-list-roleassignments.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) collection | Get unifiedRoleAssignmentMultiple object collection. |
## Properties
v1.0 Rolemanagement https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/rolemanagement.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents a Microsoft 365 RBAC role management entity. Provides access to role definitions and role assignments surfaced from RBAC providers. Currently directory (Azure AD) and deviceManagement (Intune) providers are supported.
+Represents a Microsoft 365 RBAC role management entity that provides access to role definitions and role assignments surfaced from various RBAC providers.
+The unified role management API currently supports the following RBAC providers in Microsoft 365:
+- cloud PC
+- device management (Intune)
+- directory (Azure AD)
+
For more information, see:
+* [Roles in Microsoft 365, including Azure AD, service-specific and cross-service roles](/azure/active-directory/roles/concept-understand-roles#how-azure-ad-roles-are-different-from-other-microsoft-365-roles)
* [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles). * [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control) + ## Methods None.
None.
| Relationship | Type | Description | |:-|:|:|
-|directory|[rbacApplication](rbacapplication.md)| Read-only. Nullable.|
-|deviceManagement|[rbacApplicationMultiple](rbacapplicationmultiple.md)| Read-only. Nullable.|
+|cloudPC|[rbacApplicationMultiple](rbacapplicationmultiple.md)|Provides access to role definitions and role assignments of a cloud PC RBAC provider. Read-only. Nullable.|
+|deviceManagement|[rbacApplicationMultiple](rbacapplicationmultiple.md)| Provides access to role definitions and role assignments of an Intune RBAC provider. Read-only. Nullable.|
+|directory|[rbacApplication](rbacapplication.md)|Provides access to role definitions and role assignments of an Azure AD RBAC provider. Read-only. Nullable.|
+ ## JSON representation
v1.0 Termstore Localizedlabel https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/termstore-localizedlabel.md
Identifies the labels associated with a given term.
|Property|Type|Description| |:|:|:| |isDefault|Boolean|Indicates whether the label is the default label.|
-|languageTag|String|The anguage tag for the label.|
+|languageTag|String|The language tag for the label.|
|name|String|The name of the label.| ## Relationships
v1.0 Unifiedroleassignmentmultiple https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroleassignmentmultiple.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A unifiedRoleAssignmentMultiple is used to grant access to resources. It represents a role definition assigned to an array of principals (typically a user) over an array of scope. An example of such an RBAC provider is Microsoft Intune. In Microsoft Intune, you can create a role assignment with multiple principals and multiple scopes.
+A unifiedRoleAssignmentMultiple is used to grant access to resources, as part of Microsoft 365 RBAC [role management](rolemanagement.md). It represents a role definition assigned to an array of principals (typically a user) over an array of scopes.
-Providing either **directoryScopeIds** or **appScopeIds** is required.
+You can create a role assignment with multiple principals and multiple scopes.
+
+You must provide either **directoryScopeIds** or **appScopeIds**.
+
+The following RBAC providers are currently supported:
+- cloud PC
+- Microsoft Intune
+ ## Methods | Method | Return Type | Description | |:-|:|:|
-| [List unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-list.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Read a list of unifiedRoleAssignmentMultiple objects and their properties. |
+| [List roleAssignments](../api/rbacapplicationmultiple-list-roleassignments.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) collection | Read a list of unifiedRoleAssignmentMultiple objects and their properties. |
+| [Create unifiedRoleAssignmentMultiple](../api/rbacapplicationmultiple-post-roleassignments.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignment collection. |
| [Get unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-get.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Read properties and relationships of unifiedRoleAssignmentMultiple object. |
-| [Create unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-post.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Create a new unifiedRoleAssignmentMultiple by posting to the roleAssignment collection. |
| [Update unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-update.md) | [unifiedRoleAssignmentMultiple](unifiedroleassignmentmultiple.md) | Update an existing unifiedRoleAssignmentMultiple object. | | [Delete unifiedRoleAssignmentMultiple](../api/unifiedroleassignmentmultiple-delete.md) | None | Delete unifiedRoleAssignmentMultiple object. |
Providing either **directoryScopeIds** or **appScopeIds** is required.
| Property | Type | Description | |:-|:|:|
-| id | String | The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. |
-| displayName | String | Name of the role assignment. Required. |
+| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
| description | String | Description of the role assignment. |
+| directoryScopeIds | String collection | Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
+| displayName | String | Name of the role assignment. Required. |
+| id | String | The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. |
| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. |
-| roleDefinition | [unifiedRoleDefinition](unifiedroledefinition.md) |Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. Read-only. Supports `$filter` (`eq` operator on **id**, **isBuiltIn**, and **displayName**, and `startsWith` operator on **displayName**) and `$expand`. |
| principalIds | String collection | Identifiers of the principals to which the assignment is granted. Supports `$filter` (`any` operator only). |
-| directoryScopeIds | String collection | Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
-| appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
+ ## Relationships
Providing either **directoryScopeIds** or **appScopeIds** is required.
| appScopes | [appScope](appscope.md) collection |Read-only collection with details of the app specific scopes when the assignment scopes are app specific. Containment entity. Read-only. | | directoryScopes | [directoryObject](directoryobject.md) collection | Read-only collection referencing the directory objects that are scope of the assignment. Provided so that callers can get the directory objects using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`.| | principals| [directoryObject](directoryobject.md) collection | Read-only collection referencing the assigned principals. Provided so that callers can get the principals using `$expand` at the same time as getting the role assignment. Read-only. Supports `$expand`.|
-|roleDefinition|[unifiedRoleDefinition](unifiedroledefinition.md)|The roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. **roleDefinition.id** will be auto expanded. Supports `$expand`. |
+| roleDefinition | [unifiedRoleDefinition](unifiedroledefinition.md) |Specifies the roleDefinition that the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. Supports `$filter` (`eq` operator on **id**, **isBuiltIn**, and **displayName**, and `startsWith` operator on **displayName**) and `$expand`. |
+ ## JSON representation
v1.0 Unifiedroledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/unifiedroledefinition.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-A unifiedRoleDefinition is a collection of permissions listing the operations that can be performed, such as read, write, and delete.
+Represents a collection of permissions listing the operations, such as read, write, and delete, that can be performed by an RBAC provider, as part of Microsoft 365 RBAC [role management](rolemanagement.md).
+
+The following RBAC providers are currently supported:
+- cloud PC
+- device management (Intune)
+- directory (Azure AD)
+
+> [!NOTE]
+> The cloud PC RBAC provider currently supports only the [list](../api/rbacapplication-list-roledefinitions.md) and [get](../api/unifiedroledefinition-get.md) operations.
+ ## Methods
v1.0 Chat Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-get-members.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/members/{membership-id}
-GET /users/{user-id}/chats/{chat-id}/members/{membership-id}
+GET /users/{user-id} | user-principal-name/chats/{chat-id}/members/{membership-id}
``` ## Optional query parameters
v1.0 Chat Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-get.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/chats/{chat-id}
-GET /users/{user-id}/chats/{chat-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}
GET /chats/{chat-id} ```
v1.0 Chat List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-list-members.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/members
-GET /users/{user-id}/chats/{chat-id}/members
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/members
``` ## Optional query parameters
v1.0 Chat List Messages https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chat-list-messages.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http GET /me/chats/{chat-id}/messages
-GET /users/{user-id}/chats/{chat-id}/messages
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages
GET /chats/{chat-id}/messages ```
v1.0 Chatmessage Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-get.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}
GET /me/chats/{chat-id}/messages/{message-id} ```
v1.0 Chatmessage List Hostedcontents https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessage-list-hostedcontents.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}/hostedContents
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}/hostedContents
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}/hostedContents
``` ## Optional query parameters
v1.0 Chatmessagehostedcontent Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/chatmessagehostedcontent-get.md
GET /teams/{team-id}/channels/{channel-id}/messages/{message-id}/replies/{reply-
<!-- { "blockType": "ignored" } --> ```http GET /chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
-GET /users/{user-id}/chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
+GET /users/{user-id | user-principal-name}/chats/{chat-id}/messages/{message-id}/hostedContents/{hosted-content-id}
``` ## Optional query parameters
v1.0 Emailauthenticationmethodconfiguration Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/emailauthenticationmethodconfiguration-get.md
For delegated scenarios, the administrator needs the Global admin role. For more
--> ```http
-GET https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfiguration/email
+GET https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/email
``` ## Request headers
v1.0 Onlinemeeting Createorget https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/onlinemeeting-createorget.md
One of the following permissions is required to call this API. To learn more, in
| Application | OnlineMeetings.ReadWrite.All* | > [!IMPORTANT]
-> \* Administrators must create an [application access policy](/graph/concepts/cloud-communication-online-meeting-application-access-policy.md) and grant it to a user, authorizing the app configured in the policy to create or get an online meeting with external ID on behalf of that user (user ID specified in the request path).
+> \* Administrators must create an [application access policy](/graph/cloud-communication-online-meeting-application-access-policy) and grant it to a user, authorizing the app configured in the policy to create or get an online meeting with external ID on behalf of that user (user ID specified in the request path).
## HTTP request To call **createOrGet** API with delegated token:
v1.0 Serviceprincipal Delete Approleassignedto https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-delete-approleassignedto.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /servicePrincipals/{id}/appRoleAssignedTo/{id}
+DELETE /servicePrincipals/{resource-SP-id}/appRoleAssignedTo/{principal-id}
``` > [!NOTE]
If successful, this method returns `204 No Content` response code. It does not r
Here is an example of the request to delete an app role assignment from the resource service principal. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "serviceprincipal_delete_approleassignedto" }--> ```http
-DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo/{id}
+DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{resource-SP-id}/appRoleAssignedTo/{principalId}
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
-- In this example, `{resource-SP-id}` would be the id of the resource service principal, and `{principalId}` would be the id of the assigned user, group, or client service principal.
v1.0 Serviceprincipal Delete Approleassignments https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/serviceprincipal-delete-approleassignments.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /servicePrincipals/{id}/appRoleAssignments/{id}
+DELETE /servicePrincipals/{servicePrincipal-id}/appRoleAssignments/{appRoleAssignment-id}
``` > [!NOTE]
If successful, this method returns `204 No Content` response code. It does not r
Here is an example of the request to delete an app role assignment. -
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "serviceprincipal_delete_approleassignment" }--> ```http
-DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignments/{id}
+DELETE https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipal-id}/appRoleAssignments/{appRoleAssignment-id}
```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--- ### Response
-The following is an example of the response.
- <!-- { "blockType": "response", "truncated": true
v1.0 User List Joinedteams https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-joinedteams.md
One of the following permissions is required to call this API. To learn more, in
```http GET /me/joinedTeams or
-GET /users/{id}/joinedTeams
+GET /users/{id | user-principal-name}/joinedTeams
``` ## Optional query parameters
v1.0 User List Ownedobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-ownedobjects.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (work or school account) | User.Read, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
|Delegated (personal Microsoft account) | Not supported. | |Application | User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
v1.0 User List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list.md
GET /users
This method supports the [OData query parameters](/graph/query-parameters) to help customize the response, including `$search`, `$count`, `$filter`, and `$select`. You can use `$search` on the **displayName** property. When items are added or updated for this resource, they are specially indexed for use with the `$count` and `$search` query parameters. There can be a slight delay between when an item is added or updated and when it is available in the index. The `$count` and `$search` parameters are currently not available in Azure AD B2C tenants. By default, only a limited set of properties are returned (**businessPhones**, **displayName**, **givenName**, **id**, **jobTitle**, **mail**, **mobilePhone**, **officeLocation**, **preferredLanguage**, **surname**, and **userPrincipalName**). - To return an alternative property set, specify the desired set of [user](../resources/user.md) properties using the OData `$select` query parameter. For example, to return **displayName**, **givenName**, and **postalCode**, add the following to your query `$select=displayName,givenName,postalCode`.
-Certain properties cannot be returned within a user collection. The following properties are only supported when [retrieving an single user](./user-get.md): **aboutMe**, **birthday**, **hireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, **skills**, **mailboxSettings**.
+Certain properties cannot be returned within a user collection. The following properties are only supported when [retrieving a single user](./user-get.md): **aboutMe**, **birthday**, **hireDate**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, **skills**, **mailboxSettings**.
+
+The following properties are not supported in personal Microsoft accounts and will be `null`: **aboutMe**, **birthday**, **interests**, **mySite**, **pastProjects**, **preferredName**, **responsibilities**, **schools**, **skills**, **streetAddress**.
## Request headers
v1.0 Userscopeteamsappinstallation Get Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userscopeteamsappinstallation-get-chat.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps/{app-installation-id}/chat
+GET /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}/chat
``` ## Optional query parameters
v1.0 Userteamwork Delete Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-delete-installedapps.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-DELETE /users/{user-id}/teamwork/installedApps/{app-installation-id}
+DELETE /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}
``` ## Request headers
v1.0 Userteamwork Get Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-get-installedapps.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps/{app-installation-id}
+GET /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}
``` ## Request headers
v1.0 Userteamwork List Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-list-installedapps.md
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-GET /users/{user-id}/teamwork/installedApps
+GET /users/{user-id | user-principal-name}/teamwork/installedApps
``` ## Optional query parameters
v1.0 Userteamwork Post Installedapps https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-post-installedapps.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /users/{user-id}/teamwork/installedApps
+POST /users/{user-id | user-principal-name}/teamwork/installedApps
``` ## Request headers
v1.0 Userteamwork Sendactivitynotification https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-sendactivitynotification.md
One of the following permissions is required to call this API. To learn more, in
} --> ``` http
-POST /users/{userId}/teamwork/sendActivityNotification
+POST /users/{userId | user-principal-name}/teamwork/sendActivityNotification
``` ## Request headers
v1.0 Userteamwork Teamsappinstallation Upgrade https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/userteamwork-teamsappinstallation-upgrade.md
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /users/{user-id}/teamwork/installedApps/{app-installation-id}/upgrade
+POST /users/{user-id | user-principal-name}/teamwork/installedApps/{app-installation-id}/upgrade
``` ## Request headers
v1.0 Chatmessage https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/chatmessage.md
Represents an individual chat message within a [channel](channel.md) or [chat](c
| Relationship | Type | Description | |:|:--|:-| |replies|[chatMessage](chatmessage.md)| Replies for a specified message. |
-|hostedContents|[chatMessageHostedContent](chatmessagehostedcontent.md)| Content in a message hosted by Microsoft Teams e.g., images, code snippets etc. |
+|hostedContents|[chatMessageHostedContent](chatmessagehostedcontent.md)| Content in a message hosted by Microsoft Teams - for example, images, code snippets etc. |
## JSON representation
v1.0 Entity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/entity.md
Here is a JSON representation of the resource
{ "id": "string (identifier)" }- ``` <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
v1.0 Organization https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/organization.md
This resource lets you add your own data to custom properties using [extensions]
|[Get open extension](../api/opentypeextension-get.md) |[openTypeExtension](opentypeextension.md) collection| Get an open extension identified by the extension name.| |**Schema extensions**| |[Add schema extension values](/graph/extensibility-schema-groups) || Create a schema extension definition and then use it to add custom typed data to a resource.|
-| [Get branding](../api/organizationalbrandingproperties-get.md) | [organizationalBrandingProperties](organizationalbrandingproperties.md) collection | Get a organizationalBrandingProperties object collection. |
+| [Get branding](../api/organizationalbrandingproperties-get.md) | [organizationalBrandingProperties](organizationalbrandingproperties.md) collection | Get an organizationalBrandingProperties object collection. |
## Properties
This resource lets you add your own data to custom properties using [extensions]
| countryLetterCode | String | Country/region abbreviation for the organization. | | createdDateTime | DateTimeOffset | Timestamp of when the organization was created. The value cannot be modified and is automatically populated when the organization is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. | | deletedDateTime | DateTimeOffset | Represents date and time of when the Azure AD tenant was deleted using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
-| createdDateTime | DateTimeOffset | Timestamp of when the organization was created. The value cannot be modified and is automatically populated when the organization is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. |
| displayName | String | The display name for the tenant. | | id | String | The tenant ID, a unique identifier representing the organization (or tenant). Inherited from [directoryObject](directoryobject.md). Key. Not nullable. Read-only. | | isMultipleDataLocationsForServicesEnabled | Boolean | `true` if organization is Multi-Geo enabled; **false** if organization is not Multi-Geo enabled; **null** (default). Read-only. For more information, see [OneDrive Online Multi-Geo](/sharepoint/dev/solution-guidance/multigeo-introduction). | | marketingNotificationEmails | String collection | Not nullable. |
-| onPremisesLastSyncDateTime | DateTimeOffset | The time and date at which the tenant was last synced with the on-premise directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
+| onPremisesLastSyncDateTime | DateTimeOffset | The time and date at which the tenant was last synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only.|
| onPremisesSyncEnabled | Boolean | `true` if this object is synced from an on-premises directory; `false` if this object was originally synced from an on-premises directory but is no longer synced. Nullable. `null` if this object has never been synced from an on-premises directory (default). | | postalCode | String | Postal code of the address for the organization. |
-| preferredLanguage | String | The preferred language for the organization. Should follow ISO 639-1 Code; for example `en`. |
+| preferredLanguage | String | The preferred language for the organization. Should follow ISO 639-1 Code; for example, `en`. |
| privacyProfile | [privacyProfile](privacyprofile.md) | The privacy profile of an organization. | | provisionedPlans | [ProvisionedPlan](provisionedplan.md) collection | Not nullable. | | securityComplianceNotificationMails | String collection ||
v1.0 Team https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/team.md
A team in Microsoft Teams is a collection of [channel](channel.md) objects.
A channel represents a topic, and therefore a logical isolation of discussion, within a team. Every team is associated with a [group](../resources/group.md).
-The group has the same ID as the team - for example, /groups/{id}/team is the same as /teams/{id}.
+The group has the same ID as the team - for example, `/groups/{id}/team` is the same as `/teams/{id}`.
For more information about working with groups and members in teams, see [Use the Microsoft Graph REST API to work with Microsoft Teams](teams-api-overview.md). ## Methods
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
href: api/application-removekey.md - name: Extensions items:
- - name: List
- href: api/application-list-extensionproperty.md
- - name: Create
- href: api/application-post-extensionproperty.md
- - name: Delete
- href: api/application-delete-extensionproperty.md
+ - name: Extension property
+ href: resources/extensionproperty.md
+ items:
+ - name: List
+ href: api/application-list-extensionproperty.md
+ - name: Create
+ href: api/application-post-extensionproperty.md
+ - name: Delete
+ href: api/application-delete-extensionproperty.md
- name: Owners items: - name: List